企业内网DNS搭建,SmartDNS,网站访问加速,解决dns污染等问题
2024-04-10 22:27:26
smart安装链接
[https://github.com/pymumu/smartdns/releases](https://github.com/pymumu/smartdns/releases)
wget https://github.com/pymumu/smartdns/releases/download/all-best-ip/smartdns.1.2022.05.03-1046.x86_64-linux-all.tar.gz[root@localhost ~]# ls
anaconda-ks.cfg initial-setup-ks.cfg smartdns.1.2022.05.03-1046.x86_64-linux-all.tar.gz
[root@localhost ~]# tar zxf smartdns.1.2022.05.03-1046.x86_64-linux-all.tar.gz
[root@localhost ~]# tar zxf smartdns.1.2022.05.03-1046.x86_64-linux-all.tar.gz
[root@localhost ~]# cd smartdns
[root@localhost smartdns]# chmod +x ./install
[root@localhost smartdns]# ./install -i
install: 正在创建目录"/etc/smartdns"
"usr/sbin/smartdns" -> "/usr/sbin/smartdns"
"etc/smartdns/smartdns.conf" -> "/etc/smartdns/smartdns.conf"
"etc/default/smartdns" -> "/etc/default/smartdns"
"etc/init.d/smartdns" -> "/etc/init.d/smartdns"
"systemd/smartdns.service" -> "/usr/lib/systemd/system/smartdns.service"
Created symlink from /etc/systemd/system/smartdns.service to /usr/lib/systemd/system/smartdns.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/smartdns.service to /usr/lib/systemd/system/smartdns.service.
[root@localhost smartdns]# vi /etc/smartdns/smartdns.confsystemctl enable smartdns
systemctl start smartdns飞书收集
#飞书
.feishu.cn
.q9jvw0u5f5.feishu.cn
.ccm-frontier.feishu.cn
.internal-api.feishu.cn
.hryn145hsh.feishu.cn
.internal-api-drive-stream.feishu.cn
.internal-api-lark-api.feishu.cn
.slardar-bd.feishu.cn
.ccm-frontier-hl.feishu.cn
.mcs-bd.feishu.cn
.feishucdn.com
.sf3-scmcdn2-cn.feishucdn.com
.s1-imfile.feishucdn.com
.sf6-scmcdn-cn.feishucdn.com
.ai.feishu.com
.lf9-img-sign.bytehwm.com
.lf3-short.ibytedapm.com
.mon.zijieapi.com
#百度
.baidu.com
#京东
.jd.com
#阿里
#淘宝
.taobao.com
#wechat
.weixin.qq.com
.qq.com
.wechat.com
.wx.qq.com
#csdn
.csdn.net 配置文件
vi /etc/smartdns/smartdns.conf# dns server name, default is host name
# server-name,
# example:
server-name smartdns1
## Include another configuration options
# conf-file [file]
# conf-file blacklist-ip.conf# dns server bind ip and port, default dns server port is 53, support binding multi ip and port
# bind udp server
# bind [IP]:[port] [-group [group]] [-no-rule-addr] [-no-rule-nameserver] [-no-rule-ipset] [-no-speed-check] [-no-cache] [-no-rule-soa] [-no-dualstack-selection]
