只要我劫持了我自己,就没人能劫持到我。(^-^)
安装及配置 Unbound
安装:
1
| sudo apt install unbound -y
|
编辑 /etc/unbound/unbound.conf
:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
| #include-toplevel: "/etc/unbound/unbound.conf.d/*.conf"
server:
log-queries: yes
verbosity: 1
#auto-trust-anchor-file: "/var/lib/unbound/root.key"
interface: 0.0.0.0
access-control: 0.0.0.0/0 allow
port: 53
tls-system-cert: yes
qname-minimisation: yes
local-data: "gw. A 172.16.0.2"
forward-zone:
name: "."
forward-addr: 175.24.154.66@853#rubyfish.cn
forward-addr: 120.53.53.53@853#dot.pub
forward-tls-upstream: yes
|
开机自启与重启:
1
2
| sudo systemctl enable --now unbound
sudo systemctl restart unbound
|
日志查询:
1
| sudo journalctl -f -u unbound
|
使用 Nftables 劫持内网 DNS (仍需改进)
编辑 /etc/nftables.conf
1
2
3
4
5
6
| table ip nat {
chain prerouting {
type nat hook prerouting priority dstnat; policy accept;
ip saddr 172.16.0.0/16 udp dport 53 dnat to 172.16.0.2:53 comment dns_hijack
}
}
|
立即生效:
1
| sudo nft -f /etc/nftables.conf
|
树莓派旁路由「五」:开启 DNS 加密杜绝 DNS 劫持
转载或引用本文时请遵守许可协议,注明出处、不得用于商业用途!