1.什么是DNS泄漏
DNS泄漏顾名思义,你访问的域名没有交给你设置的公共DNS解析,而是直接发送到了本地ISP在某些国家,本地ISP的DNS会收集用户信息,进行不可描述的事情
DNS泄漏检测网站地址
https://dnsleaktest.com/
https://ipleak.net/
2.DNS泄漏的原因
2.1客户端不支持远程DNS2.2设置了第三方DNS,但是被DNS劫持,甚至ISP抢答DNS
3.如何防止DNS泄露
使用DoH或者DoT加密DNS,可以有效解决由于大部分浏览器已经支持DoH,直接设置即可
https://www.livelu.com/201910367.html
对于其他软件,可以使用相关客户端解决
4. Windows使用cloudflared DoH客户端
4.1下载cloudflared daemon 客户端,并安装
默认配置文件地址:
C:\Windows\system32\config\systemprofile\.cloudflared\config.yml
4.2 输入命令查看是否安装了cloudflared daemon 客户端
cloudflared --version
4.3 启动cloudflared客户端,并且监听53端口
cloudflared proxy-dns
cloudflared proxy-dns --port 5553
4.4 将cloudflared客户端设置为服务,开机启动
cloudflared service install
sc start cloudflared
4.5 验证cloudflared客户端有效性
nslookup cloudflare.com 127.0.0.1
5.路由器使用DNSCrypt-Proxy客户端
5.1DNSCrypt-Proxy客户端安装和配置
根据你的路由器型号下载相关文件cd /tmp/tmp curl -k -o /tmp/tmp/dnscrypt-proxy-linux_arm-2.1.1.tar.gz https://ghproxy.com/https://github.com/DNSCrypt/dnscrypt-proxy/releases/download/2.1.1/dnscrypt-proxy-linux_arm-2.1.1.tar.gz tar zxvf dnscrypt-proxy-linux_arm-2.1.1.tar.gz mv /tmp/tmp/linux-arm /etc/dnscrypt-proxy cd /etc/dnscrypt-proxy cp example-dnscrypt-proxy.toml dnscrypt-proxy.toml curl -k -o /etc/dnscrypt-proxy/public-resolvers.md http://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md curl -k -o /etc/dnscrypt-proxy/relays.md http://download.dnscrypt.info/resolvers-list/v3/relays.md sed -i 's/127.0.0.1:53/127.0.0.1:5335/g' /etc/dnscrypt-proxy/dnscrypt-proxy.toml sed -i 's/9.9.9.9/208.67.222.222/g' /etc/dnscrypt-proxy/dnscrypt-proxy.toml sed -i 's/cache\s=\strue/cache = false/g' /etc/dnscrypt-proxy/dnscrypt-proxy.toml sed -i 's/refresh_delay =.*/refresh_delay =99999/g' /etc/dnscrypt-proxy/dnscrypt-proxy.toml sed -i "s@# server_names =.*@server_names =['cisco','cisco-doh','cisco-sandbox','cisco-familyshield']@g" /etc/dnscrypt-proxy/dnscrypt-proxy.toml sed -i "s@.*/v3/public-resolvers.md.*@urls = ['http://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md']@g" /etc/dnscrypt-proxy/dnscrypt-proxy.toml sed -i "s@.*/v3/relays.md.*@urls = ['http://download.dnscrypt.info/resolvers-list/v3/relays.md']@g" /etc/dnscrypt-proxy/dnscrypt-proxy.toml /etc/dnscrypt-proxy/dnscrypt-proxy -service install /etc/init.d/dnscrypt-proxy start sed -i '1i\sleep 60\n/etc/init.d/dnscrypt-proxy start\n' /etc/rc.local
5.2配置dnsmasq解析转发
sed -i '1i\server=127.0.0.1#5335\nno-resolv\nno-poll\ncache-size=300\nmax-cache-ttl=600\nmax-ttl=600\n' /etc/dnsmasq.conf /etc/init.d/dnsmasq restart
5.3 卸载dnscrypt-proxy(备用)
/etc/dnscrypt-proxy/dnscrypt-proxy -list /etc/dnscrypt-proxy/dnscrypt-proxy -resolve google.com /etc/dnscrypt-proxy/dnscrypt-proxy check /etc/init.d/dnscrypt-proxy stop /etc/init.d/dnscrypt-proxy uninstall killall dnscrypt-proxy rm -rf /etc/dnscrypt-proxy
5.4自定义DNS地址(可选)
CF的静态IP地址
[static.'cf-doh-a'] stamp = 'sdns://AgAAAAAAAAAADDE2Mi4xNTkuMzYuMQAMMTYyLjE1OS4zNi4xCi9kbnMtcXVlcnk' [static.'cf-doh-b'] stamp = 'sdns://AgAAAAAAAAAADDE2Mi4xNTkuNDYuMQAMMTYyLjE1OS40Ni4xCi9kbnMtcXVlcnk'
5.5 手动升级(可选)
cd /tmp/tmp curl -k -o /tmp/tmp/dnscrypt-proxy-linux_arm-2.1.2.tar.gz https://ghproxy.com/https://github.com/DNSCrypt/dnscrypt-proxy/releases/download/2.1.2/dnscrypt-proxy-linux_arm-2.1.2.tar.gz tar zxvf dnscrypt-proxy-linux_arm-2.1.2.tar.gz cp -f /tmp/tmp/linux-arm/dnscrypt-proxy /etc/dnscrypt-proxy/dnscrypt-proxy
参考文章:
https://developers.cloudflare.com/1.1.1.1/encrypted-dns/dns-over-https/dns-over-https-client
https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-on-OpenWrt
https://dnscrypt.info/stamps/
此处评论已关闭