esxi快速安装linux与mosdns
下载镜像
ubuntu镜像官方下载站 https://cloud-images.ubuntu.com/
创建虚拟机
修改配置文件
guestinfo.userdata.encoding base64
guestinfo.userdata
I2Nsb3VkLWNvbmZpZwp1c2VyczoKIyDnlKjmiLflkI0KICAtIG5hbWU6IG1hYwogICAgZ3JvdXBzOiBzdWRvCiAgICBzdWRvOiBbJ0FMTD0oQUxMKSBOT1BBU1NXRDpBTEwnXQogICAgIyDlr4bnoIEKICAgIHBsYWluX3RleHRfcGFzc3dkOiAnMTIzNDUnCiAgICBsb2NrX3Bhc3N3ZDogZmFsc2UKICAgICNzc2gg5YWs6ZKl
#cloud-config
users:
# 用户名
- name: mac
groups: sudo
sudo: ['ALL=(ALL) NOPASSWD:ALL']
# 密码
plain_text_passwd: '12345'
lock_passwd: false
#ssh 公钥开启ssh登录
sudo -i
passwd
# 设置root账户密码
nano /etc/ssh/sshd_config
#PermitRootLogin prohibit-password
# 修改为
PermitRootLogin yes
linux操作
系统必要性更新
apt update
apt install curl unzip -y
# 修改时间
timedatectl set-timezone Asia/Shanghai
echo "zh_CN.UTF-8 UTF-8" >> /etc/locale.gen
# 修改中文
dpkg-reconfigure locales
# 指定本地语言
reboot
apt update
# 验证中文设置是否生效修改固定ip
进入/etc/netplan文件夹
network:
ethernets:
ens192:
addresses:
- 192.168.16.8/24
routes:
- to: 0.0.0.0/0
via: 192.168.16.5
nameservers:
addresses: [192.168.16.2]
match:
macaddress: 00:0c:29:34:70:3c
set-name: eth0
version: 2
netplan apply53端口解绑
为了方便直接使用本机的53端口进行解析,需要进行端口绑定解除。
lsof -i:53
nano /etc/systemd/resolved.conf
DNSStubListener=no # 找到这句话, 去了# , yes 改到 no
sudo systemctl reload-or-restart systemd-resolved
lsof -i:53
#建议进行快照mosdns 安装过程
# 挂载运行目录
mkdir /etc/mosdns
cd /home
# 解压至指定目录
unzip mosdns-linux-amd64.zip -d /etc/mosdns
# 进入运行文件夹
cd /etc/mosdns
# 赋予可执行权限
chmod +x mosdns
# 复制到存放自定义或第三方安装的可执行程序的文件夹
cp mosdns /usr/local/bin
# 返回根目录
cd /
# 进入启动目录
cd /etc/systemd/system/
# 创建启动服务
touch mosdns.service
# 编辑启动文件内容
nano mosdns.service
[Unit]
Description=mosdns daemon, DNS server.
After=network-online.target
[Service]
Type=simple
Restart=always
ExecStart=/usr/local/bin/mosdns start -c /etc/mosdns/config.yaml -d /etc/mosdns
[Install]
WantedBy=multi-user.target
mkdir /etc/mosdns/rule
touch /etc/mosdns/rule/{whitelist,blocklist,greylist,ddnslist,hosts,redirect,adlist,localptr}.txt基础规则复制
需增加内容
在 blocklist 中增加内容,进行优化
keyword:.localdomain
domain:in-addr.arpa
domain:ip6.arpa在 localptr. txt 中增加一下内容,进行查询优化
# block all PTR requests
domain:in-addr.arpa
domain:ip6.arpa在 whitelist. txt 文件中,增加以下内容,进行查询优化
domain:push-apple.com.akadns.net
domain:push.apple.com
domain:iphone-ld.apple.com
domain:lcdn-locator.apple.com
domain:lcdn-registration.apple.com
domain:cn-ssl.ls.apple.com
domain:time.apple.com
domain:store.ui.com.cn
domain:amd.com
domain:msftncsi.com
domain:msftconnecttest.com
domain:office.com
domain:office365.com配置文件内容
以下配置文件为 fakeip 模式+远程 DNS 真实IP解析
log:
level: info
file: "/etc/mosdns/mosdns.log"
api:
http: "0.0.0.0:8338"
include: []
plugins:
- tag: geosite_cn
type: domain_set
args:
files:
- "/etc/mosdns/geosite_cn.txt"
- tag: geoip_cn
type: ip_set
args:
files:
- "/etc/mosdns/geoip_cn.txt"
- tag: geosite_no_cn
type: domain_set
args:
files:
- "/etc/mosdns/geosite_geolocation_noncn.txt"
- tag: whitelist
type: domain_set
args:
files:
- "/etc/mosdns/rule/whitelist.txt"
- tag: blocklist
type: domain_set
args:
files:
- "/etc/mosdns/rule/blocklist.txt"
- tag: greylist
type: domain_set
args:
files:
- "/etc/mosdns/rule/greylist.txt"
- tag: ddnslist
type: domain_set
args:
files:
- "/etc/mosdns/rule/ddnslist.txt"
- tag: hosts
type: hosts
args:
files:
- "/etc/mosdns/rule/hosts.txt"
- tag: redirect
type: redirect
args:
files:
- "/etc/mosdns/rule/redirect.txt"
- tag: adlist
type: domain_set
args:
files:
- "/etc/mosdns/rule/adlist.txt"
- tag: local_ptr
type: domain_set
args:
files:
- "/etc/mosdns/rule/localptr.txt"
- tag: lazy_cache
type: cache
args:
size: 32768
lazy_cache_ttl: 86400
dump_file: /etc/mosdns/cache.dump
dump_interval: 3600
- tag: reject_3
type: sequence
args:
- exec: reject 3
- tag: reject_blocklist
type: sequence
args:
- exec: query_summary reject_blocklist
- exec: $reject_3
