家庭翻墙1-用Synology NAS的DnsMasq 来解决GFW的DNS投毒污染

GFW的dns投毒很是困扰了我一阵,一些公开的dns 如8.8.8.8返回的dns记录也被污染。很多域名都返回一个虚假地址。
这时候我们可以用DnsMasq来缓解这一问题,将制定域名清单的域名通过VPN再境外进行解析,其他域名使用本地DNS。这样也防止了由于全部使用境外DNS解析时CDN选择错误,上网很慢的问题,也同时解决了GFW的DNS污染。

家里的NAS 是运行的Synology 5.2系统,他的DHCP功能就是使用DNSMASQ来实现的,我们只要在其配置文件中加入想要的即可。

本文中假设你已经有了境外vpn,配置了路由表,已经将8.8.8.8的ip通过vpn路由至境外网关。

相关的IP段也通过路由表转发至境外网关。

 

1)
打开SSH,使用root用户登录nas
2)
创建一dnsmasq文件

# By default, dnsmasq will send queries to any of the upstream
# servers it knows about and tries to favour servers to are known
# to be up. Uncommenting this forces dnsmasq to try each query
# with each server strictly in the order they appear in
# /etc/resolv.conf
strict-order

# If you don’t want dnsmasq to read /etc/resolv.conf or any other
# file, getting its servers from this file instead (see below), then
# uncomment this.
no-resolv

## ignore address ##
bogus-nxdomain=2.1.1.2
bogus-nxdomain=4.193.80.0
bogus-nxdomain=4.36.66.178
bogus-nxdomain=8.105.84.0
bogus-nxdomain=8.7.198.45
bogus-nxdomain=12.87.133.0
bogus-nxdomain=14.102.249.18
bogus-nxdomain=16.63.155.0
bogus-nxdomain=20.139.56.0
bogus-nxdomain=23.89.5.60
bogus-nxdomain=24.51.184.0
bogus-nxdomain=28.121.126.139
bogus-nxdomain=28.13.216.0
bogus-nxdomain=37.61.54.158
bogus-nxdomain=46.20.126.252
bogus-nxdomain=46.38.24.209
bogus-nxdomain=46.82.174.68
bogus-nxdomain=49.2.123.56
bogus-nxdomain=54.76.135.1
bogus-nxdomain=59.24.3.173
bogus-nxdomain=61.54.28.6
bogus-nxdomain=64.33.88.161
bogus-nxdomain=64.33.99.47
bogus-nxdomain=64.66.163.251
bogus-nxdomain=65.104.202.252
bogus-nxdomain=65.160.219.113
bogus-nxdomain=66.206.11.194
bogus-nxdomain=66.45.252.237
bogus-nxdomain=72.14.205.104
bogus-nxdomain=72.14.205.99
bogus-nxdomain=74.117.57.138
bogus-nxdomain=74.125.127.102
bogus-nxdomain=74.125.155.102
bogus-nxdomain=74.125.39.102
bogus-nxdomain=74.125.39.113
bogus-nxdomain=77.4.7.92
bogus-nxdomain=78.16.49.15
bogus-nxdomain=89.31.55.106
bogus-nxdomain=93.46.8.89
bogus-nxdomain=113.11.194.190
bogus-nxdomain=118.5.49.6
bogus-nxdomain=122.218.101.190
bogus-nxdomain=123.126.249.238
bogus-nxdomain=123.50.49.171
bogus-nxdomain=125.230.148.48
bogus-nxdomain=127.0.0.2
bogus-nxdomain=128.121.126.139
bogus-nxdomain=159.106.121.75
bogus-nxdomain=169.132.13.103
bogus-nxdomain=173.201.216.6
bogus-nxdomain=188.5.4.96
bogus-nxdomain=189.163.17.5
bogus-nxdomain=192.67.198.6
bogus-nxdomain=197.4.4.12
bogus-nxdomain=202.106.1.2
bogus-nxdomain=202.181.7.85
bogus-nxdomain=203.161.230.171
bogus-nxdomain=203.199.57.81
bogus-nxdomain=203.98.7.65
bogus-nxdomain=207.12.88.98
bogus-nxdomain=208.109.138.55
bogus-nxdomain=208.56.31.43
bogus-nxdomain=209.145.54.50
bogus-nxdomain=209.220.30.174
bogus-nxdomain=209.36.73.33
bogus-nxdomain=209.85.229.138
bogus-nxdomain=211.5.133.18
bogus-nxdomain=211.8.69.27
bogus-nxdomain=211.94.66.147
bogus-nxdomain=213.169.251.35
bogus-nxdomain=213.186.33.5
bogus-nxdomain=216.139.213.144
bogus-nxdomain=216.221.188.182
bogus-nxdomain=216.234.179.13
bogus-nxdomain=221.8.69.27
bogus-nxdomain=243.185.187.30
bogus-nxdomain=243.185.187.39
bogus-nxdomain=249.129.46.48
bogus-nxdomain=253.157.14.165

