From ea91d30aca48863b9db7abe773ebefc623d9e5e7 Mon Sep 17 00:00:00 2001 From: Harry Ying Date: Sat, 10 Aug 2024 16:35:21 +0800 Subject: [PATCH] fix(dns): use dae to cache DNS queries --- cfgs/deck/networking.nix | 55 +--------------------------- cfgs/x1c7/networking.nix | 54 +--------------------------- misc/dcompass_settings.nix | 71 +++++++++++++++++++++++++++++++++++++ secrets/dae_config.age | Bin 1779 -> 1799 bytes 4 files changed, 73 insertions(+), 107 deletions(-) create mode 100644 misc/dcompass_settings.nix diff --git a/cfgs/deck/networking.nix b/cfgs/deck/networking.nix index f545892..7f8c57a 100644 --- a/cfgs/deck/networking.nix +++ b/cfgs/deck/networking.nix @@ -43,59 +43,6 @@ my.dcompass = { enable = true; package = pkgs.dcompass.dcompass-maxmind; - settings = { - cache_size = 1024; - upstreams = { - domestic = { hybrid = [ "feic" "ali" "aliudp" ]; }; - - secure = { hybrid = [ "cloudflare" "quad9" ]; }; - - feic = { udp = { addr = "[240C::6666]:53"; }; }; - - aliudp = { udp = { addr = "223.5.5.6:53"; }; }; - - ali = { tls = { domain = "dns.alidns.com"; max_reuse = 100; reuse_timeout = 5000; addr = "223.6.6.6:853"; }; }; - - cloudflare = { - https = { - timeout = 4; - # addr = "2606:4700:4700::1111"; - addr = "104.16.248.249"; - uri = "https://cloudflare-dns.com/dns-query"; - }; - }; - - quad9 = { - https = { - timeout = 4; - addr = "9.9.9.9"; - uri = "https://dns.quad9.net/dns-query"; - }; - }; - }; - script = ''pub async fn init() { - let domain = Domain::new() - // .add_file("${pkgs.chinalist}/google.china.raw.txt")? - // .add_file("${pkgs.chinalist}/apple.china.raw.txt")? - .add_file("${pkgs.chinalist}/accelerated-domains.china.raw.txt")?.seal(); - - Ok(#{"domain": Utils::Domain(domain)}) - } - - pub async fn route(upstreams, inited, ctx, query) { - // if query.first_question?.qtype == "AAAA" { return blackhole(query); } - - if inited.domain.0.contains(query.first_question?.qname) { - query.push_opt(ClientSubnet::new(u8(15), u8(0), IpAddr::from_str("58.220.0.0")?).to_opt_data())?; - upstreams.send_default("domestic", query).await - } else { - upstreams.send("secure", CacheMode::Persistent, query).await - } - } - ''; - - address = "127.0.0.1:53"; - verbosity = "warn"; - }; + settings = (import ../../misc/dcompass_settings.nix { inherit pkgs; }); }; } diff --git a/cfgs/x1c7/networking.nix b/cfgs/x1c7/networking.nix