Skip to content

Instantly share code, notes, and snippets.

@piyoki

piyoki/README.md

Last active July 27, 2025 16:34
Show Gist options
  • Save piyoki/dbe18d4e023f68a903ee6273cde71ba9 to your computer and use it in GitHub Desktop.
Save piyoki/dbe18d4e023f68a903ee6273cde71ba9 to your computer and use it in GitHub Desktop.
Download ZIP
mosdns deployment
Raw
config.yml
#/etc/mosdns/config.json
---
# log config
log:
level: info # ["debug", "info", "warn", and "error"], default is set to "info"
file: "/var/log/mosdns.log"
# data source config
data_providers:
- tag: cn
file: "/etc/mosdns/cn.dat"
auto_reload: false
- tag: geoip
file: "/etc/mosdns/geoip.dat"
auto_reload: false
- tag: geosite
file: "/etc/mosdns/geosite.dat"
auto_reload: false
# server config
servers:
# main query sequence
- exec: sequence_exec
timeout: 5
listeners:
# --- local port binding --- #
# local ipv6
- protocol: udp
addr: "[::1]:53"
- protocol: tcp
addr: "[::1]:53"
# local ipv4
- protocol: udp
addr: "127.0.0.1:53"
- protocol: tcp
addr: "127.0.0.1:53"
# --- interface binding --- #
# lag group
- protocol: udp
addr: "10.178.0.3:53"
- protocol: tcp
addr: "10.178.0.3:53"
# vlan 17
- protocol: udp
addr: "10.189.17.3:53"
- protocol: tcp
addr: "10.189.17.3:53"
# plugin config
plugins:
# --- Excutable Plugins --- #
# cache
- tag: "mem_cache"
type: "cache"
args:
size: 1024 # query max number
lazy_cache_ttl: 86400 # lazy cache ttl
lazy_cache_reply_ttl: 30 # timeout ttl
cache_everything: true
# ttl
- tag: "modify_ttl"
type: "ttl"
args:
minimal_ttl: 300
maximum_ttl: 3600
# --- Domestic DNS --- #
# alidns
- tag: ali_dos
type: forward
args:
upstream:
- addr: "https://dns.alidns.com/dns-query" # DoH server address
ip_addr: # server ip addresses
- "2400:3200:baba::1"
- "223.5.5.5"
- "2400:3200::1"
- "223.6.6.6"
trusted: true
- addr: "tls://dns.alidns.com" # TLS server address
ip_addr: # server ip addresses
- "2400:3200:baba::1"
- "223.5.5.5"
- "2400:3200::1"
- "223.6.6.6"
trusted: true
bootstrap:
- "tls://1.1.1.1"
- "https://223.5.5.5/dns-query"
timeout: 5 # default timeout
# --- Local DNS --- #
- tag: localdns
type: forward
args:
upstream:
- addr: "178.0.50.6:53"
# --- Remote DNS --- #
# google dns
- tag: google_dos
type: forward
args:
upstream:
- addr: "https://dns.google/dns-query" # DoH server address
ip_addr: # server ip addresses
- "2001:4860:4860::8844"
- "8.8.4.4"
- "2001:4860:4860::8888"
- "8.8.8.8"
trusted: true
- tag: google_dot
type: fast_forward
args:
upstream:
- addr: "tls://dns.google"
dial_addr: "8.8.4.4"
trusted: true
enable_pipeline: true
- addr: "tls://dns.google"
dial_addr: "2001:4860:4860::8888"
trusted: true
enable_pipeline: true
- addr: "tls://dns.google"
dial_addr: "8.8.8.8"
trusted: true
enable_pipeline: true
# cloudflare
- tag: cloudflare_dos
type: forward
args:
upstream:
- addr: "https://cloudflare-dns.com/dns-query" # DoH server address
ip_addr: # server ip addresses
- "2606:4700:4700::1001"
- "1.0.0.1"
- "2606:4700:4700::1111"
- "1.1.1.1"
trusted: true
- tag: cloudflare_dot
type: fast_forward
args:
upstream:
- addr: "tls://1dot1dot1dot1.cloudflare-dns.com"
dial_addr: "2606:4700:4700::1001"
trusted: true
enable_pipeline: true
- addr: "tls://1dot1dot1dot1.cloudflare-dns.com"
dial_addr: "1.0.0.1"
trusted: true
enable_pipeline: true
- addr: "tls://1dot1dot1dot1.cloudflare-dns.com"
