目前使用的配置文件是从这个项目搬运过来的,做了一些调整以适应我的使用需求。

引用站外链接
MosDNS-Config
自用MosDNS配置,无DNS泄露,支持GEOSITE及GEOIP,支持ECS

新建三个文件:

  1. config_custom.yaml
  2. dat_exec.yaml
  3. dns.yaml

其中 config_custom.yaml 是主配置文件,dat_exec.yamldns.yaml 是被包含的配置文件。

config_custom.yaml 内容如下:

log:
  level: debug

api:
  http: "0.0.0.0:8338" # api 监听地址

include:
  - "/etc/mosdns/dat_exec.yaml"
  - "/etc/mosdns/dns.yaml"

plugins:
  - tag: reject_null_domain
    type: sequence
    args:
      - exec: query_summary reject_null_domain
      - exec: $reject_3

  - tag: reject_qtype65
    type: sequence
    args:
      - exec: query_summary reject_qtype65
      - exec: $reject_3

  - tag: reject_ad
    type: sequence
    args:
      - exec: query_summary reject_adlist
      - exec: $reject_3

  ################ 序列 #################
  - tag: dns_nocn
    type: "fallback"
    args:
      primary: quad9 # 主dns
      secondary: nextdns # 备用dns
      threshold: 700 # 无响应切换 毫秒
      always_standby: true # 副可执行插件始终待命

  # dns-cn 序列
  - tag: dns_cn
    type: "fallback"
    args:
      primary: ali # 主dns
      secondary: dnspod # 备用dns
      threshold: 500
      always_standby: true # 副可执行插件始终待命

  - tag: dns_nocn_seq
    type: sequence
    args:
      - exec: query_summary dns_nocn
      - exec: $dns_nocn

  - tag: dns_cn_seq
    type: sequence
    args:
      - exec: query_summary dns_cn
      - exec: $dns_cn

  - tag: local_seq
    type: sequence
    args:
      - exec: query_summary local
      - exec: $local

  - tag: fallback_seq # 其他特殊情况统一使用 dns_cn 处理
    type: sequence
    args:
      - exec: query_summary fallback
      - exec: $dns_cn

  - tag: other_seq # 其他特殊情况统一使用 dns_cn 处理
    type: sequence
    args:
      - exec: query_summary other
      - exec: $dns_cn

  # query cn 域名
  - tag: query_cn
    type: sequence
    args:
      - exec: $ecs_cn
      - exec: $dns_cn_seq
      - matches: "!resp_ip $geoip_cn" # 响应非 cn ip
        exec: drop_resp # 丢弃

  # query nocn 域名
  - tag: query_nocn
    type: sequence
    args:
      - exec: $no_ecs
      - exec: prefer_ipv4
      - exec: $dns_nocn_seq
      - matches: "resp_ip $geoip_cn" # 响应为 cn ip
        exec: drop_resp # 丢弃

  - tag: query_gfw
    type: sequence
    args:
      - exec: $forward_remote

  # query fallback
  - tag: query_fallback
    type: sequence
    args:
      # - exec: $ecs-cn
      - exec: prefer_ipv4
      - exec: $fallback_seq

  # query lan
  - tag: query_lan
    type: sequence
    args:
      - exec: $cache_lan
      - matches: has_resp # 命中了 lan cache
        exec: return
      # - exec: $no_ecs
      - exec: $local_seq

  # 其他所有情况
  - tag: query_other
    type: sequence
    args:
      # - exec: $no_ecs
      - exec: $other_seq

  - tag: pre_handle
    type: sequence
    args:
      - exec: $ttl_1h # ttl 1h
      - exec: accept # 接受响应,终止流程

  - tag: main_handle
    type: sequence
    args:
      - exec: $ttl_5m # ttl 5min
      - exec: accept # 接受响应,终止流程

  # pre_sequence 结果处理
  - tag: has_resp_pre
    type: sequence
    args:
      - matches: has_resp # 如果 pre 序列已有响应
        exec: goto pre_handle

  # main_sequence 结果处理
  - tag: has_resp_main
    type: sequence
    args:
      - matches: has_resp
        exec: goto main_handle

  - tag: sequence_company
    type: sequence
    args:
      - exec: $company

  - tag: sequence_home
    type: sequence
    args:
      - exec: $query_lan

  # pre_sequence
  - tag: pre_sequence
    type: sequence
    args:
      - matches: qtype 65 # TYPE 65 类型|DNS服务器状态
        exec: $reject_qtype65
      - matches: "qname keyword::" # 无效域名
        exec: $reject_null_domain
      - matches: qtype 12 # TYPE 12 类型|反查域名 PTR 记录
        exec: $query_other
      - matches: qtype 255 # TYPE 255 类型|DNS服务器拓展支持
        exec: $query_other
      - matches: ptr_ip $geoip_private # private ip
        exec: $query_lan
      - matches: qname $geosite_home
        exec: $sequence_home
      - exec: jump has_resp_pre

