发布于2019的文章

Aug 29

ECS (edns-client-subnet)的支持上,国内 DNS派,国外 Google 支持最好,而 Overture 支持上发 EDNS 信息,基于这几个特点,可以在 VPS (无论在国内还是国外)建立一个 CDN 友好的 DNS 服务器。

国外 VPS 配置范例:

{
"BindAddress": ":5353",
"DebugHTTPAddress": "127.0.0.1:5555",
"PrimaryDNS": [
{
"Name": "DNSPaiS",
"Address": "218.30.118.6:53",
"Protocol": "udp",
"SOCKS5Address": "",
"Timeout": 6,
"EDNSClientSubnet": {
"Policy": "auto",
"ExternalIP": "223.73.56.110",
"NoCookie": true
}
},
{
"Name": "DNSPaiM",
"Address": "101.226.4.6:53",
"Protocol": "udp",
"SOCKS5Address": "",
"Timeout": 6,
"EDNSClientSubnet": {
"Policy": "auto",
"ExternalIP": "223.73.56.110",
"NoCookie": true
}
}
],
"AlternativeDNS": [
{
"Name": "GoogleM",
"Address": "8.8.8.8:53",
"Protocol": "udp",
"SOCKS5Address": "",
"Timeout": 3,
"EDNSClientSubnet": {
"Policy": "auto",
"ExternalIP": "223.73.56.110",
"NoCookie": true
}
},
{
"Name": "GoogleS",
"Address": "8.8.4.4:53",
"Protocol": "udp",
"SOCKS5Address": "",
"Timeout": 3,
"EDNSClientSubnet": {
"Policy": "auto",
"ExternalIP": "223.73.56.110",
"NoCookie": true
}
}
],
"OnlyPrimaryDNS": false,
"IPv6UseAlternativeDNS": false,
"WhenPrimaryDNSAnswerNoneUse": "PrimaryDNS",
"IPNetworkFile": {
"Primary": "./cn.zone",
"Alternative": "./ip_network_alternative_sample"
},
"DomainFile": {
"Primary": "./domain_primary_sample",
"Alternative": "./domain_alternative_sample",
"Matcher": "regex-list"
},
"HostsFile": "./hosts_sample",
"MinimumTTL": 0,
"DomainTTLFile" : "./domain_ttl_sample",
"CacheSize" : 10000,
"RejectQType": [255]
}

国内/路由器等配置范例:(注意与国外的主要差别,使用了 Google 的 DNS-Over-TLS,否则会被污染)

{
"BindAddress": "0.0.0.0:5554",
"DebugHTTPAddress": "0.0.0.0:8081",
"PrimaryDNS": [
{
"Name": "DNSPaiS",
"Address": "123.125.81.6:53",
"Protocol": "udp",
"SOCKS5Address": "",
"Timeout": 3,
"EDNSClientSubnet": {
"Policy": "auto",
"ExternalIP": "223.73.56.110",
"NoCookie": true
}
},
{
"Name": "DNSPaiM",
"Address": "101.226.4.6:53",
"Protocol": "udp",
"SOCKS5Address": "",
"Timeout": 3,
"EDNSClientSubnet": {
"Policy": "auto",
"ExternalIP": "223.73.56.110",
"NoCookie": true
}
}
],
"AlternativeDNS": [
{
"Name": "GoogleM",
"Address": "dns.google:853@8.8.8.8",
"Protocol": "tcp-tls",
"SOCKS5Address": "",
"Timeout": 6,
"EDNSClientSubnet": {
"Policy": "auto",
"ExternalIP": "223.73.56.110",
"NoCookie": true
}
},
{
"Name": "GoogleS",
"Address": "dns.google:853@8.8.4.4",
"Protocol": "tcp-tls",
"SOCKS5Address": "",
"Timeout": 6,
"EDNSClientSubnet": {
"Policy": "auto",
"ExternalIP": "223.73.56.110",
"NoCookie": true
}
}
],
"OnlyPrimaryDNS": false,
"IPv6UseAlternativeDNS": false,
"WhenPrimaryDNSAnswerNoneUse": "AlternativeDNS",
"IPNetworkFile": {
"Primary": "/opt/etc/cn.zone",
"Alternative": "/opt/etc/empty"
},
"DomainFile": {
"Primary": "/opt/etc/empty",
"Alternative": "/opt/etc/empty"
},
"HostsFile": "",
"MinimumTTL": 300,
"DomainTTLFile" : "/opt/etc/domain_ttl.txt",
"CacheSize" : 8192,
"RejectQtype": [255]
}

