CoreDns配置

本文档介绍 CoreDns配置 的相关内容。

CoreDns 配置

docker-compose.yml

version: "3.3" services: coredns: image: reg.jeffok.com/opssys/coredns:latest container_name: coredns restart: always volumes: ./Corefile:/usr/local/coredns/Corefile network_mode: "host" command: -conf Corefile smartdns: image: reg.jeffok.com/opssys/smartdns:latest container_name: smartdns restart: always volumes: ./Smartfile:/usr/local/smartdns/Smartfile ./smartdns.log:/var/log/smartdns.log:rw network_mode: "host" command: -c Smartfile -f ntp: image: reg.jeffok.com/opssys/ntp:latest container_name: ntp restart: always ports: 123:123/udp tmpfs: /etc/chrony:rw,mode=1750 /run/chrony:rw,mode=1750 /var/lib/chrony:rw,mode=1750 environment: NTP_SERVERS=time.cloudflare.com,time.google.com LOG_LEVEL=0 volumes: /etc/localtime:/etc/localtime:ro

Smartfile

bind 127.0.0.1:5311 -group int -no-speed-check bind-tcp 127.0.0.1:5311 -group int -no-speed-check bind 127.0.0.1:5322 -no-speed-check -group ext -no-speed-check bind-tcp 127.0.0.1:5322 -no-speed-check -group ext -no-speed-check cache-size 5120 prefetch-domain yes rr-ttl-min 60 rr-ttl-max 100 rr-ttl 100 -log-level error log-file /var/log/smartdns.log # int-dns # server 1.2.3.4 -group int # server 1.2.3.4 -group int server 1.2.3.4 -group int server 1.2.3.4 -group int # server 1.2.3.4 -group int # server-tls rubyfish.cn -no-check-certificate -group int # server-https https://doh.360.cn/dns-query -no-check-certificate -group int # ext-dns server 1.2.3.4 -exclude-default-group -group ext server 1.2.3.4 -exclude-default-group -group ext # server 1.2.3.4 -exclude-default-group -group ext # server-tcp 1.2.3.4 -exclude-default-group -group ext # server-https https://doh.opendns.com/dns-query -exclude-default-group -no-check-certificate -group ext # server-https https://cloudflare-dns.com/dns-query -exclude-default-group -no-check-certificate -group ext # server-https https://dns9.quad9.net/dns-query -exclude-default-group -no-check-certificate -group ext