# bind tcp server
# option:
# -group: set domain request to use the appropriate server group.
# -no-rule-addr: skip address rule.
# -no-rule-nameserver: skip nameserver rule.
# -no-rule-ipset: skip ipset rule.
# -no-speed-check: do not check speed.
# -no-cache: skip cache.
# -no-rule-soa: Skip address SOA(#) rules.
# -no-dualstack-selection: Disable dualstack ip selection.
# -force-aaaa-soa: force AAAA query return SOA.
# example:
# IPV4:
# bind :53
# bind :6053 -group office -no-speed-check
# IPV6:
# bind [::]:53
# bind-tcp [::]:53
bind [::]:53# tcp connection idle timeout
# tcp-idle-time [second]# dns cache size
# cache-size [number]
# 0: for no cache
cache-size 4096# enable persist cache when restart
# cache-persist yes# cache persist file
# cache-file /tmp/smartdns.cache# prefetch domain
# prefetch-domain [yes|no]
#启用域名预获取
prefetch-domain yes# cache serve expired
# serve-expired [yes|no]
#启用过期缓存服务
serve-expired yes# cache serve expired TTL
# serve-expired-ttl [num]
#
serve-expired-ttl 0# reply TTL value to use when replying with expired data
# serve-expired-reply-ttl [num]
# serve-expired-reply-ttl 30# List of hosts that supply bogus NX domain results
# bogus-nxdomain [ip/subnet]# List of IPs that will be filtered when nameserver is configured -blacklist-ip parameter
# blacklist-ip [ip/subnet]# List of IPs that will be accepted when nameserver is configured -whitelist-ip parameter
# whitelist-ip [ip/subnet]# List of IPs that will be ignored
# ignore-ip [ip/subnet]# speed check mode
# speed-check-mode [ping|tcp:port|none|,]
# example:
#测速模式选择,一般只检测两种协议
# speed-check-mode ping,tcp:80speed-check-mode tcp:443,ping
# speed-check-mode none# force AAAA query return SOA
# force-AAAA-SOA [yes|no]
#禁用IPV6解析
force-AAAA-SOA yes# force specific qtype return soa
# force-qtype-SOA [qtypeid |...]
# force-qtype-SOA 65 28# Enable IPV4, IPV6 dual stack IP optimization selection strategy
# dualstack-ip-selection-threshold [num] (0~1000)
# dualstack-ip-selection [yes|no]
dualstack-ip-selection no# edns client subnet
# edns-client-subnet [ip/subnet]
# edns-client-subnet 192.168.1.1/24
# edns-client-subnet [8::8]/56# ttl for all resource record
# rr-ttl: ttl for all record
# rr-ttl-min: minimum ttl for resource record
# rr-ttl-max: maximum ttl for resource record
# tr-ttl-reply-max: maximum reply ttl for resource record
# example:
#设置TTL最小值和最大值
#rr-ttl 300
rr-ttl-min 60
rr-ttl-max 86400
# rr-ttl-reply-max 60# set log level
# log-level: [level], level=fatal, error, warn, notice, info, debug
# log-file: file path of log file.
# log-size: size of each log file, support k,m,g
log-num: number of logs
log-level info
log-file /var/log/smartdns.log
log-size 128k
# dns audit
# audit-enable [yes|no]: enable or disable audit.
# audit-enable yes
# audit-SOA [yes|no]: enable or disable log soa result.
# audit-size size of each audit file, support k,m,g
# audit-file /var/log/smartdns-audit.log
# audit-size 128k
# audit-num 2# certificate file
# ca-file [file]
# ca-file /etc/ssl/certs/ca-certificates.crt# certificate path
# ca-path [path]
# ca-path /etc/ss/certs# remote udp dns server list
# server [IP]:[PORT] [-blacklist-ip] [-whitelist-ip] [-check-edns] [-group [group] ...] [-exclude-default-group]
# default port is 53
# -blacklist-ip: filter result with blacklist ip
# -whitelist-ip: filter result whth whitelist ip, result in whitelist-ip will be accepted.
# -check-edns: result must exist edns RR, or discard result.
# -group [group]: set server to group, use with nameserver /domain/group.
# -exclude-default-group: exclude this server from default group.
# server 8.8.8.8 -blacklist-ip -check-edns -group g1 -group g2#飞书
server 114.114.114.114 -group feishu -exclude-default-group
