海运的博客

dnsstamps解析和创建sdns DNS Stamp

发布时间:December 24, 2019 // 分类: // No Comments

安装dnsstamps:

apt-get install python3-pip
python3 -m pip install --user dnsstamps
export PATH=$PATH:~/.local/bin/ 

查看使用方法:

dnsstamp.py -h
dnsstamp.py dot -h

cloudflare-dns.com dns over tls构建sdns示例:

dnsstamp.py dot -a 1.1.1.1 -n cloudflare-dns.com -l -f
DoT DNS stamp
=============

DNSSEC: no
No logs: yes
No filter: yes
IP Address: 1.1.1.1
Hostname: cloudflare-dns.com
Hashes: []
Bootstrap IPs: []

sdns://AwYAAAAAAAAABzEuMS4xLjEAEmNsb3VkZmxhcmUtZG5zLmNvbQ

解析sdns:

dnsstamp.py parse sdns://AwYAAAAAAAAABzEuMS4xLjEAEmNsb3VkZmxhcmUtZG5zLmNvbQ

https://github.com/chrisss404/python-dnsstamps

openwrt arm64 openwrt images

发布时间:December 24, 2019 // 分类: // No Comments

N1盒子可用:

wget https://downloads.openwrt.org/releases/18.06.5/targets/armvirt/64/openwrt-18.06.5-armvirt-64-default-rootfs.tar.gz
docker import openwrt-18.06.5-armvirt-64-default-rootfs.tar.gz openwrt:18.06.5

此内容被密码保护

发布时间:December 22, 2019 // 分类: // No Comments

请输入密码访问

dnsmasq过滤/阻止ipv6域名查询

发布时间:December 16, 2019 // 分类: // No Comments

dnsmasq最新版本2.80增加了指定域名返回空的选项,通过此可以过滤ipv6查询:

#所有com域名禁止ipv6查询
server=/com/8.8.8.8
address=/com/::
#所有域名过滤ipv6查询
server=/#/8.8.8.8
address=/#/::

dnsmasq 2.78版本可使用此patch过滤ipv6 aaaa查询。
https://github.com/flyinprogrammer/dnsmasq-alpine-docker
unbound过滤ipv6见:
https://www.haiyun.me/archives/1303.html

https://discourse.pi-hole.net/t/solved-disable-aaaa-response-for-a-given-domain/13143
http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html
http://www.thekelleys.org.uk/dnsmasq/CHANGELOG

ubuntu下交叉编译PandoraBox/潘多拉 k2p/mipsel软件openssl和smartdns

发布时间:December 16, 2019 // 分类: // No Comments

交叉编译环境配置,使用PandoraBox提供的SDK:

apt install build-essential -y
wget https://downloads.pangubox.com/pandorabox/18.10/targets/ralink/mt7621/PandoraBox-SDK-ralink-mt7621_gcc-5.5.0_uClibc-1.0.x.Linux-x86_64.tar.xz
tar xf PandoraBox-SDK-ralink-mt7621_gcc-5.5.0_uClibc-1.0.x.Linux-x86_64.tar.xz 
mv PandoraBox-SDK-ralink-mt7621_gcc-5.5.0_uClibc-1.0.x.Linux-x86_64 PandoraBox
export STAGING_DIR=/root/PandoraBox/staging_dir/
export PKG_CONFIG_PATH=/root/PandoraBox/staging_dir/target-mipsel_1004kc+dsp_uClibc-1.0.x/usr/lib/pkgconfig/
export PATH=$PATH:/root/PandoraBox/staging_dir/toolchain-mipsel_1004kc+dsp_gcc-5.5.0_uClibc-1.0.x/bin/
export CC=mipsel-openwrt-linux-gcc
export RANLIB=mipsel-openwrt-linux-ranlib
export AR=mipsel-openwrt-linux-ar
export LD=mipsel-openwrt-linux-ld

潘多拉SDK自带openssl版本为1.1.0,为使用tls1.3编译安装最新版openssl1.1.1:

wget https://www.openssl.org/source/openssl-1.1.1d.tar.gz
tar zxvf openssl-1.1.1d.tar.gz
 ./config no-asm shared --prefix=/usr/local/openssl-mipsel
sed -i 's/-m64//g' Makefile
make && make install

编译smartdns:

git clone https://github.com/pymumu/smartdns.git
cd smartdns/src/
CFLAGS=-I/usr/local/openssl-mipsel/include/ LDFLAGS=-L/usr/local/openssl-mipsel/lib/ make
#不额外安装openssl,使用sdk自带的openssl
#CFLAGS=-I/root/PandoraBox/staging_dir/target-mipsel_1004kc+dsp_uClibc-1.0.x/usr/include/ LDFLAGS=-L/root/PandoraBox/staging_dir/target-mipsel_1004kc+dsp_uClibc-1.0.x/usr/lib/ make

静态编译包含openssl,修改Makefile:

ifeq ($(STATIC), yes)
LDFLAGS += -Wl,-dn -lssl -lcrypto -Wl,-dy -lpthread -ldl -lc -lgcc_eh
#LDFLAGS += -Wl,-dn -lssl -lcrypto -Wl,-dy,--whole-archive -lpthread -Wl,--no-whole-archive -ldl -lc -lgcc_eh

静态编译:

STATIC=yes CFLAGS=-I/usr/local/openssl-mipsel/include/ LDFLAGS=-L/usr/local/openssl-mipsel/lib/ make 

如果以非root运行smartdns且使用ping测速,需设置cap_net_raw,不然不能发送icmp ping:

setcap cap_net_raw+eip /usr/local/bin/smartdns 

systemd:

CapabilityBoundingSet=CAP_NET_RAW

由于使用静态编译openssl1.1文件较大,不使用tls1.3可使用自带的openssl1.0动态编译:

CFLAGS=-I/root/PandoraBox/staging_dir/target-mipsel_1004kc+dsp_uClibc-1.0.x/usr/include/ LDFLAGS=-L/root/PandoraBox/staging_dir/target-mipsel_1004kc+dsp_uClibc-1.0.x/usr/lib/ make
分类
最新文章
最近回复
  • 海运: 缺少相应模块?
  • lee: 你好,我执行这条语句 iptables -t mangle -A PREROUTING -m ...
  • 海运: 只更新rootfs,不更新内核,我在用5.3配19.10,懒得再升最新版了,很稳定。 注意:更...
  • lyly168: 这是手动挂载吧,请问自动挂载要怎么弄?
  • swswsw1: 请问升级后,内核更新了吗?听说N1只有在5.0.2的内核下才稳定,怕升级了之后功耗太高
  • 海运: LOG_LEVEL是配置文件变量,本文配置使用systemd启动在EnvironmentFil...
  • 1: 我源碼沒有任何修改,同樣編譯的在X86上可以正常運行。然後原封不動編譯aarch64就提示以上錯誤。
  • 海运: 你配置变量有问题?LOG_LEVEL? https://github.com/dani-gar...
  • 1: 能共享下发邮箱么,我这编译出来运行报错如下 /------------------------...
  • 海运: 正常运行