在/etc/dnsdist目录下新建一个名为luarule.lua的文件当然这里也可以取其它名字以下是这个文件的内容
-- 定义 DNSNameSet 集合
local activeSets = {
shuntset = newDNSNameSet(),
adblocking = newDNSNameSet(),
adblockingwhite = newDNSNameSet(),
malicious = newDNSNameSet()
}
local standbySets = {
shuntset = newDNSNameSet(),
adblocking = newDNSNameSet(),
adblockingwhite = newDNSNameSet(),
malicious = newDNSNameSet()
}
local lastLoadDate = nil -- 上次重载的日期
-- 辅助函数:批量加载域名到集合
local function batchLoadDomains(filename, set)
set:clear()
local count = 0
local file = io.open(filename, "r")
if not file then
infolog("Unable to open file: " .. filename)
return false, count
end
local content = file:read("*a")
file:close()
for line in content:gmatch("[^\r\n]+") do
local trimmed_line = line:match("^%s*(.-)%s*$")
if trimmed_line and trimmed_line ~= "" then
set:add(newDNSName(trimmed_line))
count = count + 1
end
end
return true, count
end
-- 加载域名集合
local function reloadDomainSets()
infolog("Reloading domain lists at " .. os.date("%Y-%m-%d %H:%M:%S"))
local shuntSuccess, shuntCount = batchLoadDomains("/etc/dnsdist/domains.txt", standbySets.shuntset)
local adSuccess, adCount = batchLoadDomains("/etc/dnsdist/anti-ad-domains.txt", standbySets.adblocking)
local whiteSuccess, whiteCount = batchLoadDomains("/etc/dnsdist/anti-ad-white-list.txt", standbySets.adblockingwhite)
local maliciousSuccess, maliciousCount = batchLoadDomains("/etc/dnsdist/malicious-domains.txt", standbySets.malicious)
if shuntSuccess and adSuccess and whiteSuccess and maliciousSuccess and not standbySets.shuntset:empty() and not standbySets.adblocking:empty() then
activeSets.shuntset, standbySets.shuntset = standbySets.shuntset, activeSets.shuntset
activeSets.adblocking, standbySets.adblocking = standbySets.adblocking, activeSets.adblocking
activeSets.adblockingwhite, standbySets.adblockingwhite = standbySets.adblockingwhite, activeSets.adblockingwhite
activeSets.malicious, standbySets.malicious = standbySets.malicious, activeSets.malicious
lastLoadDate = os.date("%Y-%m-%d")
infolog(string.format("Reload completed: Shunt=%d, Ad=%d, White=%d, Malicious=%d", shuntCount, adCount, whiteCount, maliciousCount))
return true
end
infolog("Domain lists reload failed")
return false
end
-- 主要 DNS 处理规则
function luarule(dq)
local domain_str = dq.qname:toStringNoDot()
local primary_domain = domain_str:match("([^.]+%.[^.]+)$")
if not primary_domain then
return DNSAction.Pool, "china"
end
local domain = newDNSName(domain_str)
local primarydomain = newDNSName(primary_domain)
if activeSets.malicious:check(domain) or activeSets.malicious:check(primarydomain) then
infolog("Blocked malicious domain: " .. domain_str)
return DNSAction.Refused
end
if activeSets.adblocking:check(domain) then
if activeSets.adblockingwhite:check(domain) then
if activeSets.shuntset:check(domain) or activeSets.shuntset:check(primarydomain) then
return DNSAction.Pool, "china"
end
return DNSAction.Pool, "default"
end
return DNSAction.Refused
end
if activeSets.shuntset:check(domain) or activeSets.shuntset:check(primarydomain) then
return DNSAction.Pool, "china"
end
return DNSAction.Pool, "default"
end
-- 定时任务:每天 4:40 执行
function maintenance()
local currentTime = os.time()
local currentHour = tonumber(os.date("%H", currentTime))
local currentMinute = tonumber(os.date("%M", currentTime))
local currentDate = os.date("%Y-%m-%d")
-- 检查当前时间是否为 4:40,并确保今天未执行过
if currentHour == 4 and currentMinute == 40 and lastLoadDate ~= currentDate then
local success = reloadDomainSets()
if not success then
infolog("Scheduled reload at 4:40 failed.")
end
end
end
-- 初始加载
reloadDomainSets()
下面是shell脚本生成上述所要用到的文件;规则包含分流、广告拦截、广告拦截白名单和恶意域名列表
#!/bin/bash
cd /root/china
rm -f i*.txt
rm -f tmp*.txt
wget -O i1.txt https://raw.githubusercontent.com/felixonmars/dnsmasq-china-list/master/accelerated-domains.china.conf
wget -O i2.txt https://raw.githubusercontent.com/Loyalsoldier/v2ray-rules-dat/release/apple-cn.txt
wget -O i3.txt https://raw.githubusercontent.com/privacy-protection-tools/anti-AD/master/anti-ad-domains.txt
wget -O i4.txt https://raw.githubusercontent.com/privacy-protection-tools/dead-horse/master/anti-ad-white-list.txt
wget -O i5.txt https://raw.githubusercontent.com/elliotwutingfeng/USOM-Blocklists/refs/heads/main/urls.txt
wget -O i6.txt https://raw.githubusercontent.com/elliotwutingfeng/Inversion-DNSBL-Blocklists/refs/heads/main/Google_hostnames.txt
wget -O i7.txt https://raw.githubusercontent.com/elliotwutingfeng/ChongLuaDao-Phishing-Blocklist/refs/heads/main/urls.txt
echo >> i5.txt
echo >> i6.txt
echo >> i7.txt
cat i5.txt i6.txt i7.txt >> tmp2.txt
sed '/\//d' tmp2.txt > file_filtered.txt
sed 's/:[0-9]*//g' file_filtered.txt > file_filtereds.txt
awk '!seen[$0]++' file_filtereds.txt > malicious-domains.txt
cat i1.txt | grep -E -v "^#" > tmp1.txt
sed -i s'/server=\//\//g' tmp1.txt
sed -i s'/\/114.114.114.114//g' tmp1.txt
sed -i s'/full:/\//g' i2.txt
cat zdy.dd i2.txt tmp1.txt > tump.txt
sed -i s'/^\///g' tump.txt
sed -i '/^#/d' i3.txt
sed -i '/^#/d' i4.txt
mv tump.txt /etc/dnsdist/domains.txt
mv i3.txt /etc/dnsdist/anti-ad-domains.txt
mv i4.txt /etc/dnsdist/anti-ad-white-list.txt
mv malicious-domains.txt /etc/dnsdist/malicious-domains.txt
rm -f i*.txt
rm -f tmp*.txt
rm -f file_*.txt
温馨提示这套规则会占用200mb左右的内存
然后这个使用就是在/etc/dnsdist/dnsdist.conf里面添加下面的内容
dofile("/etc/dnsdist/luarule.lua")
addAction(AllRule(), LuaAction(luarule))
把上面那段lua放在dnsdist.conf中也是可以的dofile(“/etc/dnsdist/luarule.lua”)这行不加就行
其它内容自行读取dnsdist官方文档https://dnsdist.org/
© 版权声明
原创文章未经允许请勿转载。
THE END
请登录后查看评论内容