piyoki · March 23, 2025 00:02
diff --git a/readme.md b/readme.md
diff --git a/auto-artifact-export.yml b/auto-artifact-export.yml
 ---
 - name: Update dat files
  hosts: all
  become: yes

  vars:
    - base_path: /etc/mosdns
    - restart_daemon: yes
    - daemon_service_name: mosdns
    - clean_up_after: yes

  tasks:
    - name: Check prerequisites
      block:
        - name: Gather package facts
          ansible.bultin.package_facts:
            manager: apt

        - name: Install jq if jq is absent
          ansible.builtin.apt:
            name: jq
            state: present
          when: '"jq" not in ansible_facts.packages'

        - name: Install unzip if unzip is absent
          apt:
            name: unzip
            state: present
          when: '"unzip" not in ansible_facts.packages'

        - name: Create project directories if not exist
          ansible.builtin.file:
            path: "{{ item }}"
            state: directory
            mode: 0755
          loop:
            - "{{ base_path }}/ips"
            - "{{ base_path }}/domains"
            - "{{ base_path }}/custom"
            - "{{ base_path }}/downloads"

        - name: Create cache file if not exist
          ansible.builtin.file:
            path: "{{ base_path }}/cache.dump"
            state: file
            mode: 0755

    - name: Get latest release tag
      shell: 'curl https://api.github.com/repos/techprober/v2ray-rules-dat/releases/latest --silent |  jq -r ".tag_name"'
      register: latest_release

    - name: Print result
      ansible.builtin.debug:
        msg: |
          "release_url: https://github.com/techprober/v2ray-rules-dat/releases/tag/{{ latest_release.stdout }}"

    - name: Download dat files with the latest release
      ansible.builtin.get_url:
        url: "https://github.com/techprober/v2ray-rules-dat/releases/download/{{ latest_release.stdout }}/{{ item }}.zip"
        dest: "{{ base_path }}/downloads/{{ item }}-{{ latest_release.stdout }}.zip"
      loop:
        -  "geosite"
        -  "geoip"
      register: download
    
    - name: Unzip artifacts
      block:
        - name: Unzip geosite rules
          shell: |
            unzip -o {{ base_path }}/downloads/geosite-{{ latest_release.stdout }}.zip -d {{ base_path }}/domains
            unzip -o {{ base_path }}/downloads/geoip-{{ latest_release.stdout }}.zip -d {{ base_path }}/ips
    
    - name: Restart daemon service
      ansible.builtin.service:
        name: "{{ daemon_service_name }}"
        state: restarted
      when:
        - restart_daemon
        - download is changed

    - name: Remove raw artifacts
      ansible.builtin.file:
        state: absent
        path: "{{ item }}"
      loop:
        - "{{ base_path }}/downloads/geosite-{{ latest_release.stdout }}.zip"
        - "{{ base_path }}/downloads/geoip-{{ latest_release.stdout }}.zip"
      when:
        - clean_up_after
        - download is changed
diff --git a/mosdns-v5-config.yml b/mosdns-v5-config.yml
 ---
 # /etc/mosdns/config.yaml

 ## -- Log Config -- ##
 log:
  level: debug # ["debug", "info", "warn", and "error"], default is set to "info"
  # file: "/var/log/mosdns.log"

 ## -- API Config -- ##
 api:
  http: "0.0.0.0:8080"

 ## -- Plugins Config -- ##
 plugins:
  ## --- Cache --- ##
  - tag: custom_cache
    type: cache
    args:
      size: 10240
      lazy_cache_ttl: 0 # ttl set to 86400 (1 day) or to 0 (off)
      dump_file: ./cache.dump # persist cache to a local file, loaded when service starts
      dump_interval: 120 # autosave interval (s)

