|
用命令行,写好配置文件,需要实现什么样功能,只需将其前面的符号 # 去掉即可,
具体功能如下
-
- # dns server name, defaut is host name
- # server-name,
- # example:
- # server-name smartdns
- #
- # Include another configuration options
- # conf-file [file]
- # conf-file blacklist-ip.conf
- # dns server bind ip and port, default dns server port is 53, support binding multi ip and port
- # bind udp server
- # bind [IP]:[port] [-group [group]] [-no-rule-addr] [-no-rule-nameserver] [-no-rule-ipset] [-no-speed-check] [-no-cache] [-no-rule-soa] [-no-dualstack-selection]
- # bind tcp server
- # bind-tcp [IP]:[port] [-group [group]] [-no-rule-addr] [-no-rule-nameserver] [-no-rule-ipset] [-no-speed-check] [-no-cache] [-no-rule-soa] [-no-dualstack-selection]
- # option:
- # -group: set domain request to use the appropriate server group.
- # -no-rule-addr: skip address rule.
- # -no-rule-nameserver: skip nameserver rule.
- # -no-rule-ipset: skip ipset rule.
- # -no-speed-check: do not check speed.
- # -no-cache: skip cache.
- # -no-rule-soa: Skip address SOA(#) rules.
- # -no-dualstack-selection: Disable dualstack ip selection.
- # example:
- # IPV4:
- # bind :53
- # bind :6053 -group office -no-speed-check
- # IPV6:
- # bind [::]:53
- # bind-tcp [::]:53
- bind [::]:53
- # tcp connection idle timeout
- # tcp-idle-time [second]
- # dns cache size
- # cache-size [number]
- # 0: for no cache
- cache-size 512
- # prefetch domain
- # prefetch-domain [yes|no]
- # prefetch-domain yes
- # List of hosts that supply bogus NX domain results
- # bogus-nxdomain [ip/subnet]
- # List of IPs that will be filtered when nameserver is configured -blacklist-ip parameter
- # blacklist-ip [ip/subnet]
- # List of IPs that will be accepted when nameserver is configured -whitelist-ip parameter
- # whitelist-ip [ip/subnet]
- # List of IPs that will be ignored
- # ignore-ip [ip/subnet]
- # speed check mode
- # speed-check-mode [ping|tcp:port|none|,]
- # example:
- # speed-check-mode ping,tcp:80
- # speed-check-mode tcp:443,ping
- # speed-check-mode none
- # force AAAA query return SOA
- # force-AAAA-SOA [yes|no]
- # Enable IPV4, IPV6 dual stack IP optimization selection strategy
- # dualstack-ip-selection-threshold [num] (0~1000)
- # dualstack-ip-selection [yes|no]
- # dualstack-ip-selection yes
- # edns client subnet
- # edns-client-subnet [ip/subnet]
- # edns-client-subnet 192.168.1.1/24
- # edns-client-subnet [8::8]/56
- # ttl for all resource record
- # rr-ttl: ttl for all record
- # rr-ttl-min: minimum ttl for resource record
- # rr-ttl-max: maximum ttl for resource record
- # example:
- # rr-ttl 300
- # rr-ttl-min 60
- # rr-ttl-max 86400
- # set log level
- # log-level: [level], level=fatal, error, warn, notice, info, debug
- # log-file: file path of log file.
- # log-size: size of each log file, support k,m,g
- # log-num: number of logs
- log-level info
- # log-file /var/log/smartdns.log
- # log-size 128k
- # log-num 2
- # dns audit
- # audit-enable [yes|no]: enable or disable audit.
- # audit-enable yes
- # audit-SOA [yes|no]: enable or disalbe log soa result.
- # audit-size size of each audit file, support k,m,g
- # audit-file /var/log/smartdns-audit.log
- # audit-size 128k
- # audit-num 2
- # remote udp dns server list
- # server [IP]:[PORT] [-blacklist-ip] [-whitelist-ip] [-check-edns] [-group [group] ...] [-exclude-default-group]
- # default port is 53
- # -blacklist-ip: filter result with blacklist ip
- # -whitelist-ip: filter result whth whitelist ip, result in whitelist-ip will be accepted.
- # -check-edns: result must exist edns RR, or discard result.
- # -group [group]: set server to group, use with nameserver /domain/group.
- # -exclude-default-group: exclude this server from default group.
- # server 8.8.8.8 -blacklist-ip -check-edns -group g1 -group g2
- # remote tcp dns server list
- # server-tcp [IP]:[PORT] [-blacklist-ip] [-whitelist-ip] [-group [group] ...] [-exclude-default-group]
- # default port is 53
- # server-tcp 8.8.8.8
- # remote tls dns server list
- # server-tls [IP]:[PORT] [-blacklist-ip] [-whitelist-ip] [-spki-pin [sha256-pin]] [-group [group] ...] [-exclude-default-group]
- # -spki-pin: TLS spki pin to verify.
- # -tls-host-check: cert hostname to verify.
- # -hostname: TLS sni hostname.
- # Get SPKI with this command:
- # echo | openssl s_client -connect '[ip]:853' | openssl x509 -pubkey -noout | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary | openssl enc -base64
- # default port is 853
- # server-tls 8.8.8.8
- # server-tls 1.0.0.1
- # remote https dns server list
- # server-https https://[host]:[port]/path [-blacklist-ip] [-whitelist-ip] [-spki-pin [sha256-pin]] [-group [group] ...] [-exclude-default-group]
- # -spki-pin: TLS spki pin to verify.
- # -tls-host-check: cert hostname to verify.
- # -hostname: TLS sni hostname.
- # -http-host: http host.
- # default port is 443
- # server-https https://cloudflare-dns.com/dns-query
- # specific nameserver to domain
- # nameserver /domain/[group|-]
- # nameserver /www.example.com/office, Set the domain name to use the appropriate server group.
- # nameserver /www.example.com/-, ignore this domain
- # specific address to domain
- # address /domain/[ip|-|-4|-6|#|#4|#6]
- # address /www.example.com/1.2.3.4, return ip 1.2.3.4 to client
- # address /www.example.com/-, ignore address, query from upstream, suffix 4, for ipv4, 6 for ipv6, none for all
- # address /www.example.com/#, return SOA to client, suffix 4, for ipv4, 6 for ipv6, none for all
- # enable ipset timeout by ttl feature
- # ipset-timeout [yes]
- # specific ipset to domain
- # ipset /domain/[ipset|-]
- # ipset /www.example.com/block, set ipset with ipset name of block
- # ipset /www.example.com/-, ignore this domain
复制代码 |
评分
-
查看全部评分
|