update.sh

# !/bin/bash O_MD5=ec025c47d1831039b2750a32602e8e2d china=`curl -sSL https://github.com/felixonmars/dnsmasq-china-list/raw/master/accelerated-domains.china.conf | while read line; do awk -F '/' '{print $2}' | grep -v '#' ; done | paste -sd " " -` apple=`curl -sSL https://github.com/felixonmars/dnsmasq-china-list/raw/master/apple.china.conf | while read line; do awk -F '/' '{print $2}' | grep -v '#' ; done | paste -sd " " -` bogus=`curl -sSL https://github.com/felixonmars/dnsmasq-china-list/raw/master/bogus-nxdomain.china.conf | grep "=" | while read line; do awk -F '=' '{print $2}' | grep -v '#' ; done | paste -sd " " -` # google=`curl -sSL https://github.com/felixonmars/dnsmasq-china-list/raw/master/google.china.conf | while read line; do awk -F '/' '{print $2}' | grep -v '#' ; done | paste -sd " " -` cat>Corefile<<EOF . { hosts { 192. 168.151.225 mirrors.cloudholy.com 192. 168.151.225 harbor.jointdc.com fallthrough } forward . 127.0.0.1:5322 { except $china $apple cdn.jsdelivr.net api2.mch.weixin.qq.com api2.weixin.qq.com api.mch.weixin.qq.com api.weixin.qq.com axshort.weixin.qq.com btrace.qq.com c6.y.qq.com cnc.qzone.qq.com connect.qq.com dl.wechat.com dns.weixin.qq.com.cn emoji.qpic.cn extshort.weixin.qq.com file.api.weixin.qq.com file.wx.qq.com findershort.weixin.qq.com fraud.mch.weixin.qq.com game.qq.com graph.qq.com gtimg.cn gtimg.com hk.api.weixin.qq.com hkaxshort.weixin.qq.com hkdisas.weixin.qq.com hkextshort.weixin.qq.com hkfindershort.weixin.qq.com hklong.weixin.qq.com hkminorshort.weixin.qq.com hkquic.weixin.qq.com hkshort6.weixin.qq.com hkshort.pay.weixin.qq.com hkshort.weixin.qq.com hksupport.weixin.qq.com imgcache.qq.com i.qq.com live.qq.com long.weixin.qq.com mail.qq.com mch.weixin.qq.com minorlong.weixin.qq.com minorshort.weixin.qq.com mlaxshort.weixin.qq.com mldisas.weixin.qq.com mlextshort.weixin.qq.com mlfindershort.weixin.qq.com mllong.weixin.qq.com mlminorlong.weixin.qq.com mlminorshort.weixin.qq.com mlquic.weixin.qq.com mlshort.pay.weixin.qq.com mlshort.weixin.qq.com mlsupport.weixin.qq.com mmbiz.qlogo.cn mmbiz.qpic.cn mmbizwechat.com mmpay.com mmsns.qpic.cn mp.weixinbridge.com mp.weixin.qq.com mp.wework.cn mqqapi.com myapp.com myqcloud.com now.qq.com open.qq.com open.weixin.qq.com pay.qq.com pingfore.qq.com qlogo.cn qmail.qq.com qpic.cn qq.com qqmail.com quic.weixin.qq.com qyapi.weixin.qq.com qzone.com qzone.qq.com qzonestyle.gtimg.cn qzs.qq.com res.servicewechat.com resstatic.servicewechat.com res.wx.qq.com servicewechat.com sgaxshort.wechat.com sgfindershort.wechat.com sgilinkshort.wechat.com sglong.wechat.com sgminorshort.wechat.com sgshort.pay.wechat.com sgshort.wechat.com sh.api.weixin.qq.com shdisas.weixin.qq.com shextshort.weixin.qq.com shminorlong.weixin.qq.com shmmsns.qpic.cn short.pay.weixin.qq.com short.weixin.qq.com shp.qlogo.cn shquic.weixin.qq.com shshort.pay.weixin.qq.com support.weixin.qq.com sz.api.weixin.qq.com szaxshort.weixin.qq.com szdisas.weixin.qq.com szextshort.weixin.qq.com szfindershort.weixin.qq.com szlong.weixin.qq.com szminorlong.weixin.qq.com szminorshort.weixin.qq.com szmmsns.qpic.cn szquic.weixin.qq.com szshort.pay.weixin.qq.com szshort.weixin.qq.com szsupport.weixin.qq.com tencent-cloud.com tencent-cloud.net tencent.com tencentcs.com tencentmap.wechat.com tencentmind.com tenpay.com tenpay.qq.com video.gtimg.com vip.qq.com v.qq.com vweixinf.tc.qq.com web.wechat.com wechat.com wechatlegal.net wechatpay.com weixin110.qq.com weixinbridge.com weixinc2c.tc.qq.com weixin.com weixin.qq.com weixinsxy.com weiyun.com wx2.qq.com wx8.qq.com wxapp.qq.com wxapp.tc.qq.com wx.gtimg.com wximg.qq.com wx.qlogo.cn wx.qq.com wxsnsdythumb.wxs.qq.com wxsnsdyvip.wxs.qq.com wxsnsdy.wxs.qq.com y.qq.com y.qqmusic.com } proxy . 127.0.0.1:5311 bogus $bogus cache 10 health reload errors } EOF N_MD5=`md5sum Corefile|awk '{print $1}'` [[ "$O_MD5" == "$N_MD5" ]] && exit 0 || docker-compose restart coredns sed -ri "/^O_MD5/c O_MD5=$N_MD5" $0