  ## --- Upstream Servers --- ##
  - tag: upstreams
    type: forward
    args:
      upstreams:
        ## --- Domestic DNS Servers --- ##
        - tag: ali_dot
          addr: tls://dns.alidns.com
          dial_addr: "223.5.5.5"
          enable_pipeline: true
          idle_timeout: 10
          insecure_skip_verify: true
        # - tag: ali_doh
        #   addr: https://dns.alidns.com/dns-query
        #   dial_addr: "223.5.5.5"
        #   enable_pipeline: true
        #   enable_pipeline: true
        #   idle_timeout: 30
        #   insecure_skip_verify: true

        ##  --- Remote DNS Servers --- ##
        - tag: google_dot
          addr: tls://dns.google
          dial_addr: "8.8.8.8"
          enable_pipeline: true
          idle_timeout: 10
          insecure_skip_verify: true
        # - tag: google_doh
        #   addr: https://dns.google/dns-query
        #   dial_addr: "8.8.8.8"
        #   enable_pipeline: true
        #   idle_timeout: 30
        #   insecure_skip_verify: true

        - tag: cloudflare_dot
          addr: tls://1dot1dot1dot1.cloudflare-dns.com
          dial_addr: "1.1.1.1"
          enable_pipeline: true
          idle_timeout: 10
          insecure_skip_verify: true
        # - tag: cloudflare_doh
        #   addr: https://cloudflare-dns.com/dns-query
        #   dial_addr: "1.1.1.1"
        #   enable_pipeline: true
        #   idle_timeout: 30
        #   insecure_skip_verify: true

  ## -- TTL Sequence -- ##
  - tag: "ttl_seq"
    type: sequence
    args:
      - exec: ttl 600-3600
      - exec: accept

  ## --- Domestic Sequence --- ##
  - tag: domestic_seq
    type: sequence
    args:
      - exec: $upstreams ali_dot
      # - exec: goto ttl_seq

  ## --- Remote Sequence --- ##
  - tag: remote_seq
    type: sequence
    args:
      - exec: $upstreams google_dot
      # - exec: goto ttl_seq

  ## --- CN-IP Sequence --- ##
  # if response does NOT has CN IP, drop it
  - tag: cn_ip
    type: sequence
    args:
      - exec: $upstreams ali_dot
      - matches: "!resp_ip &ips/cn.txt"
        exec: drop_resp
      # - exec: goto ttl_seq

  ## --- Fallback --- ##
  # (ip split) if response has CN ip, accept it; otherwise, drop --> forward it to remote upstream servers
  - tag: fallback_ip
    type: fallback
    args:
      primary: cn_ip # empty response
      secondary: remote_seq
      threshold: 500 # no response timeout, default value is 500ms
      always_standby: true

  ## --- Main Sequence --- ##
  - tag: main
    type: sequence
    args:
      - exec: query_summary entry
      # - exec: metrics_controller metrics # prometheus & grafana usage
      - exec: prefer_ipv4 # prefer ipv4 for remote

      - matches: qtype 12
        exec: reject 3
      - matches: qtype 65
        exec: reject 3

      - matches:
          - qname &./domains/category-ads-all.txt # ads
          - qname &./domains/reject.txt
        exec: reject 0

      - exec: $custom_cache # enable cache
      - matches: has_resp
        exec: accept # end if reponse found in cache

      # - matches:
      #     - qname &./custom/remote.txt # custom remote domains
      #   exec: goto remote_seq

      - matches:
          - qname &./domains/direct.txt # cn domains
          - qname &./domains/cn.txt 
        exec: goto domestic_seq

      - matches:
          - qname &./domains/geolocation-!cn.txt # non-cn domains
          - qname &./domains/gfw.txt
          - qname &./domains/google-scholar.txt
          - qname &./domains/category-scholar-!cn.txt
          - qname &./domains/icloud.txt
          - qname &./domains/apple-cn.txt
          - qname &./domains/twitter.txt
          - qname &./domains/telegram.txt
          - qname &./domains/google.txt
        exec: goto remote_seq