# For debugging purposes, log each DNS query as it passes through
# dnsmasq.
log-queries

log-facility=/volume1/@appstore/dnsmasq/log/aa.log
# google
server=/.google.com/8.8.8.8
server=/.gstatic.com/8.8.8.8
server=/.googleusercontent.com/8.8.8.8
server=/.appspot.com/8.8.8.8
server=/.googlecode.com/8.8.8.8
server=/.googleapis.com/8.8.8.8
server=/.gmail.com/8.8.8.8
server=/.google-analytics.com/8.8.8.8
server=/.youtube.com/8.8.8.8
server=/.blogspot.com/8.8.8.8
server=/.blogger.com/8.8.8.8
server=/.12vpn.com/8.8.8.8
server=/.1984bbs.com/8.8.8.8
server=/.1984bbs.org/8.8.8.8
server=/.64tianwang.com/8.8.8.8
server=/.6park.com/8.8.8.8
server=/.aboluowang.com/8.8.8.8
server=/.allinfa.com/8.8.8.8
server=/.apigee.com/8.8.8.8
server=/.appspot.com/8.8.8.8
server=/.babynet.com.hk/8.8.8.8
server=/.backchina.com/8.8.8.8
server=/.bannedbook.org/8.8.8.8
server=/.bayvoice.net/8.8.8.8
server=/.berlintwitterwall.com/8.8.8.8
server=/.bignews.org/8.8.8.8
server=/.bjzc.org/8.8.8.8
server=/.blockcn.com/8.8.8.8
server=/.blogger.com/8.8.8.8
server=/.bloomberg.cn/8.8.8.8
server=/.bloomberg.com/8.8.8.8
server=/.boxun.com/8.8.8.8
server=/.broadbook.com/8.8.8.8
server=/.cactusvpn.com/8.8.8.8
server=/.caochangqing.com/8.8.8.8
server=/.cdjp.org/8.8.8.8
server=/.cdp1998.org/8.8.8.8
server=/.cdpweb.org/8.8.8.8
server=/.cfhks.org.hk/8.8.8.8
server=/.chinaaffairs.org/8.8.8.8
server=/.chinadigitaltimes.net/8.8.8.8
server=/.chinayouth.org.hk/8.8.8.8
server=/.chinese-memorial.org/8.8.8.8
server=/.chinesepen.org/8.8.8.8
server=/.crd-net.org/8.8.8.8
server=/.creaders.net/8.8.8.8
server=/.cyberghost.natado.com/8.8.8.8
server=/.dabr.mobi/8.8.8.8
server=/.dalianmeng.org/8.8.8.8
server=/.disp.cc/8.8.8.8
server=/.dongtaiwang.com/8.8.8.8
server=/.dropbox.com/8.8.8.8
server=/.echofon.com/8.8.8.8
server=/.embr.in/8.8.8.8
server=/.epochtimes.co.il/8.8.8.8
server=/.epochtimes.co.kr/8.8.8.8
server=/.epochtimes.com/8.8.8.8
server=/.epochtimes.de/8.8.8.8
server=/.epochtimes.jp/8.8.8.8
server=/.epochtimes.ru/8.8.8.8
server=/.facebook.com/8.8.8.8
server=/.falundafamuseum.org/8.8.8.8
server=/.fangongheike.com/8.8.8.8
server=/.fawanghuihui.org/8.8.8.8
server=/.fgmtv.net/8.8.8.8
server=/.fgmtv.org/8.8.8.8
server=/.focusvpn.com/8.8.8.8
server=/.free-ssh.com/8.8.8.8
server=/.freeopenvpn.com/8.8.8.8
server=/.gardennetworks.com/8.8.8.8
server=/.gdzf.org/8.8.8.8
server=/.getlantern.org/8.8.8.8
server=/.ggssl.com/8.8.8.8
server=/.github.com/8.8.8.8
server=/.gongm.in/8.8.8.8
server=/.gongminliliang.com/8.8.8.8
server=/.googlevideo.com/8.8.8.8
server=/.grandtrial.org/8.8.8.8
server=/.gravatar.com/8.8.8.8
server=/.greenvpn.net/8.8.8.8
server=/.guancha.org/8.8.8.8
server=/.hidden-advent.org/8.8.8.8
server=/.hidemyass.com/8.8.8.8
server=/.hnjhj.com/8.8.8.8
server=/.holyspiritspeaks.org/8.8.8.8
server=/.hootsuite.com/8.8.8.8
server=/.hrw.org/8.8.8.8
server=/.hua-yue.net/8.8.8.8
server=/.kanzhongguo.com/8.8.8.8
