powerdns-dnsdist拦截功能更新

在/etc/dnsdist目录下新建一个名为luarule.lua的文件当然这里也可以取其它名字以下是这个文件的内容

-- 定义 DNSNameSet 集合
local activeSets = {
    shuntset = newDNSNameSet(),
    adblocking = newDNSNameSet(),
    adblockingwhite = newDNSNameSet(),
    malicious = newDNSNameSet()
}

local standbySets = {
    shuntset = newDNSNameSet(),
    adblocking = newDNSNameSet(),
    adblockingwhite = newDNSNameSet(),
    malicious = newDNSNameSet()
}

local lastLoadDate = nil  -- 上次重载的日期


-- 辅助函数:批量加载域名到集合
local function batchLoadDomains(filename, set)
    set:clear()
    local count = 0

    local file = io.open(filename, "r")
    if not file then
        infolog("Unable to open file: " .. filename)
        return false, count
    end

    local content = file:read("*a")
    file:close()

    for line in content:gmatch("[^\r\n]+") do
        local trimmed_line = line:match("^%s*(.-)%s*$")
        if trimmed_line and trimmed_line ~= "" then
            set:add(newDNSName(trimmed_line))
            count = count + 1
        end
    end

    return true, count
end

-- 加载域名集合
local function reloadDomainSets()
    infolog("Reloading domain lists at " .. os.date("%Y-%m-%d %H:%M:%S"))

    local shuntSuccess, shuntCount = batchLoadDomains("/etc/dnsdist/domains.txt", standbySets.shuntset)
    local adSuccess, adCount = batchLoadDomains("/etc/dnsdist/anti-ad-domains.txt", standbySets.adblocking)
    local whiteSuccess, whiteCount = batchLoadDomains("/etc/dnsdist/anti-ad-white-list.txt", standbySets.adblockingwhite)
    local maliciousSuccess, maliciousCount = batchLoadDomains("/etc/dnsdist/malicious-domains.txt", standbySets.malicious)

    if shuntSuccess and adSuccess and whiteSuccess and maliciousSuccess and not standbySets.shuntset:empty() and not standbySets.adblocking:empty() then
        activeSets.shuntset, standbySets.shuntset = standbySets.shuntset, activeSets.shuntset
        activeSets.adblocking, standbySets.adblocking = standbySets.adblocking, activeSets.adblocking
        activeSets.adblockingwhite, standbySets.adblockingwhite = standbySets.adblockingwhite, activeSets.adblockingwhite
        activeSets.malicious, standbySets.malicious = standbySets.malicious, activeSets.malicious

        lastLoadDate = os.date("%Y-%m-%d")
        infolog(string.format("Reload completed: Shunt=%d, Ad=%d, White=%d, Malicious=%d", shuntCount, adCount, whiteCount, maliciousCount))
        return true
    end

    infolog("Domain lists reload failed")
    return false
end

-- 主要 DNS 处理规则
function luarule(dq)
    local domain_str = dq.qname:toStringNoDot()
    local primary_domain = domain_str:match("([^.]+%.[^.]+)$")

    if not primary_domain then
        return DNSAction.Pool, "china"
    end

    local domain = newDNSName(domain_str)
    local primarydomain = newDNSName(primary_domain)
    
    if activeSets.malicious:check(domain) or activeSets.malicious:check(primarydomain) then
        infolog("Blocked malicious domain: " .. domain_str)
        return DNSAction.Refused
    end

    if activeSets.adblocking:check(domain) then
        if activeSets.adblockingwhite:check(domain) then
            if activeSets.shuntset:check(domain) or activeSets.shuntset:check(primarydomain) then
                return DNSAction.Pool, "china"
            end
            return DNSAction.Pool, "default"
        end
        return DNSAction.Refused
    end

    if activeSets.shuntset:check(domain) or activeSets.shuntset:check(primarydomain) then
        return DNSAction.Pool, "china"
    end

    return DNSAction.Pool, "default"
end

-- 定时任务:每天 4:40 执行
function maintenance()
    local currentTime = os.time()
    local currentHour = tonumber(os.date("%H", currentTime))
    local currentMinute = tonumber(os.date("%M", currentTime))
    local currentDate = os.date("%Y-%m-%d")

    -- 检查当前时间是否为 4:40,并确保今天未执行过
    if currentHour == 4 and currentMinute == 40 and lastLoadDate ~= currentDate then
        local success = reloadDomainSets()
        if not success then
            infolog("Scheduled reload at 4:40 failed.")
        end
    end
end

-- 初始加载
reloadDomainSets()

下面是shell脚本生成上述所要用到的文件;规则包含分流、广告拦截、广告拦截白名单和恶意域名列表

#!/bin/bash
cd /root/china
rm -f i*.txt
rm -f tmp*.txt
wget -O i1.txt https://raw.githubusercontent.com/felixonmars/dnsmasq-china-list/master/accelerated-domains.china.conf
wget -O i2.txt https://raw.githubusercontent.com/Loyalsoldier/v2ray-rules-dat/release/apple-cn.txt
wget -O i3.txt https://raw.githubusercontent.com/privacy-protection-tools/anti-AD/master/anti-ad-domains.txt
wget -O i4.txt https://raw.githubusercontent.com/privacy-protection-tools/dead-horse/master/anti-ad-white-list.txt
wget -O i5.txt https://raw.githubusercontent.com/elliotwutingfeng/USOM-Blocklists/refs/heads/main/urls.txt
wget -O i6.txt https://raw.githubusercontent.com/elliotwutingfeng/Inversion-DNSBL-Blocklists/refs/heads/main/Google_hostnames.txt
wget -O i7.txt https://raw.githubusercontent.com/elliotwutingfeng/ChongLuaDao-Phishing-Blocklist/refs/heads/main/urls.txt
echo >> i5.txt
echo >> i6.txt
echo >> i7.txt
cat i5.txt i6.txt i7.txt >> tmp2.txt
sed '/\//d' tmp2.txt > file_filtered.txt
sed 's/:[0-9]*//g' file_filtered.txt > file_filtereds.txt
awk '!seen[$0]++' file_filtereds.txt > malicious-domains.txt
cat i1.txt | grep -E -v "^#" > tmp1.txt
sed -i s'/server=\//\//g' tmp1.txt
sed -i s'/\/114.114.114.114//g' tmp1.txt
sed -i s'/full:/\//g' i2.txt
cat zdy.dd i2.txt tmp1.txt > tump.txt
sed -i s'/^\///g' tump.txt
sed -i '/^#/d' i3.txt
sed -i '/^#/d' i4.txt
mv tump.txt /etc/dnsdist/domains.txt
mv i3.txt /etc/dnsdist/anti-ad-domains.txt
mv i4.txt /etc/dnsdist/anti-ad-white-list.txt
mv malicious-domains.txt /etc/dnsdist/malicious-domains.txt
rm -f i*.txt
rm -f tmp*.txt
rm -f file_*.txt

温馨提示这套规则会占用200mb左右的内存

然后这个使用就是在/etc/dnsdist/dnsdist.conf里面添加下面的内容

dofile("/etc/dnsdist/luarule.lua")
addAction(AllRule(), LuaAction(luarule))

把上面那段lua放在dnsdist.conf中也是可以的dofile(“/etc/dnsdist/luarule.lua”)这行不加就行

其它内容自行读取dnsdist官方文档https://dnsdist.org/

© 版权声明
THE END
喜欢就支持一下吧
点赞10赞赏 分享
评论 抢沙发

请登录后发表评论

    请登录后查看评论内容