      - exec: $fallback_ip # use ip to split the rest domains

  ## --- Server Configuration --- ##
  - tag: server
    type: udp_server
    args:
      entry: main
      listen: :53
	---
	- name: Update dat files
	hosts: all
	become: yes

	vars:
	- base_path: /etc/mosdns
	- restart_daemon: yes
	- daemon_service_name: mosdns
	- clean_up_after: yes

	tasks:
	- name: Check prerequisites
	block:
	- name: Gather package facts
	ansible.bultin.package_facts:
	manager: apt

	- name: Install jq if jq is absent
	ansible.builtin.apt:
	name: jq
	state: present
	when: '"jq" not in ansible_facts.packages'

	- name: Install unzip if unzip is absent
	apt:
	name: unzip
	state: present
	when: '"unzip" not in ansible_facts.packages'

	- name: Create project directories if not exist
	ansible.builtin.file:
	path: "{{ item }}"
	state: directory
	mode: 0755
	loop:
	- "{{ base_path }}/ips"
	- "{{ base_path }}/domains"
	- "{{ base_path }}/custom"
	- "{{ base_path }}/downloads"

	- name: Create cache file if not exist
	ansible.builtin.file:
	path: "{{ base_path }}/cache.dump"
	state: file
	mode: 0755

	- name: Get latest release tag
	shell: 'curl https://api.github.com/repos/techprober/v2ray-rules-dat/releases/latest --silent \| jq -r ".tag_name"'
	register: latest_release

	- name: Print result
	ansible.builtin.debug:
	msg: \|
	"release_url: https://github.com/techprober/v2ray-rules-dat/releases/tag/{{ latest_release.stdout }}"

	- name: Download dat files with the latest release
	ansible.builtin.get_url:
	url: "https://github.com/techprober/v2ray-rules-dat/releases/download/{{ latest_release.stdout }}/{{ item }}.zip"
	dest: "{{ base_path }}/downloads/{{ item }}-{{ latest_release.stdout }}.zip"
	loop:
	- "geosite"
	- "geoip"
	register: download

	- name: Unzip artifacts
	block:
	- name: Unzip geosite rules
	shell: \|
	unzip -o {{ base_path }}/downloads/geosite-{{ latest_release.stdout }}.zip -d {{ base_path }}/domains
	unzip -o {{ base_path }}/downloads/geoip-{{ latest_release.stdout }}.zip -d {{ base_path }}/ips

	- name: Restart daemon service
	ansible.builtin.service:
	name: "{{ daemon_service_name }}"
	state: restarted
	when:
	- restart_daemon
	- download is changed

	- name: Remove raw artifacts
	ansible.builtin.file:
	state: absent
	path: "{{ item }}"
	loop:
	- "{{ base_path }}/downloads/geosite-{{ latest_release.stdout }}.zip"
	- "{{ base_path }}/downloads/geoip-{{ latest_release.stdout }}.zip"
	when:
	- clean_up_after
	- download is changed
	---
	# /etc/mosdns/config.yaml

	## -- Log Config -- ##
	log:
	level: debug # ["debug", "info", "warn", and "error"], default is set to "info"
	# file: "/var/log/mosdns.log"

	## -- API Config -- ##
	api:
	http: "0.0.0.0:8080"

	## -- Plugins Config -- ##
	plugins:
	## --- Cache --- ##
	- tag: custom_cache
	type: cache
	args:
	size: 10240
	lazy_cache_ttl: 0 # ttl set to 86400 (1 day) or to 0 (off)
	dump_file: ./cache.dump # persist cache to a local file, loaded when service starts
	dump_interval: 120 # autosave interval (s)

