Lede 上设置 Ubound DOH 的疑问

DNS 参考资料

› dnslib for Python

This topic created in 2522 days ago, the information mentioned may be changed or developed.

lean 的源码编译的固件，加入了 Ubound 和$$R，Unbound 本地监听 5335，$$R 里和 dnsmasq 设置的 DNS 转发是 127.0.0.1#5335，但是一开启 tcp-upstream 和 ssl-upstream 就不能上网，是我的使用姿势不对吗？ Ubound 配置文件如下：

```
server:
port: 5335
access-control: 10.0.0.0/8 allow
access-control: 127.0.0.0/8 allow
access-control: 192.168.0.0/16 allow
cache-max-ttl: 14400
cache-min-ttl: 900
do-tcp: yes
do-udp: yes
hide-identity: yes
hide-version: yes
interface: 0.0.0.0
minimal-responses: yes
prefetch: yes
qname-minimisation: yes
rrset-roundrobin: yes
ssl-upstream: no
tcp-upstream: yes
use-caps-for-id: yes
verbosity: 1
do-ip4: yes
do-ip6: yes
outgoing-port-permit: "10240-65335"
outgoing-range: 60
num-queries-per-thread: 30
msg-buffer-size: 8192
infra-cache-numhosts: 200
msg-cache-size: 100k
rrset-cache-size: 100k
key-cache-size: 100k
neg-cache-size: 10k
target-fetch-policy: "2 1 0 0 0 0"
harden-large-queries: yes
harden-short-bufsize: yes
include: "/etc/unbound/accelerated-domains.china.unbound.conf"
include: "/etc/unbound/apple.china.unbound.conf"
include: "/etc/unbound/google.china.unbound.conf"
forward-zone:
name: "."
forward-addr: 1.1.1.1@853
forward-addr: 8.8.8.8@853
forward-addr: 114.114.114.114
```

13 replies • 2019-06-24 09:02:30 +08:00

Alozxy

Jun 22, 2019 via Android

114dns 不支持 doh，换 cloudflare 地址

Alozxy

Jun 22, 2019 via Android

还有，853 是 dot 的端口，443 才是 doh 的

imswing

Jun 22, 2019 via iPhone

@Alozxy 那我上面 include 的 china list 里面用 114 可以吗？

Alozxy

Jun 22, 2019 via Android

@imswing 不知道你文件内容，不过要分流的话直接用 dnsmasq 分流应该更好，脚本很成熟了

qcts33

Jun 22, 2019

unbound 支持 doh 了吗？我记得是只支持 dot 的，doh 似乎是还在弄
https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=1200

love4taylor

PRO

Jun 22, 2019

forward-ssl-upstream: yes 哪去了.... 以及 DoT 为啥和普通 DNS 混用...

love4taylor

PRO

Jun 22, 2019

具体写法参照 https://github.com/dns-sb/DoT/blob/master/example/unbound.conf

imswing

Jun 22, 2019 via iPhone

@Love4Taylor 谢谢，我是看着网上的配置，太老了。

zimonianhua

Jun 23, 2019 via Android

可以参考这个，https://github.com/xyzmos/GeekDNS

love4taylor

PRO

Jun 23, 2019 via Android

@zimonianhua 这种方案还是别了吧, 题主不向外提供服务, 要用 DoH 直接一个 https_dns_proxy 就行.

imswing

Jun 23, 2019 via iPhone

@Love4Taylor

```
server:
port: 5335
hide-version: yes
interface: 127.0.0.1
prefetch: yes
tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
tls-upstream: yes
forward-zone:
name: "."
forward-tls-upstream: yes
forward-addr: 8.8.4.4@853
forward-addr: 1.0.0.1@853
```

这样改了还是不行

johnjiang85

Jun 24, 2019

interface:127.0.0.1@5335
interface:127.0.0.1@853

johnjiang85

Jun 24, 2019

@johnjiang85 忽略