海运的博客

dnsstamps解析和创建sdns DNS Stamp

发布时间:December 24, 2019 // 分类: // No Comments

安装dnsstamps:

apt-get install python3-pip
python3 -m pip install --user dnsstamps
export PATH=$PATH:~/.local/bin/ 

查看使用方法:

dnsstamp.py -h
dnsstamp.py dot -h

cloudflare-dns.com dns over tls构建sdns示例:

dnsstamp.py dot -a 1.1.1.1 -n cloudflare-dns.com -l -f
DoT DNS stamp
=============

DNSSEC: no
No logs: yes
No filter: yes
IP Address: 1.1.1.1
Hostname: cloudflare-dns.com
Hashes: []
Bootstrap IPs: []

sdns://AwYAAAAAAAAABzEuMS4xLjEAEmNsb3VkZmxhcmUtZG5zLmNvbQ

解析sdns:

dnsstamp.py parse sdns://AwYAAAAAAAAABzEuMS4xLjEAEmNsb3VkZmxhcmUtZG5zLmNvbQ

https://github.com/chrisss404/python-dnsstamps

openwrt arm64 openwrt images

发布时间:December 24, 2019 // 分类: // No Comments

N1盒子可用:

wget https://downloads.openwrt.org/releases/18.06.5/targets/armvirt/64/openwrt-18.06.5-armvirt-64-default-rootfs.tar.gz
docker import openwrt-18.06.5-armvirt-64-default-rootfs.tar.gz openwrt:18.06.5

此内容被密码保护

发布时间:December 22, 2019 // 分类: // No Comments

请输入密码访问

dnsmasq过滤/阻止ipv6域名查询

发布时间:December 16, 2019 // 分类: // 2 Comments

dnsmasq最新版本2.80增加了指定域名返回空的选项,通过此可以过滤ipv6查询:

#所有com域名禁止ipv6查询
server=/com/8.8.8.8
address=/com/::
#所有域名过滤ipv6查询
server=/#/8.8.8.8
address=/#/::

dnsmasq 2.78版本可使用此patch过滤ipv6 aaaa查询。
https://github.com/flyinprogrammer/dnsmasq-alpine-docker
unbound过滤ipv6见:
https://www.haiyun.me/archives/1303.html

https://discourse.pi-hole.net/t/solved-disable-aaaa-response-for-a-given-domain/13143
http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html
http://www.thekelleys.org.uk/dnsmasq/CHANGELOG

ubuntu下交叉编译PandoraBox/潘多拉 k2p/mipsel软件openssl和smartdns

发布时间:December 16, 2019 // 分类: // No Comments

交叉编译环境配置,使用PandoraBox提供的SDK:

apt install build-essential -y
wget https://downloads.pangubox.com/pandorabox/18.10/targets/ralink/mt7621/PandoraBox-SDK-ralink-mt7621_gcc-5.5.0_uClibc-1.0.x.Linux-x86_64.tar.xz
tar xf PandoraBox-SDK-ralink-mt7621_gcc-5.5.0_uClibc-1.0.x.Linux-x86_64.tar.xz 
mv PandoraBox-SDK-ralink-mt7621_gcc-5.5.0_uClibc-1.0.x.Linux-x86_64 PandoraBox
export STAGING_DIR=/root/PandoraBox/staging_dir/
export PKG_CONFIG_PATH=/root/PandoraBox/staging_dir/target-mipsel_1004kc+dsp_uClibc-1.0.x/usr/lib/pkgconfig/
export PATH=$PATH:/root/PandoraBox/staging_dir/toolchain-mipsel_1004kc+dsp_gcc-5.5.0_uClibc-1.0.x/bin/
export CC=mipsel-openwrt-linux-gcc
export RANLIB=mipsel-openwrt-linux-ranlib
export AR=mipsel-openwrt-linux-ar
export LD=mipsel-openwrt-linux-ld

潘多拉SDK自带openssl版本为1.1.0,为使用tls1.3编译安装最新版openssl1.1.1:

wget https://www.openssl.org/source/openssl-1.1.1d.tar.gz
tar zxvf openssl-1.1.1d.tar.gz
 ./config no-asm shared --prefix=/usr/local/openssl-mipsel
sed -i 's/-m64//g' Makefile
make && make install

编译smartdns:

git clone https://github.com/pymumu/smartdns.git
cd smartdns/src/
CFLAGS=-I/usr/local/openssl-mipsel/include/ LDFLAGS=-L/usr/local/openssl-mipsel/lib/ make
#不额外安装openssl,使用sdk自带的openssl
#CFLAGS=-I/root/PandoraBox/staging_dir/target-mipsel_1004kc+dsp_uClibc-1.0.x/usr/include/ LDFLAGS=-L/root/PandoraBox/staging_dir/target-mipsel_1004kc+dsp_uClibc-1.0.x/usr/lib/ make

静态编译包含openssl,修改Makefile:

ifeq ($(STATIC), yes)
LDFLAGS += -Wl,-dn -lssl -lcrypto -Wl,-dy -lpthread -ldl -lc -lgcc_eh
#LDFLAGS += -Wl,-dn -lssl -lcrypto -Wl,-dy,--whole-archive -lpthread -Wl,--no-whole-archive -ldl -lc -lgcc_eh

静态编译:

STATIC=yes CFLAGS=-I/usr/local/openssl-mipsel/include/ LDFLAGS=-L/usr/local/openssl-mipsel/lib/ make 

如果以非root运行smartdns且使用ping测速,需设置cap_net_raw,不然不能发送icmp ping:

#setcap cap_net_raw+eip /usr/local/bin/smartdns 
#cap_net_bind_service允许非root监听53端口,ipset需要cap_net_admin权限
setcap cap_net_bind_service,cap_net_raw,cap_net_admin=+eip /usr/local/bin/smartdns

或直接使用systemd:

AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW

由于使用静态编译openssl1.1文件较大,不使用tls1.3可使用自带的openssl1.0动态编译:

CFLAGS=-I/root/PandoraBox/staging_dir/target-mipsel_1004kc+dsp_uClibc-1.0.x/usr/include/ LDFLAGS=-L/root/PandoraBox/staging_dir/target-mipsel_1004kc+dsp_uClibc-1.0.x/usr/lib/ make

参考:
https://www.boris1993.com/linux/allow-non-root-process-to-bind-low-numbered-ports.html

分类
最新文章
最近回复
  • 海运: 关闭服务器
  • 海风: override.battery.charge.low以及override.battery.r...
  • koldjf: 不能过滤
  • 杰迪武士: 此文甚好甚强巨,依照此文在树莓派2 + Rasbian上部署成功 感谢博主美文共赏
  • 海运: ups不知有没选项可设置此参数,不过你可以在另外一台电脑上安装nut客户端自动关机。
  • kgami: 想请教一下,设置了的电脑自动关机之后,几秒后UPS怎么也跟着关机了,导致另外一台电脑没关机就断...
  • 海运: 写的很详细了啊,/etc/nut/hosts.conf用以nut-cgi连接nut服务器参数,...
  • ryan: 请问下nginx配置好了,怎么和这个nut链接呢?最后可视化管理这块能给个详细一点的教程么?谢谢。
  • 1: /etc/config/fstab配置文件 https://openwrt.org/zh/do...
  • 听雨看雪: 找了好久,终于找到UP主,给出的正确解决方案,太感谢了,困扰大半年的问题,重装了N道PVE系统...