overture:自建无污染的DNS服务

作者 jarod发表于

overture是一个用Go开发的DNS服务器,我个人觉得这是个神器,配置简单,使用方便。就是比较小众,用的人不多。。

以下部署步骤请在国内服务器或者本地进行。我这边就在本地的PVE开了一台Debian9部署。

首先在这里下载最新版本的压缩包:

https://github.com/shawn1m/overture/releases

用ROOT权限登录进去安装一些需要用到的工具:

apt -y install dnsutils lrzsz unzip supervisor

新建目录然后用rz命令把下载好的压缩包传到Debian内:

mkdir -p /opt/overture && cd /opt/overture && rz

解压/重命名:

unzip overture-linux-amd64.zip
cp overture-linux-amd64 overture

下载GFWLIST/CHNROUTER列表:

wget https://cokebar.github.io/gfwlist2dnsmasq/gfwlist_domain.txt
wget https://raw.githubusercontent.com/17mon/china_ip_list/master/china_ip_list.txt

编辑OVERTURE的配置文件:

nano /opt/overture/config.json

下面是我的配置:

{
  "BindAddress": ":53",
  "DebugHTTPAddress": "127.0.0.1:5555",
  "PrimaryDNS": [
    {
      "Name": "DNSPod",
      "Address": "119.29.29.29:53",
      "Protocol": "udp",
      "SOCKS5Address": "",
      "Timeout": 6,
      "EDNSClientSubnet": {
        "Policy": "disable",
        "ExternalIP": "",
        "NoCookie": true
      }
    },
    {
      "Name": "AliDNS",
      "Address": "223.5.5.5:53",
      "Protocol": "udp",
      "SOCKS5Address": "",
      "Timeout": 6,
      "EDNSClientSubnet": {
        "Policy": "disable",
        "ExternalIP": "",
        "NoCookie": true
      }
    }
  ],
  "AlternativeDNS": [
    {
      "Name": "CloudFlareDNS",
      "Address": "one.one.one.one:853",
      "Protocol": "tcp-tls",
      "SOCKS5Address": "",
      "Timeout": 6,
      "EDNSClientSubnet": {
        "Policy": "disable",
        "ExternalIP": "",
        "NoCookie": true
      }
    },
    {
      "Name": "GoogleDNS",
      "Address": "dns.google:853",
      "Protocol": "tcp-tls",
      "SOCKS5Address": "",
      "Timeout": 6,
      "EDNSClientSubnet": {
        "Policy": "disable",
        "ExternalIP": "",
        "NoCookie": true
      }
    }
  ],
  "OnlyPrimaryDNS": false,
  "IPv6UseAlternativeDNS": false,
  "WhenPrimaryDNSAnswerNoneUse": "PrimaryDNS",
  "IPNetworkFile": {
    "Primary": "./china_ip_list.txt",
    "Alternative": ""
  },
  "DomainFile": {
    "Primary": "",
    "Alternative": "./gfwlist_domain.txt",
    "Matcher":  "regex-list"
  },
  "HostsFile": "./hosts_sample",
  "MinimumTTL": 0,
  "DomainTTLFile" : "./domain_ttl_sample",
  "CacheSize" : 0,
  "RejectQType": [255]
}

新建supervisor配置文件:

nano /etc/supervisor/conf.d/overture.conf

写入如下配置:

[program:overture]
priority=1
directory=/opt/overture
command=/opt/overture/overture -c /opt/overture/config.json
autostart=true
autorestart=true
redirect_stderr=true
stdout_logfile=/var/log/supervisor/overture.log

更新supervisor配置,然后查看overture的运行状态:

supervisorctl update
supervisorctl status overture

是RUNNING状态就OK了,接下来使用dig命令进行测试,正好就拿我这个破博客测试吧,我这个域名就是被污染的,如果能够解析出正确的IP那么就说明overture工作是正常的:

dig @127.0.0.1 lala.im

OK没问题:

那么现在局域网内的其他机器修改DNS地址为这台Debian的IP即可享用无污染DNS服务了:

发表回复