PVE LXC 安装

linux操作

apt update 
apt upgrade -y
reboot

53端口解绑


nano /etc/systemd/resolved.conf
DNSStubListener=no        # 找到这句话， 去了# ， yes 改到 no
sudo systemctl reload-or-restart systemd-resolved

时间修改

# 修改时间
dpkg-reconfigure tzdata
# 改到 Asian/Shanghai

mosdns 安装过程

# 核心下载
wget https://github.com/IrineSistiana/mosdns/releases/download/v5.3.1/mosdns-linux-amd64.zip
# 挂载运行目录
mkdir /etc/mosdns
# 安装解压软件
apt install unzip
# 解压至指定目录
unzip mosdns-linux-amd64.zip -d /etc/mosdns
# 进入运行文件夹
cd /etc/mosdns
# 赋予可执行权限
chmod +x mosdns
# 复制到存放自定义或第三方安装的可执行程序的文件夹
cp mosdns /usr/local/bin

# 返回根目录
cd /
# 进入启动目录
cd /etc/systemd/system/
# 创建启动服务
touch mosdns.service
# 编辑启动文件内容
nano mosdns.service
================================================================================
[Unit]
Description=mosdns daemon, DNS server.
After=network-online.target

[Service]
Type=simple
Restart=always
ExecStart=/usr/local/bin/mosdns start -c /etc/mosdns/config.yaml -d /etc/mosdns

[Install]
WantedBy=multi-user.target
==============================================================================

# geoip_cn.txt中只有 V4 的地址， V6 的地址另外会提供， 并直接复制黏贴到geoip_cn 文件V4 下面就可以了
# 安装curl工具
apt install curl
# 下载相关规则文件
curl https://raw.githubusercontent.com/Loyalsoldier/v2ray-rules-dat/release/direct-list.txt > /etc/mosdns/geosite_cn.txt
curl https://raw.githubusercontent.com/Hackl0us/GeoIP2-CN/release/CN-ip-cidr.txt > /etc/mosdns/geoip_cn.txt
curl https://raw.githubusercontent.com/Loyalsoldier/v2ray-rules-dat/release/proxy-list.txt > /etc/mosdns/geosite_geolocation_noncn.txt
curl https://raw.githubusercontent.com/Loyalsoldier/v2ray-rules-dat/release/gfw.txt > /etc/mosdns/gfw.txt

#  在/etc/mosdns/rule 下新建这些文件
#  一些必须添加的list， 会另外文件提供 （ 其中whitelist 和localptr 必须添加 ， 直接黏贴复制到对用文件夹就可以了 ） ， blocklist 是主路由为OPN 时必须添加的， 并且必须和OPN 中 系统：设置：常规中的域 保持一致。 
#  在 fake 的结构里面， 在域名表 不全的前提下， 白名单就是 强制直连的real IP ， 灰名单就是 走 fake 的名单， 这些是对于域名表的补充或者说是修正 

# 创建相关规则库，whitelist为国内dns解析
# greylist.txt为远程dns解析
# ddns会增加ttl标记，快速完成ddns解析ip地址更换
mkdir /etc/mosdns/rule
cd /etc/mosdns/rule
touch whitelist.txt
touch blocklist.txt
touch greylist.txt
touch ddnslist.txt
touch hosts.txt
touch redirect.txt 
touch adlist.txt
touch localptr.txt

# 开启并运行mosdns
systemctl enable mosdns --now 
systemctl status mosdns

需增加内容

在 blocklist 中增加内容，进行优化

keyword:.localdomain

在 localptr.txt 中增加一下内容，进行查询优化

# block all PTR requests
domain:in-addr.arpa
domain:ip6.arpa

在 whitelist. txt 文件中，增加以下内容，进行查询优化

domain:push-apple.com.akadns.net
domain:push.apple.com
domain:iphone-ld.apple.com
domain:lcdn-locator.apple.com
domain:lcdn-registration.apple.com
domain:cn-ssl.ls.apple.com
domain:time.apple.com
domain:store.ui.com.cn
domain:amd.com
domain:msftncsi.com
domain:msftconnecttest.com
domain:office.com
domain:office365.com

配置文件内容

以下为 O 大原教程提到内容，适用于双 adg 解析的方式，这样会添加对应的 ui，方便观察本地 dns 解析与远程 dns 解析

# MOSDNS 建立在PVE LXC 中 ，在 LXC 中分别填入 V4 和 V6 的固定IP （ 其中V6 的IP 以 dc00:: ) , 网关为SINGBOX 的 IP （ 其中SINGBOX V6 的地址 在OPN 路由通告设置完后 ， SSH 打 ip a 找到inet6 地址就是了）
# 下面这两个IP 需要更换为自己的配置
  - tag: forward_local
    type: forward
    args:
      concurrent: 1
      upstreams:
        - addr: 10.0.0.203:6666    # 国内解析上游 ， 可以是主路由 53 端口 ， 可以是AD 的IP ， 我这个是OPN 中的AD ，目标要求就是上游必须直连 
          enable_pipeline: false
          insecure_skip_verify: false
          idle_timeout: 30
          enable_http3: false

