举个不十分恰当的例子,把互联网比作城市供水,每个地区自来水厂提供的水质和你所在管网末端位置的不同,有些家庭会明智的选择使用前置净水器,可以解决管道中的二次污染、软化水质、阻止水垢、防止锈蚀、保护净水器,当然还有太阳能和燃气热水器等等,但最终享受干净水的是人。精致的家庭还会使用厨下式厨余垃圾处理器,而落后的家庭甚至都不知道什么是前置净水器、什么是厨余处理器。所以总会有精致的家庭和落后的家庭,知识是永远不对称的存在着。互联网和供水一样,有大带宽和小带宽,有管网污染的问题,有被政府监控和被黑客偷窥的问题,还有烦人的广告问题,无论是视频前和视频中的广告,所以在入户光猫之后的主路由器上安装并使用私人DNS(AdGuard Home),就可以有助于“清洗流量”,虽然那些广告和监控程序不是DDOS的攻击,但一样是不可忽视的。
我在主路由的5353端口部署了AdGuard Home,另外,在家里的其他两个路由的53端口也部署了AdGuard Home,然后自定义配置文件 “dnsmasq.conf”
all-servers
dhcp-option=252,”\n”
server=10.1.1.2
server=10.1.1.3
server=127.0.0.1#5353 #AdGuardHome
no-resolv #AdGuardHome
dns-forward-max=1000 #AdGuardHome
按照这样的设置,路由器会同时查询内网的三台AdGuard Home,大大提高稳定性,三台垮一台甚至两台都不影响上网,而且私人DNS服务都在内网,ping值都小于1毫秒,独立硬件,解析速度也有保障,算是榨干所有路由硬件性能了。
另外upstream_dns的设置,如果你想用DNS-over-TLS可以这样,好处是这样做可以避免ISP通过分析你的DNS请求掌握你的上网行为。
- tls://dns.adguard.com
- tls://dns.quad9.net
- tls://1.1.1.1
如果你用的是浙江移动的光纤宽带,常规ipv4,速度快且稳定。
- 211.140.188.188
- 211.140.13.188
- 223.5.5.5
- 223.6.6.6
如果你想启用ipv6的解析(但是启用后不能过滤视频的广告)
- 2409:8028:2000::1111
- 2409:8028:2000::2222
- 2620:0:ccc::2
- 2620:0:ccd::2
(适合不外插U盘opt,v.0.98.1版需要把最后那个schema_version:的3改成4)
bind_host: 0.0.0.0
bind_port: 3000
auth_name: maxlay
auth_pass: “821025”
language: zh-cn
rlimit_nofile: 0
dns:
bind_host: 0.0.0.0
port: 53
protection_enabled: true
filtering_enabled: true
blocking_mode: nxdomain
blocked_response_ttl: 10
querylog_enabled: true
ratelimit: 20
ratelimit_whitelist: []
refuse_any: true
bootstrap_dns:
- 1.1.1.1:53
all_servers: true
allowed_clients: []
disallowed_clients: []
blocked_hosts: []
parental_sensitivity: 0
parental_enabled: false
safesearch_enabled: false
safebrowsing_enabled: false
resolveraddress: “”
upstream_dns: - 211.140.188.188
- 211.140.13.188
- 223.5.5.5
- 223.6.6.6
tls:
enabled: false
server_name: “”
force_https: false
port_https: 443
port_dns_over_tls: 853
certificate_chain: “”
private_key: “”
filters: - enabled: true
url: https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt
name: AdGuard Simplified Domain Names filter
id: 1 - enabled: true
url: https://adaway.org/hosts.txt
name: AdAway
id: 2 - enabled: true
url: https://hosts-file.net/ad\_servers.txt
name: hpHosts - Ad and Tracking servers only
id: 3 - enabled: true
url: https://www.malwaredomainlist.com/hostslist/hosts.txt
name: MalwareDomainList.com Hosts List
id: 4 - enabled: true
url: https://raw.githubusercontent.com/user1121114685/koolproxyR\_rule\_list/master/kpr\_our\_rule.txt
name: kpr_our_rule
id: 1566751157 - enabled: true
url: https://easylist-downloads.adblockplus.org/yt\_annoyances\_full.txt
name: ‘Youtube: Pure Video Experience’
id: 1566751158 - enabled: true
url: https://raw.githubusercontent.com/xinggsf/Adblock-Plus-Rule/master/ABP-FX.txt
name: ABP-FX
id: 1566751159 - enabled: true
url: https://easylist-downloads.adblockplus.org/easylistchina.txt
name: EasyList China
id: 1566751160 - enabled: true
url: https://raw.githubusercontent.com/Zereao/AD\_Rules/master/ChinaList%2BEasyList(%E4%BF%AE%E6%AD%A3).txt
name: ChinaList+EasyList(修正)
id: 1566751161 - enabled: false
url: https://raw.githubusercontent.com/hl2guide/All-in-One-Customized-Adblock-List/master/deanoman-adblocklist.txt
name: “\U0001F60D All-in-One Customized Adblock List 2.7”
id: 1566752994 - enabled: true
url: https://raw.githubusercontent.com/vokins/yhosts/master/hosts.txt
name: vokins
id: 1566752995 - enabled: true
url: https://raw.githubusercontent.com/jdlingyu/ad-wars/master/hosts
name: jdlingyu
id: 1566752996 - enabled: true
url: https://hosts.nfz.moe/full/hosts
name: nfz
id: 1566752997
user_rules: - “”
dhcp:
enabled: false
interface_name: “”
gateway_ip: “”
subnet_mask: “”
range_start: “”
range_end: “”
lease_duration: 86400
icmp_timeout_msec: 1000
clients: []
log_file: “”
verbose: false
schema_version: 3