nameserver /.feishu.cn/feishu
nameserver /.feishucdn.com/feishu
nameserver /.feishu.com/feishu
nameserver /.bytehwm.com/feishu
nameserver /.ibytedapm.com/feishu
nameserver /.zijieapi.com/feishu
nameserver /.feelgood.cn/feishu
# 百度
server 114.114.114.114 -group baidu -exclude-default-group
nameserver /.baidu.com/baidu
#京东
server 114.114.114.114 -group jd -exclude-default-group
nameserver /.jd.com/jd
#淘宝天猫
server 114.114.114.114 -group taobao -exclude-default-group
nameserver /.taobao.com/taobao
nameserver /.tmall.com/taobao
#阿里
server 114.114.114.114 -group ali -exclude-default-group
nameserver /.aliyun.com/ali
#csdn
server 114.114.114.114 -group csdn -exclude-default-group
nameserver /.csdn.net/csdn
#华为
server 114.114.114.114 -group huawei -exclude-default-group
nameserver /.huaweicloud.com/huawei
#todesk
server 114.114.114.114 -group todesk -exclude-default-group
nameserver /.todesk.com/todesk
#QQ
server 114.114.114.114 -group qq -exclude-default-group
nameserver /.qq.com/qq# remote tcp dns server list
# server-tcp [IP]:[PORT] [-blacklist-ip] [-whitelist-ip] [-group [group] ...] [-exclude-default-group]
# default port is 53
# server-tcp 8.8.8.8
server 8.8.8.8
server 8.8.4.4
##server 120.53.129.197
##server 124.70.4.50# remote tls dns server list
# server-tls [IP]:[PORT] [-blacklist-ip] [-whitelist-ip] [-spki-pin [sha256-pin]] [-group [group] ...] [-exclude-default-group]
# -spki-pin: TLS spki pin to verify.
# -tls-host-verify: cert hostname to verify.
# -host-name: TLS sni hostname.
# -no-check-certificate: no check certificate.
# Get SPKI with this command:
# default port is 853
server-tls 8.8.8.8
server-tls 1.0.0.1# remote https dns server list
# server-https https://[host]:[port]/path [-blacklist-ip] [-whitelist-ip] [-spki-pin [sha256-pin]] [-group [group] ...] [-exclude-default-group]
# -spki-pin: TLS spki pin to verify.
# -tls-host-verify: cert hostname to verify.
# -host-name: TLS sni hostname.
# -http-host: http host.
# -no-check-certificate: no check certificate.
# default port is 443
server-https https://cloudflare-dns.com/dns-query# specific nameserver to domain
# nameserver /domain/[group|-]
# nameserver /www.example.com/office, Set the domain name to use the appropriate server group.
# nameserver /www.example.com/-, ignore this domain# specific address to domain
# address /domain/[ip|-|-4|-6|#|#4|#6]
# address /www.example.com/1.2.3.4, return ip 1.2.3.4 to client
# address /www.example.com/-, ignore address, query from upstream, suffix 4, for ipv4, 6 for ipv6, none for all
# address /www.example.com/#, return SOA to client, suffix 4, for ipv4, 6 for ipv6, none for all# enable ipset timeout by ttl feature
# ipset-timeout [yes]# specific ipset to domain
# ipset /domain/[ipset|-]
# ipset /www.example.com/block, set ipset with ipset name of block
# ipset /www.example.com/-, ignore this domain# set domain rules
# domain-rules /domain/ [-speed-check-mode [...]]
# rules:
# [-c] -speed-check-mode [mode]: speed check mode
# speed-check-mode [ping|tcp:port|none|,]
# [-a] -address [address|-]: same as address option
# [-n] -nameserver [group|-]: same as nameserver option
# [-p] -ipset [ipset|-]: same as ipset option
# [-d] -dualstack-ip-selection [yes|no]: same as dualstack-ip-selection option
企业内网DNS搭建,SmartDNS,网站访问加速,解决dns污染等问题相关推荐
- Python10行代码制作企业内网IP地址查询网站
企业内部您是否遇到过IP无法定位和查询的情况,而网络和运维的部分平台不便开放给其他用户.所以本次搭建简单的IP查询网站给普通用户使用, 环境: 1.mongodb(可使用其他数据库),数据库安装可自行 ...