  - tag: forward_remote
    type: forward
    args:
      concurrent: 1
      upstreams:
        - addr: 10.0.0.250:6666   # 国外解析fake上游 ， 这个配合SINGBOX 配置文件的入站6666 端口 ， singbox 配置文件另外文件说明 
          enable_pipeline: false
          insecure_skip_verify: false
          idle_timeout: 30
          enable_http3: false

以下为 mosdns 配置文件信息


============================================================================================
log:
  level: info
  file: "/etc/mosdns/mosdns.log"

api:
  http: "0.0.0.0:8338"

include: []

plugins:
  - tag: geosite_cn
    type: domain_set
    args:
      files:
        - "/etc/mosdns/geosite_cn.txt"

  - tag: geoip_cn
    type: ip_set
    args:
      files:
        - "/etc/mosdns/geoip_cn.txt"

  - tag: geosite_no_cn
    type: domain_set
    args:
      files:
        - "/etc/mosdns/geosite_geolocation_noncn.txt"

  - tag: whitelist
    type: domain_set
    args:
      files:
        - "/etc/mosdns/rule/whitelist.txt"

  - tag: blocklist
    type: domain_set
    args:
      files:
        - "/etc/mosdns/rule/blocklist.txt"

  - tag: greylist
    type: domain_set
    args:
      files:
        - "/etc/mosdns/rule/greylist.txt"

  - tag: ddnslist
    type: domain_set
    args:
      files:
        - "/etc/mosdns/rule/ddnslist.txt"

  - tag: hosts
    type: hosts
    args:
      files:
        - "/etc/mosdns/rule/hosts.txt"

  - tag: redirect
    type: redirect
    args:
      files:
        - "/etc/mosdns/rule/redirect.txt"

  - tag: adlist
    type: domain_set
    args:
      files:
        - "/etc/mosdns/rule/adlist.txt"

  - tag: local_ptr
    type: domain_set
    args:
      files:
        - "/etc/mosdns/rule/localptr.txt"

  - tag: lazy_cache
    type: cache
    args:
      size: 32768
      lazy_cache_ttl: 86400
      dump_file: /etc/mosdns/cache.dump
      dump_interval: 3600

  - tag: reject_3
    type: sequence
    args:
      - exec: reject 3

  - tag: reject_blocklist
    type: sequence
    args:
      - exec: query_summary reject_blocklist
      - exec: $reject_3

  - tag: reject_adlist
    type: sequence
    args:
      - exec: query_summary reject_adlist
      - exec: $reject_3

  - tag: reject_ptrlist
    type: sequence
    args:
      - exec: query_summary reject_ptrlist
      - exec: $reject_3

  - tag: reject_qtype65
    type: sequence
    args:
      - exec: query_summary reject_qtype65
      - exec: $reject_3

  - tag: forward_local
    type: forward
    args:
      concurrent: 1
      upstreams:
        - addr: 10.0.0.203:6666
          enable_pipeline: false
          insecure_skip_verify: false
          idle_timeout: 30
          enable_http3: false

  - tag: forward_remote
    type: forward
    args:
      concurrent: 1
      upstreams:
        - addr: 10.0.0.250:6666
          enable_pipeline: false
          insecure_skip_verify: false
          idle_timeout: 30
          enable_http3: false

  - tag: forward_cf
    type: forward
    args:
      concurrent: 1
      upstreams:
        - addr: tls://1.1.1.1:853
          enable_pipeline: true
          insecure_skip_verify: false
          idle_timeout: 30
          enable_http3: false 

  - tag: modify_ttl
    type: sequence
    args:
      - exec: ttl 0-0

  - tag: modify_ddns_ttl
    type: sequence
    args:
      - exec: ttl 5-5

  - tag: local_sequence
    type: sequence
    args:
      - exec: query_summary forward_local
      - exec: $forward_local

  - tag: remote_sequence
    type: sequence
    args:
      - exec: query_summary forward_remote
      - exec: $forward_remote

  - tag: forward_cf_upstream
    type: sequence
    args:
      - exec: query_summary forward_cf
      - exec: $forward_cf  

  - tag: has_resp_sequence
    type: sequence
    args:
      - matches: qname $ddnslist
        exec: $modify_ddns_ttl
      - matches: "!qname $ddnslist"
        exec: $modify_ttl
      - matches: has_resp
        exec: accept