- tag: reject_adlist
type: sequence
args:
- exec: query_summary reject_adlist
- exec: $reject_3
- tag: reject_ptrlist
type: sequence
args:
- exec: query_summary reject_ptrlist
- exec: $reject_3
- tag: reject_qtype65
type: sequence
args:
- exec: query_summary reject_qtype65
- exec: $reject_3
- tag: forward_local
type: forward
args:
concurrent: 1
upstreams:
- addr: udp://223.5.5.5:53
enable_pipeline: false
insecure_skip_verify: false
idle_timeout: 10
enable_http3: false
- tag: forward_remote
type: forward
args:
concurrent: 1
upstreams:
- addr: udp://192.168.6.15:6666
enable_pipeline: false
insecure_skip_verify: false
idle_timeout: 10
enable_http3: false
- tag: forward_cf
type: forward
args:
concurrent: 1
upstreams:
- addr: tls://1.1.1.1:853
enable_pipeline: true
insecure_skip_verify: false
idle_timeout: 30
enable_http3: false
- tag: modify_ttl
type: sequence
args:
- exec: ttl 0-0
- tag: modify_ddns_ttl
type: sequence
args:
- exec: ttl 5-5
- tag: local_sequence
type: sequence
args:
- exec: query_summary forward_local
- exec: prefer_ipv4
- exec: $forward_local
- tag: remote_sequence
type: sequence
args:
- exec: query_summary forward_remote
- exec: prefer_ipv4
- exec: $forward_remote
- tag: forward_cf_upstream
type: sequence
args:
- exec: query_summary forward_cf
- exec: prefer_ipv4
- exec: $forward_cf
- tag: has_resp_sequence
type: sequence
args:
- matches: qname $ddnslist
exec: $modify_ddns_ttl
- matches: "!qname $ddnslist"
exec: $modify_ttl
- matches: has_resp
exec: accept
- tag: query_is_ddns_domain
type: sequence
args:
- matches: qname $ddnslist
exec: $local_sequence
- tag: query_is_local_domain
type: sequence
args:
- matches: qname $geosite_cn
exec: $local_sequence
- tag: query_is_no_local_domain
type: sequence
args:
- matches: qname $geosite_no_cn
exec: $remote_sequence
- tag: query_is_whitelist_domain
type: sequence
args:
- matches: qname $whitelist
exec: $local_sequence
- tag: query_is_greylist_domain
type: sequence
args:
- matches: qname $greylist
exec: $remote_sequence
- tag: query_is_reject_domain
type: sequence
args:
- matches: qname $blocklist
exec: $reject_blocklist
- matches: qname $adlist
exec: $reject_adlist
- matches:
- qtype 12
- qname $local_ptr
exec: $reject_ptrlist
- matches: qtype 65
exec: $reject_qtype65
- tag: fallback_sequence
type: sequence
args:
- exec: $forward_cf_upstream
- matches: "rcode 2"
exec: goto local_sequence
- matches: "resp_ip $geoip_cn"
exec: goto local_sequence
- matches: "!resp_ip $geoip_cn"
exec: goto remote_sequence
- tag: main_sequence
type: sequence
args:
- exec: metrics_collector metrics
- exec: $hosts
- exec: jump has_resp_sequence
- matches:
- "!qname $ddnslist"
- "!qname $blocklist"
- "!qname $adlist"
- "!qname $local_ptr"
exec: $lazy_cache
- exec: $redirect
- exec: jump has_resp_sequence
- exec: $query_is_ddns_domain
- exec: jump has_resp_sequence
- exec: $query_is_whitelist_domain
- exec: jump has_resp_sequence
- exec: $query_is_reject_domain
- exec: jump has_resp_sequence
- exec: $query_is_greylist_domain
- exec: jump has_resp_sequence
- exec: $query_is_local_domain
- exec: jump has_resp_sequence
- exec: $query_is_no_local_domain
- exec: jump has_resp_sequence
- exec: $fallback_sequence
- tag: udp_server
type: udp_server
args:
entry: main_sequence
listen: ":53"
- tag: tcp_server
type: tcp_server
args:
entry: main_sequence
listen: ":53"
服务启动
开启并运行mosdns
systemctl enable mosdns --now
systemctl status mosdns复制规则更新脚本文件至程序文件夹
chmod +x mos_rule_update.sh
#赋予可执行权限
./mos_rule_update.sh
# 测试运行
规则更新脚本与日志清零脚本
crontab -e
# 定时执行任务
0 0 * * 0 sudo truncate -s 0 /etc/mosdns/mosdns.log && /etc/mosdns/mos_rule_update.sh
关于支持
如果感觉折腾日记的教程写的不错,请在视频下转评赞,鼓励一下。
如果支持折腾日记更多的创作有趣的教程,可以小小打赏一下,感谢各位来自五湖四海的朋友。
当然,折腾日记的讨论组,非常期待您的加入!
本博客所有文章除特别声明外,均采用 CC BY-NC-SA 4.0 许可协议。转载请注明来自 孔昊天的折腾日记!
评论