forked from darkk/redsocks
-
Notifications
You must be signed in to change notification settings - Fork 252
巧用TCPDNS做备用DNS
Hao Hu edited this page May 4, 2020
·
4 revisions
我是用dnscrypt-proxy来解决DNS污染的.但是,偶尔地会出现dnscrypt-proxy不能正常工作的情况,比如连续十几分钟都获取不到有效证书.当这种情况出现的时候,网络访问就几乎无法进行.我利用TCPDNS来解决这个问题.
用TCPDNS做备用DNS的好处是保证DNS速度的情况下,避免污染DNS. 但对受限域名的查询会失败,因为此时TCP连接会被connection reset. 有个可用的DNS总好过完全没有DNS吧.当dnscrypt-proxy恢复后,受限域名的查询又会正常了.
-
首先你要找几个支持TCP查询的境外DNS服务器.最好是在香港台湾等速度快的地方找.
-
添加redsocks2配置并并重启redsocks2
REDSOCKS2相关配置内容
tcpdns { bind = 127.0.0.1:3053; // Local server to act as DNS server tcpdns1 = 168.95.192.1; // DNS server that supports TCP DNS requests tcpdns2 = 202.175.3.8; // DNS server that supports TCP DNS requests timeout = 6; // Timeout value for TCP DNS requests } -
将上面配置的local_ip:local_port做为备用DNS加入到你的系统配置中,比如dnsmasq的配置文件里.
-
重启DNS服务.
实际效果还不错,在TCPDNS的配合下,总体dns查询失败率已经从之前的8%左右降至0.02%
Thu Mar 17 09:50:51 2016 daemon.info dnsmasq[32335]: time 1458179451
Thu Mar 17 09:50:51 2016 daemon.info dnsmasq[32335]: cache size 150, 5574/34694 cache insertions re-used unexpired cache entries.
Thu Mar 17 09:50:51 2016 daemon.info dnsmasq[32335]: queries forwarded 17548, queries answered locally 7477
Thu Mar 17 09:50:51 2016 daemon.info dnsmasq[32335]: server 127.0.0.1#3053: queries sent 14296, retried or failed 0
Thu Mar 17 09:50:51 2016 daemon.info dnsmasq[32335]: server 127.0.0.1#2053: queries sent 14296, retried or failed 0
Thu Mar 17 09:50:51 2016 daemon.info dnsmasq[32335]: server 127.0.0.1#1053: queries sent 14296, retried or failed 3
Thu Mar 17 09:50:51 2016 daemon.info dnsmasq[32335]: server 8.8.8.8#53: queries sent 3252, retried or failed 0
Thu Mar 17 09:50:51 2016 daemon.info dnsmasq[32335]: server 8.8.4.4#53: queries sent 0, retried or failed 0