  # main_sequence
  - tag: main_sequence
    type: sequence
    args:
      - matches: qname $geosite_company # 公司
        exec: $sequence_company
      - matches: qname $geosite_ads-all # ad 域名
        exec: $reject_ad
      - exec: $cache_wan # cache wan
      - exec: jump has_resp_main
      - matches: qname $geosite_cn # cn 域名
        exec: $query_cn
      - exec: jump has_resp_main
      # 检查是否符合GFW域名规则
      - matches: qname $geosite_gfw
        exec: $query_gfw
      - exec: jump has_resp_main
      - matches: qname $geosite_location-!cn # 非 cn 域名
        exec: $query_gfw
      - exec: jump has_resp_main
      # 其他
      - exec: $no_ecs
      - exec: $query_fallback
      - exec: jump has_resp_main

  - tag: sequence
    type: sequence
    args:
      - exec: metrics_collector metrics
      - exec: $pre_sequence # 预处理
      - exec: $main_sequence # 主执行序列

  # 在同一端口启动 udp 和 tcp 服务器。
  - type: udp_server
    args:
      entry: sequence
      listen: :1052
  - type: tcp_server
    args:
      entry: sequence
      listen: :1052

dat_exec.yaml 内容如下:

plugins:
  ################## 数据源 ################
  - tag: geosite_company # 公司
    type: domain_set
    args:
      exps:
        - "domain:deepin.com"
        - "domain:deepin.org"
        - "domain:uniontech.com"

  - tag: geosite_home
    type: domain_set
    args:
      exps:
        - "domain:mb3admin.com"
        - "domain:mkacg.com"

  - tag: geoip_private # 私网 ip
    type: ip_set
    args:
      files:
        - "/var/mosdns/geoip_private.txt"

  - tag: geoip_cn # cn ip
    type: ip_set
    args:
      files:
        - "/var/mosdns/geoip_cn.txt"

  - tag: geosite_cn # cn 域名
    type: domain_set
    args:
      files:
        - "/var/mosdns/geosite_cn.txt"
        - "/etc/mosdns/rule/whitelist.txt"

  - tag: geosite_gfw # gfw 域名
    type: domain_set
    args:
      files:
        - "/var/mosdns/geosite_gfw.txt"
        - "/etc/mosdns/rule/greylist.txt"
      exps:
        - "domain:nya.one"
        - "domain:aode.seediqbale.xyz"
        - "domain:bgme.me"
        - "domain:akkm.moongazer.net"
        - "domain:misskey.io"
        - "keyword:relay"

  - tag: geosite_location-!cn # 非 cn 域名
    type: domain_set
    args:
      files:
        - "/var/mosdns/geosite_geolocation-!cn.txt"
  - tag: geosite_ads-all # 广告域名
    type: domain_set
    args:
      files:
        - "/var/mosdns/geosite_category-ads-all.txt"

  ################# 可执行插件 ################

  # 缓存 lan
  - tag: cache_lan
    type: cache
    args:
      size: 8192
      lazy_cache_ttl: 86400
  # 缓存 wan
  - tag: cache_wan
    type: cache
    args:
      size: 131072
      lazy_cache_ttl: 86400

  # # exec
  # - tag: ecs_cn # 附加 ecs-cn 信息
  #   type: sequence
  #   args:
  #     - exec: ecs 202.120.2.100

  # no ecs
  # - tag: no_ecs # no ecs 信息
  #   type: sequence
  #   args:
  #     - exec: ecs

  # no ecs
  - tag: no_ecs
    type: "ecs_handler"
    args:
      forward: false # 是否转发来自下游的 ecs
      preset: "192.210.228.147" # 发送预设 ecs
      send: false # 是否发送 ecs
      mask4: 24
      mask6: 48

  # 附加 ecs cn 信息
  - tag: ecs_cn
    type: "ecs_handler"
    args:
      forward: false # 是否转发来自下游的 ecs
      preset: 114.217.98.237 # 发送预设 ecs
      send: false # 是否发送 ecs
      mask4: 24 # ipv4 掩码。默认 24
      mask6: 48 # ipv6 掩码。默认 48

  # 调整 ttl
  - tag: ttl_1m
    type: sequence
    args:
      - exec: ttl 60
  - tag: ttl_5m
    type: sequence
    args:
      - exec: ttl 300
  - tag: ttl_1h
    type: sequence
    args:
      - exec: ttl 3600

dns.yaml 内容如下:

plugins:
  ################ DNS #################
  - tag: company
    type: forward
    args:
      upstreams:
        - addr: udp://10.20.0.10

  # google doh dot h3
  - tag: google
    type: forward
    args:
      concurrent: 3
      upstreams:
        - addr: "https://dns.google/dns-query"
          dial_addr: "2001:4860:4860::6464"
        - addr: "https://dns.google/dns-query"
          dial_addr: "2001:4860:4860::0064"
        - addr: "https://dns.google/dns-query"
          dial_addr: "2001:4860:4860::8844"
        - addr: "https://dns.google/dns-query"
          dial_addr: "2001:4860:4860::8888"
        - addr: "https://dns.google/dns-query"
          dial_addr: "8.8.4.4"
        - addr: "https://dns.google/dns-query"
          dial_addr: "8.8.8.8"