	## --- Upstream Servers --- ##
	- tag: upstreams
	type: forward
	args:
	upstreams:
	## --- Domestic DNS Servers --- ##
	- tag: ali_dot
	addr: tls://dns.alidns.com
	dial_addr: "223.5.5.5"
	enable_pipeline: true
	idle_timeout: 10
	insecure_skip_verify: true
	# - tag: ali_doh
	# addr: https://dns.alidns.com/dns-query
	# dial_addr: "223.5.5.5"
	# enable_pipeline: true
	# enable_pipeline: true
	# idle_timeout: 30
	# insecure_skip_verify: true

	## --- Remote DNS Servers --- ##
	- tag: google_dot
	addr: tls://dns.google
	dial_addr: "8.8.8.8"
	enable_pipeline: true
	idle_timeout: 10
	insecure_skip_verify: true
	# - tag: google_doh
	# addr: https://dns.google/dns-query
	# dial_addr: "8.8.8.8"
	# enable_pipeline: true
	# idle_timeout: 30
	# insecure_skip_verify: true

	- tag: cloudflare_dot
	addr: tls://1dot1dot1dot1.cloudflare-dns.com
	dial_addr: "1.1.1.1"
	enable_pipeline: true
	idle_timeout: 10
	insecure_skip_verify: true
	# - tag: cloudflare_doh
	# addr: https://cloudflare-dns.com/dns-query
	# dial_addr: "1.1.1.1"
	# enable_pipeline: true
	# idle_timeout: 30
	# insecure_skip_verify: true

	## -- TTL Sequence -- ##
	- tag: "ttl_seq"
	type: sequence
	args:
	- exec: ttl 600-3600
	- exec: accept

	## --- Domestic Sequence --- ##
	- tag: domestic_seq
	type: sequence
	args:
	- exec: $upstreams ali_dot
	# - exec: goto ttl_seq

	## --- Remote Sequence --- ##
	- tag: remote_seq
	type: sequence
	args:
	- exec: $upstreams google_dot
	# - exec: goto ttl_seq

	## --- CN-IP Sequence --- ##
	# if response does NOT has CN IP, drop it
	- tag: cn_ip
	type: sequence
	args:
	- exec: $upstreams ali_dot
	- matches: "!resp_ip &ips/cn.txt"
	exec: drop_resp
	# - exec: goto ttl_seq

	## --- Fallback --- ##
	# (ip split) if response has CN ip, accept it; otherwise, drop --> forward it to remote upstream servers
	- tag: fallback_ip
	type: fallback
	args:
	primary: cn_ip # empty response
	secondary: remote_seq
	threshold: 500 # no response timeout, default value is 500ms
	always_standby: true

	## --- Main Sequence --- ##
	- tag: main
	type: sequence
	args:
	- exec: query_summary entry
	# - exec: metrics_controller metrics # prometheus & grafana usage
	- exec: prefer_ipv4 # prefer ipv4 for remote

	- matches: qtype 12
	exec: reject 3
	- matches: qtype 65
	exec: reject 3

	- matches:
	- qname &./domains/category-ads-all.txt # ads
	- qname &./domains/reject.txt
	exec: reject 0

	- exec: $custom_cache # enable cache
	- matches: has_resp
	exec: accept # end if reponse found in cache

	# - matches:
	# - qname &./custom/remote.txt # custom remote domains
	# exec: goto remote_seq

	- matches:
	- qname &./domains/direct.txt # cn domains
	- qname &./domains/cn.txt
	exec: goto domestic_seq

	- matches:
	- qname &./domains/geolocation-!cn.txt # non-cn domains
	- qname &./domains/gfw.txt
	- qname &./domains/google-scholar.txt
	- qname &./domains/category-scholar-!cn.txt
	- qname &./domains/icloud.txt
	- qname &./domains/apple-cn.txt
	- qname &./domains/twitter.txt
	- qname &./domains/telegram.txt
	- qname &./domains/google.txt
	exec: goto remote_seq

	- exec: $fallback_ip # use ip to split the rest domains

	## --- Server Configuration --- ##
	- tag: server
	type: udp_server
	args:
	entry: main
	listen: :53