Skip to content
A nonpoisonous and CDN-friendly Recursive DNS Resolver
Branch: master
Clone or download
faicker greendns/connection: Fix tcp keep alive on MacOS
bump version to 0.9.10

Signed-off-by: Faicker Mo <faicker.mo@gmail.com>
Latest commit 608793d Apr 9, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
etc/greendns Update localroute.txt and bump version to 0.9.7 Jan 14, 2019
greendns greendns/connection: Fix tcp keep alive on MacOS Apr 9, 2019
tests Fix format and test_tcp_server of connection test Jan 14, 2019
tools
.gitignore
.travis.yml Fix travis build Jan 1, 2019
LICENSE
MANIFEST.in ready for release Feb 26, 2017
Pipfile
README.md
setup.py Add tcp upstream support and version bump to 0.9.4 Dec 30, 2018
tox.ini rename to greendns Dec 5, 2018

README.md

Package Build Status Coverage Status

greendns

A DNS recursive resolve server to avoid result being poisoned and friendly to CDN. It will qeury dns servers at the same time and don't wait for all responses. It's more efficient and quicker than ChinaDNS.

CDN-friendly means the resolved IP is the best(Same ISP and the nearest). The Foreign DNS with edns-client-subnet returned IP is not that accurate, especially for the local small ISP.

You must config at least two dns servers. One part is local and poisoned, the other part is unpoisoned(tunnel through VPN or use OpenDNS 443/5353 port, dnscrypt-proxy is recommended).

How it works

First filter poisoned ip with blocked iplist with -b argument.
Second,
                                       | A record is local | A record is foreign
    local and poisoned dns server      |    a              |   b
    unpoisoned dns server              |    c              |   d

From the matrix, we get the result as follows,
ac: use local dns server result
ad: use local dns server result
bc: impossible. use unpoisoned dns server result
bd: use unpoisoned dns server result

Conclusion,
Using local dns server result if returned A record is local.
Using unpoisoned dns server result if returned A record is Foreign.

It has two assumptions,

  • the polluted domain is foreign.
  • the A record in poisoned response is foreign.

Install

pip install greendns

Run

terminal command

greendns -r greendns

daemon service

go to services

Dockerfile

go to Dockerfile

docker stack (recommended)

go to greendns-stack

Test

dig www.google.com @127.0.0.1 -p1053

Configure

greendns -r greendns -h
usage: greendns [-h] [-r HANDLER] [-p PORT] [-t TIMEOUT] [-l LOGLEVEL]
                [-m MODE] [--lds LDS] [--rds RDS] [-f LOCALROUTE]
                [-b BLACKLIST] [--rfc1918] [--cache]

optional arguments:
  -h, --help
  -r HANDLER, --handler HANDLER
                        Specify handler class, greendns|quickest (default:
                        None)
  -p PORT, --port PORT  Specify listen port or ip (default: 127.0.0.1:1053)
  -t TIMEOUT, --timeout TIMEOUT
                        Specify upstream timeout (default: 1.5)
  -l LOGLEVEL, --log-level LOGLEVEL
                        Specify log level, debug|info|warning|error (default:
                        info)
  -m MODE, --mode MODE  Specify io loop mode, select|epoll (default: select)
  --lds LDS             Specify local poisoned dns servers (default:
                        223.5.5.5:53,114.114.114.114:53)
  --rds RDS             Specify unpoisoned dns servers (default:
                        tcp:208.67.222.220:5353,101.132.183.99:2323)
  -f LOCALROUTE, --localroute LOCALROUTE
                        Specify local routes file (default:
                        /home/etc/greendns/localroute.txt)
  -b BLACKLIST, --blacklist BLACKLIST
                        Specify ip blacklist file (default:
                        /home/etc/greendns/iplist.txt)
  --rfc1918             Specify if rfc1918 ip is local (default: False)
  --cache               Specify if cache is enabled (default: False)

Perf

benchmark result

perf.md

profile

prof.md

Acknowledgements

  • @clowwindy: the author of the ChinaDNS

License

This project is under the MIT license. See the LICENSE file for the full license text.

You can’t perform that action at this time.