index d962336..6a1a0aa 100644 --- a/cfgs/x1c7/networking.nix +++ b/cfgs/x1c7/networking.nix @@ -36,58 +36,6 @@ my.dcompass = { enable = true; package = pkgs.dcompass.dcompass-maxmind; - settings = { - cache_size = 1024; - upstreams = { - domestic = { hybrid = [ "feic" "ali" "aliudp" ]; }; - - secure = { hybrid = [ "cloudflare" "quad9" ]; }; - - feic = { udp = { addr = "[240C::6666]:53"; }; }; - - aliudp = { udp = { addr = "223.5.5.6:53"; }; }; - - ali = { tls = { domain = "dns.alidns.com"; max_reuse = 100; reuse_timeout = 5000; addr = "223.6.6.6:853"; }; }; - - cloudflare = { - https = { - timeout = 4; - # addr = "2606:4700:4700::1111"; - addr = "104.16.248.249"; - uri = "https://cloudflare-dns.com/dns-query"; - }; - }; - - quad9 = { - https = { - timeout = 4; - addr = "9.9.9.9"; - uri = "https://dns.quad9.net/dns-query"; - }; - }; - }; - script = ''pub async fn init() { - let domain = Domain::new() - // .add_file("${pkgs.chinalist}/google.china.raw.txt")? - // .add_file("${pkgs.chinalist}/apple.china.raw.txt")? - .add_file("${pkgs.chinalist}/accelerated-domains.china.raw.txt")?.seal(); - - Ok(#{"domain": Utils::Domain(domain)}) - } - - pub async fn route(upstreams, inited, ctx, query) { - // if query.first_question?.qtype == "AAAA" { return blackhole(query); } - - if inited.domain.0.contains(query.first_question?.qname) { - query.push_opt(ClientSubnet::new(u8(15), u8(0), IpAddr::from_str("58.220.0.0")?).to_opt_data())?; - upstreams.send_default("domestic", query).await - } else { - upstreams.send("secure", CacheMode::Standard, query).await - } - } - ''; - address = "127.0.0.1:53"; - verbosity = "warn"; - }; + settings = (import ../../misc/dcompass_settings.nix { inherit pkgs; }); }; } diff --git a/misc/dcompass_settings.nix b/misc/dcompass_settings.nix new file mode 100644 index 0000000..a5e1ef5 --- /dev/null +++ b/misc/dcompass_settings.nix @@ -0,0 +1,71 @@ +{ pkgs }: { + cache_size = 1024; + upstreams = { + domestic = { hybrid = [ "feic" "ali" "aliudp" ]; }; + + secure = { hybrid = [ "cloudflare" "google" "switch" "a-and-a" ]; }; + + feic = { udp = { addr = "[240C::6666]:53"; }; }; + + aliudp = { udp = { addr = "223.5.5.6:53"; }; }; + + ali = { tls = { domain = "dns.alidns.com"; max_reuse = 100; reuse_timeout = 5000; addr = "223.6.6.6:853"; }; }; + + cloudflare = { + https = { + timeout = 4; + # addr = "2606:4700:4700::1111"; + addr = "104.16.248.249"; + uri = "https://cloudflare-dns.com/dns-query"; + }; + }; + + google = { + https = { + timeout = 4; + addr = "8.8.8.8"; + uri = "https://dns.google/dns-query"; + }; + }; + + a-and-a = { + https = { + timeout = 4; + addr = "217.169.20.22"; + uri = "https://dns.aa.net.uk/dns-query"; + }; + }; + + switch = { + https = { + timeout = 4; + addr = "130.59.31.248"; + uri = "https://dns.switch.ch/dns-query"; + }; + }; + }; + script = ''pub async fn init() { + let domain = Domain::new() + // .add_file("${pkgs.chinalist}/google.china.raw.txt")? + // .add_file("${pkgs.chinalist}/apple.china.raw.txt")? + .add_file("${pkgs.chinalist}/accelerated-domains.china.raw.txt")? + .add_qname("flibrary.info")? + .seal(); + + Ok(#{"domain": Utils::Domain(domain)}) + } + + pub async fn route(upstreams, inited, ctx, query) { + // if query.first_question?.qtype == "AAAA" { return blackhole(query); } + + if inited.domain.0.contains(query.first_question?.qname) { + // query.push_opt(ClientSubnet::new(u8(15), u8(0), IpAddr::from_str("58.220.0.0")?).to_opt_data())?; + upstreams.send_default("domestic", query).await + } else { + upstreams.send("secure", CacheMode::Standard, query).await + } + } + ''; + address = "127.0.0.1:53"; + verbosity = "warn"; +} diff --git a/secrets/dae_config.age b/secrets/dae_config.age index 161f8e4ccb5c092a61c5d140ea6ae9e462f559dc..487d32144e513aa11c77dbb57a38b1325cad3fe1 100644 GIT binary patch delta 1775 zcmVhnbudh7 zGC6WHMG8-9HCISxLt;r&c4T95LorTcR&HfCMmI@mY%fD;M`&SWSV~VpR&7O1Q3@?B zEg)%hbt^DaGgx;*L2PVqP-RItMrvy-aZ+YzG*2)~OEzR>On*3bOKf>pM?ngSgq0qV zgX9nysUt~Lr!Z^{YnszaGC5mf1r7ADfz7Qv;{Asw`!L_hIdP_Y5kZJGGz2T=@{(N- zbTBc#Sxt+h)Ij5cz2gwMM!_L1F7pjWAf&hPSD#vS`GwTxk{0l|_c4Hb5dAzrO`I=T zQ0HSr@+D(dWq*r0#CrAn3t~G$83ls&lB#*NT?&moIkj6VyjeXUQXXj2%Da%{^2`3@ zSB;SqXcE5pQl9mUd}NdetB|P;#y^}%Ek`|!^Oi*8+q&JGHyasYdS{a8TYYrMozoO0 zRf?skk^pi*=t)y_as+SSOa;ZgmURAxr%oXqZ$WewpMU1Sm@nuhy@?4gTG0=I8`bze>o`=^-$JWp)g=(ELl1Hn&T-UqPMNuZ5xtEcCG zs0+7`G33xG=g#?=WMDqvlq>3A2FtC&dlXck59k#QzSH@Ii*^dRR><;+8H7g5y|qo^ z72$}Qdw;XDzHCdQHbK5%qz>5yRa9Z-hIS&;9=8^n^7(|u>ZXTwW~x9fWI0P7 zCvxR)#So)Mi%nBGR$)AmjgjZeaBFdbI2rl$`|C|W-AwZy>} zTv*Fx=_oAE(FoTw%bV1$;u||V4i7F(bEf&wmVY36oT&w<(7S#g+zcsG^+#XVhuSF_ z!n7TU!5BW+G@F14;eplU1~q1@G4SN3RYRYW)tepKFB<4X0CRh4WXJV0TIamn_veTDMQTJz?&DP?>-JVM(uw!yocywE+Utn7upCG zWg0*%WMi0uF16)Yl0brS&JKQ=31UtbxdW6krXF_Xx>@YxKIPyu#gQ)w^dA;zAVIHo z<~+B=^Co77ot5|T$?