:cool: :cool: :cool:


Aug 28

移动网络完全没法下载 BT,想到用电信网络做代理,试过 shadowsocks,3proxy 等大量 Socks5 服务器软件,都因为不支持 udp:// 格式的 Tracker 服务器导致速度上不去,最后用 Dante 解决问题。证据看下面用 Proxifier 代理 qBittorrent 的截图:

直接安装二进制文件:

apt install dante-server

这样安装下来的执行文件为: danted,配置文件为 /etc/danted.conf, 其它参考以下内容。

我们从源码安装 Dante:

# cd /usr/src
# wget http://www.inet.no/dante/files/dante-1.4.2.tar.gz
# tar -zxf dante-1.4.2.tar.gz
# cd dante-1.4.2/
# apt-get install gcc make
# ./configure --prefix=/usr/local --sysconfdir=/etc --localstatedir=/var --disable-client --without-libwrap --without-bsdauth --without-gssapi --without-krb5 --without-upnp --without-pam
# make && make install

之后检查下安装情况:

# /usr/local/sbin/sockd -v
Dante v1.4.2. Copyright (c) 1997 - 2014 Inferno Nettverk A/S, Norway

编辑配置文件:

# nano /etc/sockd.conf

内容如下:

logoutput: /var/log/sockd.log

internal: 0.0.0.0 port = 10086
external: ens3 #ipconfig 查看自己的接口,也可能是 eth0 等

socksmethod: username #本机用户名方式登录
user.privileged: root
user.notprivileged: nobody

client pass {
from: 0.0.0.0/0 to: 0.0.0.0/0
log: error connect disconnect
}

client block {
from: 0.0.0.0/0 to: 0.0.0.0/0
log: connect error
}

socks pass {
from: 0.0.0.0/0 to: 0.0.0.0/0
log: error connect disconnect
}

socks block {
from: 0.0.0.0/0 to: 0.0.0.0/0
log: connect error
}

启动服务器:

/usr/local/sbin/sockd -f /etc/sockd.conf -D

开机自启动:

systemctl edit dante --full --force

内容:

[Unit]
Description=Dante Socks5 Server Service
Documentation=man:dante(1)
After=network-online.target

[Service]
Type=simple
Restart=always
ExecStart=/usr/local/sbin/sockd -f /etc/sockd.conf

[Install]
WantedBy=multi-user.target

然后:

systemctl enable --now dante

添加无 SSH 登录权限用户(仅用于 Dante):

useradd -s /sbin/nologin yourname
passwd youname

然后在路由器上做端口映射,把 10086 端口暴露出去即可。 :mrgreen: :mrgreen: :mrgreen:


Aug 27

劫持 53 就算了,还他妈长期缓存一些错误的结果,记录下。注释的是曾经错误的目前好了的。

#SHIT CMCC
#server=/ikafan.com/127.0.0.1#5053
#server=/ikafan.com/211.136.17.107#53
#server=/ikafan.com/211.136.20.203#53
#ignore-address=42.236.6.20
server=/g.csdnimg.cn/127.0.0.1#5053

:evil: :evil: :evil:

Tags: ,

Aug 27

说是转码,其实还有下载,录屏,线性编辑等功能,同时支持 Intel/Nvidia/AMD 的硬件加速解码编码。同类软件不用试了,没一个能打的,人肉测试了几十款下来的结果。小缺点就是不直接支持蓝光碟,还有你说它不能非线性编辑也可以~

:cool: :cool: :cool:


Aug 26

冲突表现为开着安装版(便携版好像没这个问题)的 Proxifier 则 Pandownload 无法下载,看错误日志与 DNS 解析有关,解决方法如下图:

:roll: :roll: :roll:


[1/6]  1 2 3 4 5 6 >