  - tag: query_is_ddns_domain
    type: sequence
    args:
      - matches: qname $ddnslist
        exec: $local_sequence

  - tag: query_is_local_domain
    type: sequence
    args:
      - matches: qname $geosite_cn
        exec: $local_sequence

  - tag: query_is_no_local_domain
    type: sequence
    args:
      - matches: qname $geosite_no_cn
        exec: $remote_sequence

  - tag: query_is_whitelist_domain
    type: sequence
    args:
      - matches: qname $whitelist
        exec: $local_sequence

  - tag: query_is_greylist_domain
    type: sequence
    args:
      - matches: qname $greylist
        exec: $remote_sequence

  - tag: query_is_reject_domain
    type: sequence
    args:
      - matches: qname $blocklist
        exec: $reject_blocklist
      - matches: qname $adlist
        exec: $reject_adlist
      - matches:
        - qtype 12
        - qname $local_ptr
        exec: $reject_ptrlist
      - matches: qtype 65
        exec: $reject_qtype65

  - tag: fallback_sequence
    type: sequence
    args:
      - exec: $forward_cf_upstream
      - matches: "rcode 2"
        exec: goto local_sequence
      - matches: "resp_ip $geoip_cn"
        exec: goto local_sequence
      - matches: "!resp_ip $geoip_cn"
        exec: goto remote_sequence

  - tag: main_sequence
    type: sequence
    args:
      - exec: metrics_collector metrics
      - exec: $hosts
      - exec: jump has_resp_sequence
      - matches:
        - "!qname $ddnslist"
        - "!qname $blocklist"
        - "!qname $adlist"
        - "!qname $local_ptr"
        exec: $lazy_cache
      - exec: $redirect
      - exec: jump has_resp_sequence
      - exec: $query_is_ddns_domain
      - exec: jump has_resp_sequence
      - exec: $query_is_whitelist_domain
      - exec: jump has_resp_sequence
      - exec: $query_is_reject_domain
      - exec: jump has_resp_sequence
      - exec: $query_is_greylist_domain
      - exec: jump has_resp_sequence
      - exec: $query_is_local_domain
      - exec: jump has_resp_sequence
      - exec: $query_is_no_local_domain
      - exec: jump has_resp_sequence
      - exec: $fallback_sequence

  - tag: udp_server
    type: udp_server
    args:
      entry: main_sequence
      listen: ":53"

  - tag: tcp_server
    type: tcp_server
    args:
      entry: main_sequence
      listen: ":53"

以下配置文件为 fakeip 模式+远程 DNS 解析

log:
  level: info
  file: "/etc/mosdns/mosdns.log"

api:
  http: "0.0.0.0:8338"

include: []

plugins:
  - tag: geosite_cn
    type: domain_set
    args:
      files:
        - "/etc/mosdns/geosite_cn.txt"

  - tag: geoip_cn
    type: ip_set
    args:
      files:
        - "/etc/mosdns/geoip_cn.txt"

  - tag: geosite_no_cn
    type: domain_set
    args:
      files:
        - "/etc/mosdns/geosite_geolocation_noncn.txt"

  - tag: whitelist
    type: domain_set
    args:
      files:
        - "/etc/mosdns/rule/whitelist.txt"

  - tag: blocklist
    type: domain_set
    args:
      files:
        - "/etc/mosdns/rule/blocklist.txt"

  - tag: greylist
    type: domain_set
    args:
      files:
        - "/etc/mosdns/rule/greylist.txt"

  - tag: ddnslist
    type: domain_set
    args:
      files:
        - "/etc/mosdns/rule/ddnslist.txt"

  - tag: hosts
    type: hosts
    args:
      files:
        - "/etc/mosdns/rule/hosts.txt"

  - tag: redirect
    type: redirect
    args:
      files:
        - "/etc/mosdns/rule/redirect.txt"

  - tag: adlist
    type: domain_set
    args:
      files:
        - "/etc/mosdns/rule/adlist.txt"

  - tag: local_ptr
    type: domain_set
    args:
      files:
        - "/etc/mosdns/rule/localptr.txt"

  - tag: lazy_cache
    type: cache
    args:
      size: 32768
      lazy_cache_ttl: 86400
      dump_file: /etc/mosdns/cache.dump
      dump_interval: 3600

  - tag: reject_3
    type: sequence
    args:
      - exec: reject 3

  - tag: reject_blocklist
    type: sequence
    args:
      - exec: query_summary reject_blocklist
      - exec: $reject_3

  - tag: reject_adlist
    type: sequence
    args:
      - exec: query_summary reject_adlist
      - exec: $reject_3