|oc31>r+9cBbP)qgt- zlKjmSO60_Gw?FMRZ&;pS8x{g7R82HgrUlIdh=-2Y+(%BhYd|4m0P=xMAqJ1=1j_jR zM~_veFO8B=TH_#Rk8Wc{An8{TvL4y4e~I-GT!bMPhplonM-id;DXsQ>s=7jk%zufm zo<>rkz#*86CK{I`Jw5Zrms)}h1-E&;Z%?CX+7A1jx{*-@^06yiQ{8G8^|A8|0vEm2 zx1zcDJFIOP?2)awO8jrP9VB<*#wG-OB9>lgp0Lw!HQs}>TO~v#1H+Duq=zpGg+m*~ zn~}5^GIvS52v38>LIWatk4G`p&wmoonOlRj z*5hGId1G!E3sp)=I^Rq@p@Vd)(b%t8Dj3gFPK^pv_50i>^fKm)Km=*0c^`2tWg?+? zsJ=h>j@{;dOQ-y6?>@g`#&XMesF$W0Hs zME!6jX2O-=`8*8-Kv4(I5Uiq+03j&;cgD*UngJ1-^f6yPjbDD=t3Og4w6Gi3qY06Yb$5@UJn46Q?l8tLbt1a zJkxCrhNLXYSx%6}w6eD|ohcw+b=TT`QK}_>oeV7lxW8M4as=cv&9+Bm&t*KyrrYk= z7LS;ZWKmLxk*pTUV@2bW+4~5>i?-SIDZWf7WflQtqgg({RuP2do_~9o46~P|&t9}d zoW%5GsA_8jF40?tqZqW5hr|4VBrrnL;J)9e;&T`dvAn;^T*6Kx2ZSZMy)Uz$@x-DL z+lRYYNf1@7;?M)W2n?d_C_1mR?P^h*^r11Ew@x0I$|hS*lV7rhV55}9MRPBhc@G*y zF=b$NWJ1p!v~QCPb7-3GuE^vQz$DmW`C8fvCxvp2HWR_+n%8XCpax_6^2hWj_O3@R z1jrQ8=~?E%jtz~;+_6mK&7Lx5OaFWgmyVWNhNi);W!kgFIwv0_3+CKp4tLun*SYgX RsU6TVeYwN9xXI7V$6>iROK1Q9 delta 1755 zcmV<11|<214)YC=EPrK0cX3NJbW3PeM>kADXHQscYGYC}VKr`XNi$JbGDBr@D_M6p zcyD7uO$u^EG)rc9OjLMMdQ(AnLv&hZX<|WbbZuyCQ%y=vVQfTfHZV$UYA|^#YYHtb zEg(ljRA*Q>PF7DdNoaU!M`31DWHn}TIdgA$Y*$KBSawlXPk%2_H7{ybLURgy$g4Ea z-Ng^q-OYst{e|S*cRD`Qqbt#nl$xO8>u{&{;o#gyos3a#^*&5AUqhwnD!-d^!XQpy zJ+M353aPJpPDNt7aDkC+oT5z41tSkDNb31bwam=Y>oKb0$eO zQ#0Wtbk2;=41dG6kW)$f<$oBeWWjIC?P`v9!IZ`kFIqDrOk$L67omz|u^i1&f;AUg z1QvNmhBC>>*&9deij&NAF7{pFVE(ct_dN5X=8)kKO<{!#&W3ZQf!cg{@S?Ku*dZ;N zOteT9!u1cBS9%B@Js=<)R)UOQd2Uciw#{u4>ji_}R(}p~6x;(@hN(yhWV+^+-)!8? zDt1|?Wb+Oul$o%}kDhqF?yDCm4pl9u+59>_A(fU{DO_JbglMK$#!&M$2S_8T;6pJr zfAT1U?wORQUy@dlAZ#qWLCNOlG46b4FZy>l%p&`rN1Tt{PTj4@l9ih8TQJ}MRRO?- z(+Q7=5PzfYY@UL=ft5rNaJ)dzUY1JRuNs^8cjzfP;s%3a;lP4-$11=p^r1~N0hq`^ zgO`OTkGFh7tX18OWU5 zn`XL9^_IclBu2z=>-qxuU_0)b51K_}3m*-CJ%0(?{2(#KtWi_TlRXfl=9HXrJi%e_ z(TIVX8%ocP>f;F|Zx)hd+dtSUH@Acp_93q2@^vt+{NzNROFWW4Ypt_*E@SbWD`{U= zZ?aEiBAf;!EE4HcZ-58=9M{3*(u8W&&$Jl^e0Bz_oIPi$8*BrDbbkV5Vr~YuSz;}7 z?0=n8Fb?DwLnoP3D35`Vh^yXqGXQN>9KX==f+pcyH3&x7aG-g8kbAP~5)dPPNg{^NB=latA$NqnX z(09AD9^m~9geci1VaQwj7}wlO5X2nPr;ck*C0k^dMNSr3K(nMCV>tcdCb49ZE zRnf>-oI~M2=fNtqe@!Yw07v5@{3>2Bsp)1*PGF*pIB;xVV)=?fTjx(-pYMZEQsN~0 zhhwl~&WmxeBVs4APD9Weg`4Cie@xqq75$@di5XfTyb z(SWoMJIYTY5}N~oyRIPqd#9P}ALJ9VDYK%YRlAgSN!ha-b`J;&ipma%5Z(66K8mg z!*PW7Lo}rW<6<@_ZB#6HNlU#9nC7Z79El>zH|X8zpz7f6n7&FHGU;@EEO{1?*?Vi$ x%Em8mmI6EDAKC4C0*8o4jfr9=z6>eo{&*X|l9VAK9kf4mupht)TD|42#wwU{Q