        - addr: "tls://dns.google"
          dial_addr: "8.8.4.4"
          enable_pipeline: true # TCP/DoT 启用 RFC 7766 新的 query pipelining 连接复用模式
        - addr: "tls://dns.google"
          dial_addr: "2001:4860:4860::8888"
          enable_pipeline: true
        - addr: "tls://dns.google"
          dial_addr: "8.8.8.8"
          enable_pipeline: true
        # h3
        - addr: "https://dns.google/dns-query"
          dial_addr: "2001:4860:4860::8844"
          enable_http3: true
        - addr: "https://dns.google/dns-query"
          dial_addr: "8.8.4.4"
          enable_http3: true
        - addr: "https://dns.google/dns-query"
          dial_addr: "2001:4860:4860::8888"
          enable_http3: true
        - addr: "https://dns.google/dns-query"
          dial_addr: "8.8.8.8"
          enable_http3: true

  # cloudflare doh dot h3
  - tag: cloudflare
    type: forward
    args:
      concurrent: 3
      upstreams:
        - addr: "https://1.1.1.1/dns-query"
          dial_addr: "1.1.1.1"

        - addr: "tls://1.1.1.1"
          dial_addr: "1.1.1.1"
          enable_pipeline: true # TCP/DoT 启用 RFC 7766 新的 query pipelining 连接复用模式
        - addr: "tls://1.1.1.1"
          dial_addr: "1.1.1.1"
          enable_pipeline: true

  - tag: nextdns
    type: forward
    args:
      concurrent: 2
      upstreams:
        - addr: "https://dns.nextdns.io"
          dial_addr: "45.11.104.186"
          enable_http3: true
        - addr: "https://dns.nextdns.io"
          dial_addr: "2a00:11c0:17:429::3"
          enable_http3: true

        - addr: "tls://dns.nextdns.io"
          enable_pipeline: true
          dial_addr: "37.252.249.233"

  - tag: quad9
    type: forward
    args:
      concurrent: 2
      upstreams:
        - addr: "https://dns11.quad9.net/dns-query"
          dial_addr: "9.9.9.11"
        - addr: "https://dns11.quad9.net/dns-query"
          dial_addr: "2620:fe::11"

        - addr: "tls://dns11.quad9.net"
          dial_addr: "9.9.9.11"
          enable_pipeline: true
        - addr: "tls://dns11.quad9.net"
          dial_addr: "2620:fe::11"
          enable_pipeline: true

  - tag: forward_remote
    type: forward
    args:
      concurrent: 1
      upstreams:
        - addr: 127.0.0.1:1053

  # ali doh dot h3
  - tag: ali
    type: forward
    args:
      concurrent: 3
      upstreams:
        - addr: "https://dns.alidns.com/dns-query"
          dial_addr: "223.6.6.6"

        - addr: "tls://dns.alidns.com"
          dial_addr: "2400:3200:baba::1"
          enable_pipeline: true
        - addr: "tls://dns.alidns.com"
          dial_addr: "223.5.5.5"
          enable_pipeline: true

        - addr: "https://dns.alidns.com/dns-query"
          dial_addr: "223.5.5.5"
          enable_http3: true
        - addr: "https://dns.alidns.com/dns-query"
          dial_addr: "2400:3200::1"
          enable_http3: true

  # dnspod doh dot
  - tag: dnspod
    type: forward
    args:
      concurrent: 3
      upstreams:
        - addr: "https://doh.pub/dns-query"
          dial_addr: "1.12.12.12"
        - addr: "https://doh.pub/dns-query"
          dial_addr: "120.53.53.53"

        - addr: "tls://dot.pub"
          dial_addr: "1.12.12.12"
          enable_pipeline: true
        - addr: "tls://dot.pub"
          dial_addr: "120.53.53.53"
          enable_pipeline: true

  # local dns
  - tag: local
    type: forward
    args:
      concurrent: 1
      upstreams:
        - addr: "udp://192.168.12.1:5353"

  # server 失败
  - tag: reject_2
    type: sequence
    args:
      - exec: reject 2

  # 拒绝响应
  - tag: reject_3
    type: sequence
    args:
      - exec: reject 3

  # 不支持的操作
  - tag: reject_5
    type: sequence
    args:
      - exec: reject 5

ecs 的地方可以根据需要调整为其他地址,可以使用自己所在地区的公网 ip。

同时我添加了公司的 dns 的解析,以及 fallback 调整为返回 fakeip,因为我的代理结构是基于 tailscale + clash 的,只要是国外或者需要代理的域名,都会被解析到 clash 的 fakeip 上,由 clash 进行后续的处理。

还有需要注意的是,/var/mosdns 下的配置文件来自 geoip,这份文件是在 openwrt 上配置的,需要按照项目的说明展开相关字段生成。