  - tag: reject_ptrlist
    type: sequence
    args:
      - exec: query_summary reject_ptrlist
      - exec: $reject_3

  - tag: reject_qtype65
    type: sequence
    args:
      - exec: query_summary reject_qtype65
      - exec: $reject_3

  - tag: forward_local
    type: forward
    args:
      concurrent: 1
      upstreams:
        - addr: udp://223.5.5.5:53
          enable_pipeline: false
          insecure_skip_verify: false
          idle_timeout: 10
          enable_http3: false

  - tag: forward_remote
    type: forward
    args:
      concurrent: 1
      upstreams:
        - addr: udp://192.168.6.15:6666
          enable_pipeline: false
          insecure_skip_verify: false
          idle_timeout: 10
          enable_http3: false


  - tag: forward_cf
    type: forward
    args:
      concurrent: 1
      upstreams:
        - addr: tls://1.1.1.1:853
          enable_pipeline: true
          insecure_skip_verify: false
          idle_timeout: 30
          enable_http3: false 

  - tag: modify_ttl
    type: sequence
    args:
      - exec: ttl 0-0

  - tag: modify_ddns_ttl
    type: sequence
    args:
      - exec: ttl 5-5

  - tag: local_sequence
    type: sequence
    args:
      - exec: query_summary forward_local
      - exec: prefer_ipv4
      - exec: $forward_local

  - tag: remote_sequence
    type: sequence
    args:
      - exec: query_summary forward_remote
      - exec: prefer_ipv4
      - exec: $forward_remote

  - tag: forward_cf_upstream
    type: sequence
    args:
      - exec: query_summary forward_cf
      - exec: prefer_ipv4
      - exec: $forward_cf  

  - tag: has_resp_sequence
    type: sequence
    args:
      - matches: qname $ddnslist
        exec: $modify_ddns_ttl
      - matches: "!qname $ddnslist"
        exec: $modify_ttl
      - matches: has_resp
        exec: accept

  - tag: query_is_ddns_domain
    type: sequence
    args:
      - matches: qname $ddnslist
        exec: $local_sequence

  - tag: query_is_local_domain
    type: sequence
    args:
      - matches: qname $geosite_cn
        exec: $local_sequence

  - tag: query_is_no_local_domain
    type: sequence
    args:
      - matches: qname $geosite_no_cn
        exec: $remote_sequence

  - tag: query_is_whitelist_domain
    type: sequence
    args:
      - matches: qname $whitelist
        exec: $local_sequence

  - tag: query_is_greylist_domain
    type: sequence
    args:
      - matches: qname $greylist
        exec: $remote_sequence

  - tag: query_is_reject_domain
    type: sequence
    args:
      - matches: qname $blocklist
        exec: $reject_blocklist
      - matches: qname $adlist
        exec: $reject_adlist
      - matches:
        - qtype 12
        - qname $local_ptr
        exec: $reject_ptrlist
      - matches: qtype 65
        exec: $reject_qtype65

  - tag: fallback_sequence
    type: sequence
    args:
      - exec: $forward_cf_upstream
      - matches: "rcode 2"
        exec: goto local_sequence
      - matches: "resp_ip $geoip_cn"
        exec: goto local_sequence
      - matches: "!resp_ip $geoip_cn"
        exec: goto remote_sequence

  - tag: main_sequence
    type: sequence
    args:
      - exec: metrics_collector metrics
      - exec: $hosts
      - exec: jump has_resp_sequence
      - matches:
        - "!qname $ddnslist"
        - "!qname $blocklist"
        - "!qname $adlist"
        - "!qname $local_ptr"
        exec: $lazy_cache
      - exec: $redirect
      - exec: jump has_resp_sequence
      - exec: $query_is_ddns_domain
      - exec: jump has_resp_sequence
      - exec: $query_is_whitelist_domain
      - exec: jump has_resp_sequence
      - exec: $query_is_reject_domain
      - exec: jump has_resp_sequence
      - exec: $query_is_greylist_domain
      - exec: jump has_resp_sequence
      - exec: $query_is_local_domain
      - exec: jump has_resp_sequence
      - exec: $query_is_no_local_domain
      - exec: jump has_resp_sequence
      - exec: $fallback_sequence

  - tag: udp_server
    type: udp_server
    args:
      entry: main_sequence
      listen: ":53"

  - tag: tcp_server
    type: tcp_server
    args:
      entry: main_sequence
      listen: ":53"

linux部署mosdns教程

PVE LXC 安装

linux操作

53端口解绑

时间修改

mosdns 安装过程

需增加内容

配置文件内容

以下为 mosdns 配置文件信息

以下配置文件为 fakeip 模式+远程 DNS 解析