Fix weird things with DNS in China. This is a port of ChinaDNS to C, especially for OpenWRT.
If you want to fix other weird things as well, you might also want to use ShadowVPN.
ChinaDNS for OpenWRT 1.1.0 新增 chnroute 功能
如果你用 chnroute 配置路由表根据 IP 是国内还是国外,决定走不走代理,在原来的方案下,国外未被污染网站也会通过本地 DNS 解析,这样解析出来的 IP 离代理服务器不一定最近,影响访问速度。
新版调整了解析算法:如果是国内 DNS 解析出的 IP,确保它是国内的 IP;如果是国外 DNS 解析出的 IP,确保它是国外的 IP。
这样一来,国内网站直接解析,国外网站通过代理解析,国内网站解析出的 IP 离自己最近,国外网站解析出的 IP 离代理最近。而且纯粹根据 IP 段来判断,不需要维护域名黑白名单,省时省力。
其它的方案好像都没这个好用。
<=1.1.1 存在一个误判 IP 的 bug,请更新到 1.1.2 或更新版本。
https://sourceforge.net/projects/chinadns/files/dist/
-
Linux / Unix
./configure && make src/chinadns -l iplist.txt -c chnroute.txt -
OpenWRT
-
Download precompiled for OpenWRT trunk and CPU: ar71xx, brcm63xx, brcm47xx, ramips_24kec. Open an issue if you think your CPU is a popular one but not listed here.
-
If you use other CPU or other OpenWRT versions, build yourself: cd into SDK root, then
pushd package git clone https://github.com/clowwindy/ChinaDNS-C.git popd make menuconfig # select Network/ChinaDNS # Optional make -j make V=99 package/ChinaDNS-C/openwrt/compile
-
-
Tomoto
-
Download Tomato toolchain, build by yourself.
-
Uncompress the downloaded file to
~/. -
Copy the
brcmdirectory under~/WRT54GL-US_v4.30.11_11/tools/to/opt, thenexport PATH=/opt/brcm/hndtools-mipsel-uclibc/bin/:/opt/brcm/hndtools-mipsel-linux/bin/:$PATH git clone https://github.com/clowwindy/ChinaDNS-C.git cd ChinaDNS-C ./autogen.sh && ./configure --host=mipsel-linux --enable-static && make
-
-
Windows
Download Python exe version.
-
Linux / Unix
Run
sudo chinadns -l iplist.txton your local machine. ChinaDNS creates a UDP DNS Server at0.0.0.0:53. -
OpenWRT
opkg install ChinaDNS-C_1.x.x_ar71xx.ipk /etc/init.d/chinadns start(Optional) We strongly recommend you to set ChinaDNS as a upstream DNS server for dnsmasq instead of using ChinaDNS directly:
-
Run
/etc/init.d/chinadns stop -
Remove the 2 lines containing
iptablesin/etc/init.d/chinadns. -
Update
/etc/dnsmasq.confto use only 127.0.0.1#5353:no-resolv server=127.0.0.1#5353 -
Restart chinadns and dnsmasq
-
Test if it works correctly:
$ dig @192.168.1.1 www.youtube.com
Server: 192.168.1.1
Address: 192.168.1.1#53
Non-authoritative answer:
www.youtube.com canonical name = youtube-ui.l.google.com.
youtube-ui.l.google.com canonical name = youtube-ui-china.l.google.com.
Name: youtube-ui-china.l.google.com
Address: 173.194.72.102
Name: youtube-ui-china.l.google.com
Address: 173.194.72.101
Name: youtube-ui-china.l.google.com
Address: 173.194.72.113
Name: youtube-ui-china.l.google.com
Address: 173.194.72.100
Name: youtube-ui-china.l.google.com
Address: 173.194.72.139
Name: youtube-ui-china.l.google.com
Address: 173.194.72.138
Currently ChinaDNS-C only supports UDP. Builtin OpenWRT init script works with dnsmasq, which handles TCP. If you use it directly without dnsmasq, you need to add a redirect rule for TCP:
iptables -t nat -A PREROUTING -p tcp --dport 53 -j DNAT --to-destination 8.8.8.8:53
usage: chinadns [-h] [-l IPLIST_FILE] [-b BIND_ADDR] [-p BIND_PORT]
[-c CHNROUTE_FILE] [-s DNS] [-v]
Forward DNS requests.
-h, --help show this help message and exit
-l IPLIST_FILE path to ip blacklist file
-c CHNROUTE_FILE path to china route file
if not specified, CHNRoute will be turned off
-b BIND_ADDR address that listens, default: 127.0.0.1
-p BIND_PORT port that listens, default: 53
-s DNS DNS servers to use, default:
114.114.114.114,208.67.222.222:443,8.8.8.8
-v verbose logging
You can generate latest chnroute.txt using this command:
curl 'http://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest' | grep ipv4 | grep CN | awk -F\| '{ printf("%s/%d\n", $4, 32-log($5)/log(2)) }' > chnroute.txt
MIT
Please visit Issue Tracker
Mailing list: http://groups.google.com/group/shadowsocks