对于DNS污染,可以通过简单设置国外DNS解决,但是国内网站CDN会很慢,对此只能自行搭建DNS服务器,对于大部分网站,使用运行商DNS服务器解析,对于特殊域名,使用TCP协议通过Google DNS服务器解析,对于企业或者学校内部DNS解析,使用内部DNS服务器。

目前发现的解决方案有dnsmasq以及pdnsd两种方案,相比而言,pdnsd至少具备以下几点优势:

  • 支持DNS缓存,即便服务重启
  • 配置更灵活
  • 指定上级请求方式

pdnsd配置文件有很多参数,这里列举一些感兴趣的备用:

  • Global Section
    • interface=string;:指定绑定网口
    • proxy_only=(on|off);:直接采用该服务器结果,不本机递归查询
    • randomize_servers=(on|off);
    • policy=(included|excluded|simple_only|fqdn_only);:默认策略,配合include/exclude使用
    • include=”.foo”,”.bar”,”.my.dom”;
    • exclude=”.foo”,”.bar”,”.my.dom”;

示例配置:

global {
        perm_cache=2048;
        cache_dir="/var/cache/pdnsd";
        run_as="pdnsd";
        interface=br-tinc;

        status_ctl = on;
        paranoid=on;
        query_method=tcp_only;

        min_ttl=15m;       // Retain cached entries at least 15 minutes.
        max_ttl=1w;        // One week.
        timeout=10;        // Global timeout option (10 seconds).

        // Don't enable if you don't recurse yourself, can lead to problems
        // delegation_only="com","net";
}
/* with status_ctl=on and resolvconf installed, this will work out from the box
   this is the recommended setup for mobile machines */
server {
        label="resolvconf";
}

server {
        label="cernet";
        ip = 202.112.0.23;
        proxy_only=on;
        policy = included;
        exclude = .localdomain,
                ,       .gmail.com
                        ,       .google-analytics.com
                        ,       .google.co.jp
                        ,       .google.com;
}
server {
        label="Google Public Dns";
        ip = 8.8.8.8, 8.8.4.4;
        policy = excluded;
        include =  .gmail.com
                ,       .google-analytics.com
                ,       .google.co.jp
                ,       .google.com;
}
                                                                                                               server {
        label = "root-servers";
        ip =    198.41.0.4
                ,       192.228.79.201
                ,       192.33.4.12
                ,       128.8.10.90
                ,       192.203.230.10
                ,       192.5.5.241
                ,       192.112.36.4
                ,       128.63.2.53
                //      ,       192.36.148.17
                //      ,       192.58.128.30
                //      ,       193.0.14.129
                //      ,       198.32.64.12
                //      ,       202.12.27.33
                ;
        timeout = 5;
        uptest = query;
        interval = 30m;      // Test every half hour.
        ping_timeout = 300;  // 30 seconds.
        purge_cache = off;
        exclude = .localdomain;
        policy = included;
        preset = off;
}
文章目录