- 一张图告诉你,如何渗入企业内网
渗入企业内网,成功获得起始攻击点,这就是一个很有意思的话题,因为有各种有趣的攻击方式. 对攻击者来说,攻击是一种成本,选择一条成功率高的攻击路径尤为重要,这个路径就是一种攻击策略.而对于防守方来说,熟 ...
- 网站访问慢解决思路详细图解
老男孩老师讲授网站访问慢解决思路思想,感谢21期的李同学图解呈现,此图才能与大家见面! 如果看着小,单击还原大图,可清晰查看!本图为亿图制作:亿图使用技巧: http://v.youku.com/v_ ...
- DNS服务——搭建企业内网DNS服务器的作用
前言 DNS服务--服务端 和 客户端 配置 介绍了如何在DNS安装DNS服务,更改一下配置文件就可以依据根提示解析全球域名.既然使用互联网上的DNS服务器就可以解析全球域名,为何还要自掏腰包搭建DN ...
- “花生壳”实现内网穿透搭建个人网站
我们先简单介绍一下内网穿透,也叫 NAT 穿透,进行 NAT 穿透是为了使具有某一个特定源 IP 地址和源端口号的数据包不被 NAT 设备屏蔽而正确路由到内网主机,在目前国内的内网穿透工具很多,比如花 ...
- 提升网络安全 十大策略全面巩固企业内网
几乎所有企业对于网络安全的重视程度一下子提高了,纷纷采购防火墙等设备希望堵住来自Internet的不安全因素.然而,Intranet内部的攻击和入侵却依然猖狂.事实证明,公司内部的不安全因素远比外部的 ...
- shchangenotifyregister 监视子文件夹文件改变_真假文件夹?FakeFolder病毒再次捣乱企业内网...
1. 背景概述 近期,深信服安全团队接到客户反馈,内网中出现了大量伪造成文件夹的可疑exe文件,删掉以后仍会反复.经深信服安全团队分析发现,这是一个蠕虫病毒FakeFolder,该病毒会通过U盘及共享 ...
- 企业内网H3C华三AC配置802.1x认证方案
IEEE 802.1X标准定义了基于客户端和服务器的访问控制和身份验证协议,因其经过数据链路层加密,因此常用于企业内部的员工上网认证场景,无论是有线网或是WiFi无线网均可实现802.1X认证.以H3 ...
- 保护网站访问安全--阿里云DNS正式支持DNSSEC
近日,云解析DNS正式发布DNSSEC(Domain Name System Security Extensions)功能.DNSSEC功能的发布,意味着云解析DNS在保护网站访问安全的方面,又前进了 ...
- GitHub搭建个人网站
GitHub免费搭建个人网站 学习前端的人应该知道,开始学习前端时,心里想的肯定是我一定要给自己做一个的非常棒的网站,学完之后网站做好了,但是要怎么上线呢??? 作为一个前端,拥有有自己的个人网站,算 ...
最新文章
- Protractor测试环境搭建
- 用C#使用HttpWebRequest Post数据时如何保持Session
- leetcode 191. Number of 1 Bits
- html字体颜色自动变化,js设置字体颜色_自动改变文字大小和颜色的js代码分享
- VTK:Utilities之TimerLog
- Framework Design Studio 发布了
- 使用Jenkins来发布和代理.NetCore项目
- 无返回值_只需一步,在Spring Boot中统一Restful API返回值格式与处理异常
- [Unity] FlowCanvas 使用注意事项
- Java中数据类型转换大全(个人总结)
- 【Vue2.0】—Vue脚手架配置代理(二十二)
- JavaScript的类型转换
- Excel(XLS,XLSX)和CSV相互转换 - C#简单实现方案
- 图灵测试其实已经过时了
- 使用Rasterio读取栅格数据
- 计算机科学编辑部态度,计算机科学期刊介绍--各种杂志投稿方式与评价(转)...
- 一道简简单单的字节跳动算法面试题
- Linux系统中的mount挂载命令及参数详解
- 未来的房子果真“白菜价”,当代青年应以何种心态面对买房
- 端到端OCR-ABCNet论文笔记