✨ 使用多个dns服务器以提高可用性

Author: catusax

README.md

@@ -17,6 +17,7 @@ dig @127.0.0.1 edns-client-sub.net TXT +short
 
 ### other
 更新：增加docker-compose，支持使用nginx部署doh和dot
+todo:由于国内tls查询会有概率被阻断，等待overture正式版支持https查询后，上游dns改为https。
 
 #### 配置文件
 config: overture 配置文件，用于分流查询dns

config/config.json

@@ -1,9 +1,9 @@
 {
-  "BindAddress": ":8053",
+  "BindAddress": "0.0.0.0:5353",
   "PrimaryDNS": [
     {
-      "Name": "shannxi china mobile",
-      "Address": "114.114.114.114:53",
+      "Name": "alidns",
+      "Address": "223.5.5.5:53",
       "Protocol": "udp",
       "SOCKS5Address": "",
       "Timeout": 6,
@@ -12,6 +12,30 @@
         "ExternalIP": "111.18.102.19",
         "NoCookie": false
       }
+    },
+    {
+      "Name": "alidns2",
+      "Address": "223.6.6.6:53",
+      "Protocol": "udp",
+      "SOCKS5Address": "",
+      "Timeout": 6,
+      "EDNSClientSubnet": {
+        "Policy": "manual",
+        "ExternalIP": "111.18.102.19",
+        "NoCookie": false
+      }
+    },
+    {
+        "Name": "tecent",
+        "Address": "119.29.29.29:53",
+        "Protocol": "udp",
+        "SOCKS5Address": "",
+        "Timeout": 6,
+        "EDNSClientSubnet": {
+            "Policy": "manual",
+            "ExternalIP": "111.18.102.19",
+        "NoCookie": false
+        }
     }
   ],
   "AlternativeDNS": [
@@ -20,15 +44,39 @@
       "Address": "one.one.one.one:[email protected]",
       "Protocol": "tcp-tls",
       "SOCKS5Address": "",
-      "Timeout": 6,
+      "Timeout": 10,
+      "EDNSClientSubnet": {
+        "Policy": "manual",
+        "ExternalIP": "111.18.102.19",
+        "NoCookie": false
+      }
+    },
+    {
+      "Name": "cloudflare+tcp",
+      "Address": "1.1.1.1:53",
+      "Protocol": "tcp",
+      "SOCKS5Address": "",
+      "Timeout": 10,
+      "EDNSClientSubnet": {
+        "Policy": "manual",
+        "ExternalIP": "111.18.102.19",
+        "NoCookie": false
+      }
+    },
+	{
+      "Name": "opendns",
+      "Address": "208.67.222.222:5353",
+      "Protocol": "tcp",
+      "SOCKS5Address": "",
+      "Timeout": 10,
       "EDNSClientSubnet": {
         "Policy": "manual",
         "ExternalIP": "111.18.102.19",
         "NoCookie": false
       }
     }
   ],
-  "OnlyPrimaryDNS": true,
+  "OnlyPrimaryDNS": false,
   "IPv6UseAlternativeDNS": false,
   "IPNetworkFile": {
     "Primary": "/overture/ip_network_primary_sample",
@@ -39,7 +87,7 @@
     "Alternative": "/overture/domain_alternative_sample"
   },
   "HostsFile": "/overture/hosts_sample",
-  "MinimumTTL": 0,
-  "CacheSize" : 0,
+  "MinimumTTL": 300,
+  "CacheSize" : 4096,
   "RejectQtype": [255]
 }

doh-server.conf

@@ -32,14 +32,14 @@ path = "/dns-query"
 # For "tcp", only TCP will be used.
 # For "tcp-tls", DNS-over-TLS (RFC 7858) will be used to secure the upstream connection.
 upstream = [
-    "udp:overture:8053",
+    "udp:overture:5353",
 ]
 
 # Upstream timeout
-timeout = 10
+timeout = 60
 
 # Number of tries if upstream DNS fails
-tries = 3
+tries = 10
 
 # Enable logging
 verbose = false

nginx.conf

@@ -2,7 +2,7 @@ user  nginx;
 worker_processes  auto;
 
 
-error_log  /var/log/nginx/error.log notice;
+#error_log  /var/log/nginx/error.log notice;
 pid        /var/run/nginx.pid;
 
 events {
@@ -15,7 +15,7 @@ stream {
   # DNS upstream pool.
   upstream dns {
     zone dns 64k;
-    server overture:8053;
+    server overture:5353;
   }
 
   # DNS(TCP) and DNS over TLS (DoT) Server
@@ -31,11 +31,11 @@ stream {
 
 http {
 
-  
+  access_log off; 
   server{
     # Listen on standard HTTPS port, and accept HTTP2, with SSL termination
     listen 443 ssl http2;
-    server_name  dns.coolrc.me;
+    server_name  dns.coolrc.top;
     ssl_certificate /ssl/fullchain.pem;
     ssl_certificate_key /ssl/privkey.pem;
     ssl_session_cache shared:ssl_cache:10m;