建立DNS服务器加速网络访问

自己建立DNS主要是想实现翻墙的功能(可以通过指定特定网站的IP来避免DNS污染,与HOSTS文件的作用类似),于此同时还可以加速Appstore等网站的载入速度(服务器位于局域网内,域名解析速度更快、更安全)。

自己建立DNS只需要一个简单的Linux服务器(瘦客户端、树莓派等小型设备都可以),本文以centos7为例介绍如何搭建DNS。

1.安装bind

1
yum install bind

2.修改named服务配置

修改/etc/named.conf文件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
//监听的端口和允许访问的网络(建议改成any或内网网段)
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
//允许查询的网络(建议改成any或内网网段)
allow-query { any; };

/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;

forwarders {
//转发的DNS,可根据需要自行设置
114.114.114.114;
192.168.1.1;
};

dnssec-enable no;
dnssec-validation no;

/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";

managed-keys-directory "/var/named/dynamic";

pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};

logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};

zone "." IN {
type hint;
file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

3.启动服务

1
2
systemctl enable named
systemctl start named

4.修改局域网设备的DNS地址

通过在设备上直接修改或者修改路由器里的DHCP配置,将DNS服务器地址改为服务器的地址即可。

 

实测appstore打开速度快了许多,以前经常打不开