dial_addr: "2606:4700:4700::1111"
trusted: true
enable_pipeline: true
- addr: "tls://1dot1dot1dot1.cloudflare-dns.com"
dial_addr: "1.0.0.1"
trusted: true
enable_pipeline: true
# h3 parallel
- tag: google_h3
type: "fast_forward"
args:
# upstream servers, at lease to configure one, send request in parallel to all servers
upstream:
- addr: "https://dns.google/dns-query"
dial_addr: "2001:4860:4860::8844"
trusted: true
enable_http3: true
- addr: "https://dns.google/dns-query"
dial_addr: "8.8.4.4"
trusted: true
enable_http3: true
- addr: "https://dns.google/dns-query"
dial_addr: "2001:4860:4860::8888"
trusted: true
enable_http3: true
- addr: "https://dns.google/dns-query"
dial_addr: "8.8.8.8"
trusted: true
enable_http3: true
- tag: cloudflare_h3
type: "fast_forward"
args:
upstream:
- addr: "https://cloudflare-dns.com/dns-query"
dial_addr: "2606:4700:4700::1001"
trusted: true
enable_http3: true
- addr: "https://cloudflare-dns.com/dns-query"
dial_addr: "1.0.0.1"
trusted: true
enable_http3: true
- addr: "https://cloudflare-dns.com/dns-query"
dial_addr: "2606:4700:4700::1111"
trusted: true
enable_http3: true
- addr: "https://cloudflare-dns.com/dns-query"
dial_addr: "1.1.1.1"
trusted: true
enable_http3: true
# doq backup resolver
- tag: adguard
type: forward
args:
upstream:
- addr: "quic://dns-unfiltered.adguard.com" # DoQ server
ip_addr: # server addresses
- "2a10:50c0::1:ff"
- "94.140.14.140"
- "2a10:50c0::2:ff"
- "94.140.14.141"
trusted: true
# --- query matcher --- #
# query - CN domains
- tag: query_cn
type: query_matcher
args:
domain:
- "provider:geosite:cn"
# query - GFW domains
- tag: query_gfw
type: query_matcher
args:
domain:
- "provider:geosite:gfw"
# query - non-CN domains
- tag: query_notcn
type: query_matcher
args:
domain:
- "provider:geosite:geolocation-!cn"
# query - ad
- tag: query_ad
type: query_matcher
args:
domain:
- "provider:geosite:category-ads-all"
# query - CN IP
- tag: response_cnip
type: response_matcher
args:
ip:
- "provider:geoip:cn"
# --- Sequence --- #
# local sequence
- tag: local
type: sequence
args:
exec:
# - primary:
- parallel:
- - ali_dos
# secondary:
# - localdns
# fast_fallback: 600
# always_standby: true
# remote sequence
- tag: remote
type: sequence
args:
exec:
# - primary:
- parallel:
- - google_dos
- - cloudflare_dos
- - google_dot
- - cloudflare_dot
- - adguard # secondary
- - google_h3
- - cloudflare_h3
# secondary:
# - adguard
# fast_fallback: 600
# always_standby: true
# main_sequence
- tag: main_sequence
type: sequence
args:
exec:
# Ad
- if: query_ad
exec:
- _new_nxdomain_response # empty response
- _return
# CN domains
- if: "query_cn"
exec:
- _prefer_ipv4 # ipv4 as priority
- _pad_query
- local # local ip as result
- if: "response_cnip" # cnip as result
exec:
- _return # end
# non-CN domains
- if: query_notcn
exec:
- _prefer_ipv4 # ipv4 as priority
- _pad_query
- remote # uncontaminated ip
- if: "!response_cnip" # non-CN ip as result
exec:
- _return # end
# other condition
- primary:
- _prefer_ipv4
- _pad_query
- remote
secondary:
- _prefer_ipv4
- _pad_query
- local
fast_fallback: 400
always_standby: true
# --- sequence execution --- #
- tag: sequence_exec
type: sequence
args:
exec:
- parallel:
- - mem_cache # cache
- - main_sequence # run main query sequence
- - modify_ttl
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment