某些服务商不允许长时间大量请求dns
unbound别碰了,不行
用coredns进行dns over tls查询,同时负载均衡下
记录下部署记录

Debian 10
coredns latest

wget https://github.com/coredns/coredns/releases/download/v1.8.1/coredns_1.8.1_linux_amd64.tgz
tar zxvf coredns_1.8.1_linux_amd64.tgz
# 这里的路径是因为官方给的service文件里面写的路径是这个,有需求可以自己换
mv coredns /usr/bin/coredns
mkdir /etc/coredns
wget -O /etc/systemd/system/coredns.service https://raw.githubusercontent.com/coredns/deployment/master/debian/coredns.service
systemctl daemon-reload

Corefile内容如下

cat /etc/coredns/Corefile
.:53 {
    bind 127.0.0.1
    forward . 127.0.0.1:5301 127.0.0.1:5302 127.0.0.1:5303
    log
}
.:5301 {
    bind 127.0.0.1
   forward . tls://9.9.9.9 {
       tls_servername dns.quad9.net
   }
}
.:5302 {
    bind 127.0.0.1
    forward . tls://1.1.1.1 tls://1.0.0.1 {
        tls_servername 1dot1dot1dot1.cloudflare-dns.com
    }
}
.:5303 {
    bind 127.0.0.1
    forward . tls://8.8.8.8 tls://8.8.4.4 {
        tls_servername dns.google
    }
}

设置开机启动
同时启动coredns

systemctl enable coredns
systemctl start coredns

或者懒点

systemctl enable coredns --now

最后手动指定nameserver到127.0.0.1即可

标签: coredns, debian, linux, dns

添加新评论