SmartDNS Proxy to hide your GeoLocation. Based on DnsDist and SniProxy
- Zattoo
- Yallo.tv
- Netflix
- Hulu
- Amazon Prime
- SRF.ch (live tv)
You will need a VPS or a Root Server where you can install Docker (or Docker is already installed).
## run this in your terminal or use your webbrowser
curl https://ifconfig.me
For this example i we assume your public ip (of your client) is 10.111.123.7
curl https://ifconfig.me
For this example i we assume your public ip (of your server) is 10.111.123.8
docker run -d --name snidust -e ALLOWED_CLIENTS="127.0.0.1, 10.111.123.7" -e EXTERNAL_IP=10.111.123.8 -p 443:443 -p 80:80 -p 53:5300/udp ghcr.io/seji64/snidust:main
Or if you use docker-compose:
version: '3.3'
services:
snidust:
container_name: snidust
environment:
- 'ALLOWED_CLIENTS=127.0.0.1, 10.111.123.7'
- EXTERNAL_IP=10.111.123.8
- SPOOF_ALL_DOMAINS=false # Set to true (case sensetive!) if you want spoof ALL domains.
ports:
- '443:443'
- '80:80'
- '53:5300/udp'
image: 'ghcr.io/seji64/snidust:main'
docker logs snidust
The logs should look something like this:
...
Webserver launched on 127.0.0.1:8083
Marking downstream 1.0.0.1:443 as 'up'
Marking downstream dns.google (8.8.8.8:853) as 'up'
Marking downstream dns.google (8.8.4.4:853) as 'up'
Marking downstream 1.1.1.1:443 as 'up'
Polled security status of version 1.7.1 at startup, no known issues reported: OK
Change your network settings and set as DNS Server 10.111.123.8 (PUBLIC_VPS_IP)
Your GeoLaction should now hidden :-)
In this case you either run another service (like Pi-Hole) which already uses this Port or you likely use an linux distribution which uses systemd.
In case systemd is already using port 53 you can follow this Guide to free up this port.
The default is the following:
Generate a warning if we detect a query rate above 800 qps for at least 60s."
If the query rate raises above 1000 qps for 60 seconds, we'll block the client for 360s."
To customize this behavior you can use the following environment variables:
DNSDIST_RATE_LIMIT_WARN (default: 800)
DNSDIST_RATE_LIMIT_BLOCK (default: 1000)
DNSDIST_RATE_LIMIT_BLOCK_DURATION (default: 360)
DNSDIST_RATE_LIMIT_EVAL_WINDOW (default: 60)
If you want disable Rate Limiting completely set DNSDIST_RATE_LIMIT_DISABLE to true
By default SniDust is using Cloudflare's and Google's DNS Servers as Upstream. To use your own/custom upstream DNS Server you have to do the following:
- Create a file named 99-customUpstream.conf
- Use the DNSDist Documentation to create you own upstream pool.
Example:
newServer("192.0.2.1", name="custom1", pool="customUpstream") newServer("192.0.2.2", name="custom2", pool="customUpstream") - Ensure you have set a
pooland it is NOT namedupstream(this name is already used by sniDust itself) - Set Environment Variable
DNSDIST_UPSTREAM_POOL_NAMEto your pool name (here:customUpstream) - Map your file
99-customUpstream.conf... volumes: - ~/99-customUpstream.conf:/etc/dnsdist/conf.d/99-customUpstream.conf ...
In case you want to add custom domains which not included by default, this can be done easily.
Create a file with the name 99-custom.lst. Insert all your custom domains in this file.
docker run --name snidust -e ALLOWED_CLIENTS="127.0.0.1, 10.111.123.7" -e EXTERNAL_IP=10.111.123.8 -p 443:443 -p 80:80 -p 53:5300/udp -v ~/99-custom.lst:/etc/snidust/domains.d/99-custom.lst:ro ghcr.io/seji64/snidust:main
Or if you use docker-compose:
version: '3.3'
services:
snidust:
container_name: snidust
environment:
- 'ALLOWED_CLIENTS=127.0.0.1, 10.111.123.7'
- EXTERNAL_IP=10.111.123.8
ports:
- '443:443'
- '80:80'
- '53:5300/udp'
volumes:
- '~/99-custom.lst:/etc/snidust/domains.d/99-custom.lst:ro'
image: 'ghcr.io/seji64/snidust:main'
If you don't want to maintain a list of domains and you just want to spoof everything set SPOOF_ALL_DOMAINS to true
version: '3.3'
services:
snidust:
container_name: snidust
environment:
- 'ALLOWED_CLIENTS=127.0.0.1, 10.111.123.7'
- EXTERNAL_IP=10.111.123.8
- SPOOF_ALL_DOMAINS=true
...
In case you want to have a dynamic ALLOWED_CLIENTS ACL's change your docker-compose to this:
version: '3.3'
services:
snidust:
container_name: snidust
environment:
- 'ALLOWED_CLIENTS_FILE=/tmp/myacls.acl'
- EXTERNAL_IP=10.111.123.8
ports:
- '443:443'
- '80:80'
- '53:5300/udp'
volumes:
- '~/myacls.acl:/tmp/myacls.acl:ro'
image: 'ghcr.io/seji64/snidust:main'
Then you can reload your acls by querying a specific dns name:
# assuming 10.11.123.8 is your ip of your Server where snidust runs
dig @10.111.123.8 reload.acl.snidust.local
You should see in the logs (docker logs snidust) snidust has reloaded your acl's
[SniDust] *** Reloading ACL... ***
...
[SniDust] *** ACL reload complete! ***
In case you added custom domains like above, updates the 99-custom.lst file but don't want to restart your SniDust container each time, you can reload all domains with a custom dns question.
# assuming 10.11.123.8 is your ip of your Server where snidust runs
dig @10.111.123.8 reload.domainlist.snidust.local
You should see in the logs (docker logs snidust) snidust has reloaded your domain
[SniDust] Reloading domain lists..
...
[SniDust] *** End of Domain List ***
[SniDust] Domain Lists reloaded!
Based on the following projects: