一开始使用软路由,就是因为翻墙和去广告的噱头,别的功能都是送的,现在看来其实装个docker之后什么服务都可以用上了,那也算是高级的用法了,这次重烧固件后弄了这么久有很大原因就是搞不清楚smartdns和adguardhome怎么用了,翻看了一大堆没用的视频和文档,绝大多数都是倒垃圾,看到一篇写的很好的之后跟着操作成功了,记录一下
用的是这个固件,那个固件不知道咋回事老是Dnsmasq配置自己跳回去,我想是跟我先扩容了有关系?
设置smartdns
设置之前先把ssrp关掉,如果有的话
添加服务器上游,全部用ip+默认端口+UDP得了
| DNS名称 |
IP |
端口 |
协议 |
服务器组 |
| ali |
223.5.5.5 |
|
UDP |
cn |
| ali |
223.6.6.6 |
|
UDP |
cn |
| tencent |
119.29.29.29 |
|
UDP |
cn |
| 114 |
114.114.114.114 |
|
UDP |
cn |
| cloudflare |
1.1.1.1 |
|
UDP |
us |
| google |
8.8.8.8 |
|
UDP |
us |
| q9 |
9.9.9.9 |
|
UDP |
us |
| vrs |
64.6.64.6 |
|
UDP |
us |
确保6053和5335端口没被占用,当Dnsmasq的下游
保存并应用
设置Dnsmasq
网络->DHCP/DNS
常规设置:DNS转发填 127.0.0.1#6053,就是上面smartdns的第一服务器端口
HOSTS和解析文件:忽略解析文件✔
高级设置:DNS查询缓存的大小:填0
保存&应用
测试一下目前为止的设置
1
2
3
4
5
6
7
8
|
$ dig @10.10.65.188 -p 6053 www.baidu.com +short
www.a.shifen.com.
14.215.177.39
$ dig @10.10.65.188 -p 53 www.baidu.com +short
www.a.shifen.com.
14.215.177.39
14.215.177.38
|
没问题
目前Dnsmasq占用53端口,是默认dns查询入口,查询转发到6053端口的smartdns第一服务器组
开始设置Adguardhome
Adguardhome最终要占用的是53端口,现在被Dnsmasq占用着,但是要是现在腾出来给Adguardhome,它也没法用
先更新核心板本,然后 启用✔,保存&应用
回到 网络->DHCP/DNS,服务器设置/高级设置 DNS服务器端口填5337,这个没讲究,保存&应用
再回到adg设置页面,粘贴配置到手动设置页不知道行不行
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
|
bind_host: 0.0.0.0
bind_port: 3000
beta_bind_port: 0
users:
- name: root
password: $2a$10$Ugw.q0qvAo.CyX25X23z.ufB8aPhhxN9Lo.qqZ9WNmypF/m453PM6
auth_attempts: 5
block_auth_min: 15
http_proxy: ""
language: ""
debug_pprof: false
web_session_ttl: 720
dns:
bind_hosts:
- 0.0.0.0
port: 53
statistics_interval: 1
querylog_enabled: true
querylog_file_enabled: true
querylog_interval: 2160h
querylog_size_memory: 1000
anonymize_client_ip: false
protection_enabled: true
blocking_mode: default
blocking_ipv4: ""
blocking_ipv6: ""
blocked_response_ttl: 10
parental_block_host: family-block.dns.adguard.com
safebrowsing_block_host: standard-block.dns.adguard.com
ratelimit: 20
ratelimit_whitelist: []
refuse_any: true
upstream_dns:
- 127.0.0.1:5337
upstream_dns_file: ""
bootstrap_dns:
- 127.0.0.1
all_servers: true
fastest_addr: false
fastest_timeout: 1s
allowed_clients: []
disallowed_clients: []
blocked_hosts:
- version.bind
- id.server
- hostname.bind
trusted_proxies:
- 127.0.0.0/8
- ::1/128
cache_size: 0
cache_ttl_min: 0
cache_ttl_max: 0
cache_optimistic: false
bogus_nxdomain: []
aaaa_disabled: false
enable_dnssec: false
edns_client_subnet: false
max_goroutines: 300
handle_ddr: true
ipset: []
ipset_file: ""
filtering_enabled: true
filters_update_interval: 24
parental_enabled: false
safesearch_enabled: false
safebrowsing_enabled: false
safebrowsing_cache_size: 1048576
safesearch_cache_size: 1048576
parental_cache_size: 1048576
cache_time: 30
rewrites: []
blocked_services: []
upstream_timeout: 10s
private_networks: []
use_private_ptr_resolvers: true
local_ptr_upstreams: []
serve_http3: false
use_http3_upstreams: false
tls:
enabled: false
server_name: ""
force_https: false
port_https: 443
port_dns_over_tls: 853
port_dns_over_quic: 853
port_dnscrypt: 0
dnscrypt_config_file: ""
allow_unencrypted_doh: false
strict_sni_check: false
certificate_chain: ""
private_key: ""
certificate_path: ""
private_key_path: ""
filters:
- enabled: true
url: https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt
name: AdGuard DNS filter
id: 1
- enabled: false
url: https://adaway.org/hosts.txt
name: AdAway Default Blocklist
id: 2
- enabled: true
url: https://easylist-downloads.adblockplus.org/easylist.txt
name: easylist
id: 1665565117
- enabled: true
url: https://easylist-downloads.adblockplus.org/easylistchina.txt
name: easychina
id: 1665565118
- enabled: true
url: https://easylist-downloads.adblockplus.org/easyprivacy.txt
name: easyprivacy
id: 1665565119
- enabled: true
url: https://gitee.com/xinggsf/Adblock-Rule/raw/master/rule.txt
name: chengfengad
id: 1665565121
- enabled: true
url: https://gitee.com/xinggsf/Adblock-Rule/raw/master/mv.txt
name: chengfengvd
id: 1665565122
- enabled: true
url: https://raw.githubusercontent.com/jdlingyu/ad-wars/master/hosts
name: dasheng
id: 1665565124
whitelist_filters: []
user_rules: []
dhcp:
enabled: false
interface_name: ""
local_domain_name: lan
dhcpv4:
gateway_ip: ""
subnet_mask: ""
range_start: ""
range_end: ""
lease_duration: 86400
icmp_timeout_msec: 1000
options: []
dhcpv6:
range_start: ""
lease_duration: 86400
ra_slaac_only: false
ra_allow_slaac: false
clients:
runtime_sources:
whois: true
arp: true
rdns: true
dhcp: true
hosts: true
persistent: []
log_file: ""
log_max_backups: 0
log_max_size: 100
log_max_age: 3
log_compress: false
log_localtime: false
verbose: false
os:
group: ""
user: ""
rlimit_nofile: 0
schema_version: 14
|
反正web绑定3000端口,服务监听53端口,DNS上游服务器写127.0.0.1:5337,就是转发到Dnsmasq,并行请求,Bootstrap DNS 服务器不知道有什么用,反正也是127.0.0.1,然后添加一堆的过滤规则
设置SSRP
这个就添加结点就完了,DNS查询更新IP列表、GFW列表,确认联通状态
最后
网络拓扑图如下:
addition
勾选smartdns的选项自动设置为dnsmasq的上游服务器,不然每次重启,DHCP/DNS中的dns转发会失效,太坑了
最最后