server=/.letscorp.net/8.8.8.8
server=/.linkideo.com/8.8.8.8
server=/.lvhai.org/8.8.8.8
server=/.macrovpn.com/8.8.8.8
server=/.mcfog.com/8.8.8.8
server=/.mhradio.org/8.8.8.8
server=/.minghui-a.org/8.8.8.8
server=/.minghui.org/8.8.8.8
server=/.mirrorbooks.com/8.8.8.8
server=/.myfreshnet.com/8.8.8.8
server=/.nanyang.com/8.8.8.8
server=/.nlfreevpn.com/8.8.8.8
server=/.ntdtv.ca/8.8.8.8
server=/.observechina.net/8.8.8.8
server=/.okayfreedom.com/8.8.8.8
server=/.omnitalk.com/8.8.8.8
server=/.open.com.hk/8.8.8.8
server=/.openvpn.net/8.8.8.8
server=/.orientaldaily.com.my/8.8.8.8
server=/.orzdream.com/8.8.8.8
server=/.owind.com/8.8.8.8
server=/.paperb.us/8.8.8.8
server=/.peacehall.com/8.8.8.8
server=/.percy.in/8.8.8.8
server=/.perfectvpn.net/8.8.8.8
server=/.privatetunnel.com/8.8.8.8
server=/.proxlet.com/8.8.8.8
server=/.proxy.org/8.8.8.8
server=/.psiphon.civisec.org/8.8.8.8
server=/.pubu.com.tw/8.8.8.8
server=/.puffinbrowser.com/8.8.8.8
server=/.qxbbs.org/8.8.8.8
server=/.ranyunfei.com/8.8.8.8
server=/.renminbao.com/8.8.8.8
server=/.savetibet.org/8.8.8.8
server=/.scmp.com/8.8.8.8
server=/.secretchina.com/8.8.8.8
server=/.securitykiss.com/8.8.8.8
server=/.shenzhoufilm.com/8.8.8.8
server=/.softether.co.jp/8.8.8.8
server=/.soundofhope.org/8.8.8.8
server=/.sthoo.com/8.8.8.8
server=/.taiwantp.net/8.8.8.8
server=/.tenacy.com/8.8.8.8
server=/.thepiratebay.org/8.8.8.8
server=/.tibet.net/8.8.8.8
server=/.tibet.org.tw/8.8.8.8
server=/.tibetanyouthcongress.org/8.8.8.8
server=/.tibetonline.com/8.8.8.8
server=/.torproject.org/8.8.8.8
server=/.tsunagarumon.com/8.8.8.8
server=/.twimbow.com/8.8.8.8
server=/.twitpic.com/8.8.8.8
server=/.twitter.com/8.8.8.8
server=/.twittercounter.com/8.8.8.8
server=/.twtrland.com/8.8.8.8
server=/.ultravpn.fr/8.8.8.8
server=/.ultraxs.com/8.8.8.8
server=/.upholdjustice.org/8.8.8.8
server=/.uyghuramerican.org/8.8.8.8
server=/.vft.com.tw/8.8.8.8
server=/.vpnfire.com/8.8.8.8
server=/.wangjinbo.org/8.8.8.8
server=/.washeng.net/8.8.8.8
server=/.wezhiyong.org/8.8.8.8
server=/.wsj.com/8.8.8.8
server=/.wujie.net/8.8.8.8
server=/.wujieliulan.com/8.8.8.8
server=/.xinsheng.net/8.8.8.8
server=/.xizang-zhiye.org/8.8.8.8
server=/.xpdo.net/8.8.8.8
server=/.yegle.net/8.8.8.8
server=/.youmaker.com/8.8.8.8
server=/.your-freedom.net/8.8.8.8
server=/.youtube.com/8.8.8.8
server=/.yuanming.net/8.8.8.8
server=/.yyii.org/8.8.8.8
server=/.zacebook.com/8.8.8.8
server=/.zhenlibu.info/8.8.8.8
server=/.zhuichaguoji.org/8.8.8.8
server=/.zmw.cn/8.8.8.8
server=/.dropbox.com/8.8.8.8
server=192.168.1.250

4. 修改/etc/rc.network配置文件

找到这一段

  if [ “${CONF_LIST}” = “” ]; then
return 1;
fi
if [ -e ${STATIC_HOST_CONF} ]; then
CONF_LIST=”${CONF_LIST} ${STATIC_HOST_CONF}”
fi

再两个if块中间插入这一行。。

local CONF_EXTRAS=”/volume1/doc/dnsmasq.conf”
if [ -e ${CONF_EXTRAS} ]; then
CONF_LIST=”${CONF_LIST} ${CONF_EXTRAS}”
fi

5.保存重启就好了。

 

发表评论

电子邮件地址不会被公开。 必填项已用*标注

此站点使用Akismet来减少垃圾评论。了解我们如何处理您的评论数据