ageng/blahdns
1
0
Fork 0
mirror of https://github.com/ookangzheng/blahdns.git synced 2025-12-16 22:25:37 +07:00
Code Issues Projects Releases Wiki Activity

Re init git

Browse Source
This commit is contained in:
ookangzheng
2019-08-04 00:25:17 +08:00
commit a9fadc5d00
67 changed files with 1580436 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
server-conf/unbound/bind.keys Executable file
View File

@@ -0,0 +1,5 @@
trusted-keys {
. 257 3 8 "AwEAAaq+qqsdDHByq/DFR5/u23qcDNOQJzjYBcSfjrGNLdY2+vY+ubhu iz0hG1xk5D+dK78Eh58wZ3tQnsRr3bVNVfcovlx/rdwuw5blez2TT0Et 4IF/3b/RpMpCwSSOWTMGvi0EwIMNsjYWEZlRjcWku3cnAAvSD3YdaRW2 JCKsbkK5OQp2YjuQgIOL7J6f8mN6nkfAWd9L2U9H+TSEnx8gqqkXIEIR WcbdWN1FiCdy3L8CaHbZcttzx5lLOGrjPW+raXn+KaQSU+WW9n2PPOZb NUrQnsW/DJ+b+soNQQbhwFlp/av5VzaxB7/57vEKqj71x+Xu8S0sGpLc Xrkf5p3ri93ScLsJOT11fIlMRIwcKsWZEIIyYzuQeq8MoVTenvN6re/y 872Vb6JBHbBMk0JmsRwkXltz9PINWyvVyqM3PA1bJ4fz8QbqXnTnJiR/ yylhcE8rjPUtnf29NyDN7Co9JzPwnwE74F3k3R18w45L8E5Dt5it2PIA 9/rb6GDMrPAPsa1X82qNLzcboosMj9vT7Ofg8M+x2/VYt6u4xX4glZRa vyjTs6qGfzFS+Z44zrIP4CtNa0fL0AwJ/wsK4YJSX0xZ6/CJI/NNXeSg G5vfMw04kUDI9d9oO9jkAhYDmTaOI6C5nVTymAs3uje8/mZlo/pUSllB 0DkpTgd5PTAwQsA1";
. 256 3 8 "AwEAAcnclWrEkYgk+zGEAtbUoFpkKojImn4go0WwsD3TyGq5Mp7Xb5yv yO3VzcGLyeMJ1p55PFTij4xXR+LiXlzdjIgvy8JloXDh6Pg3mhQ/x6YR aWjkstFbeTicyR94Q7ns7/0tqcR/4kjvcK/haViADuamvt0flv04wBeq ZaJBdj5TLYXfYCYr8QVvlryvHf6SCF9Xwgo/34iP+T0EH1yGL4HASeHL Cn8Kh5zTsIbefAvjkPPv7T23xeiT0FfJ4AJim9tMU5DYZFPU4J5Gtsk9 LIFBju5TAlbXf9nldM9WfESP/ZPBvLlrPeNzXrSEbyqkE72xtpr/3ckY jZd5aODWCmhp3tTc/UBcZxzw4IcJ3j5cmdTnrnOlLOA4DXnkB1Ts90BM G00ySdBeXeW0abKOiCH/qqdWlPR3jLEZth9y5WWHVIcY5JsjbpQnv85A YaQYzUA2W79oM1XoQ35EB5PHPs3lCMJ/42zDmbhJ2n7m2xx3DbCnzHTt H9Fsqi1+8s8LNQAbQeINBkiDeyeEpY2CFVz222zEusCOj/cbWuirBqMD WjIajMwBpF2z0x8FznahSEoR+djYNpXpv9pFcl4rYTCqnQcKy0PUoGrs 8X4OzLW7egrAWodF3z7KieAMyK09/0qBf7rtB8qOLR7NiFA/UYvkZTwz E74ZGP9Y4kOi0lA5";
. 256 3 8 "AwEAAetFT8ZCzhqTOT7em1LxFynu1zwZXwu0qzSNtO8ABxfls+QfDMxB 4jUdOkAVJKG313bS9rHwUqG3Sg2fPGmdo4xzt3ps9/Tmh6c657r5zYTd tlAy3tjU2G7VUWnbwwHFAIe4R9ajnScvdNfFZpUalrxT3FsfLbTfhnt3 HZljYbyVYi9v8H+gweoBGfq5xIrNwKz4DNu217GWtZaOGhPcS2HYgqDD 0BuRxYwAkoiphcoHwc9QOHIMWlN9Wdw1+udpHZ43Oysp8EXqF2miYljd 3EprDthfZ0MU0xqbHzLbtPQCVQir3HymJxTbrpE1fpKbKyXlyRqSUxTL ONud5BQISb0=";
};

26
server-conf/unbound/opennic.hints Executable file
View File

@@ -0,0 +1,26 @@
;; ANSWER SECTION:
. 86400 IN NS ns2.opennic.glue.
. 86400 IN NS ns6.opennic.glue.
. 86400 IN NS ns5.opennic.glue.
. 86400 IN NS ns8.opennic.glue.
. 86400 IN NS ns9.opennic.glue.
. 86400 IN NS ns10.opennic.glue.
. 86400 IN NS ns4.opennic.glue.
;; ADDITIONAL SECTION:
ns2.opennic.glue. 7200 IN A 161.97.219.84
ns2.opennic.glue. 7200 IN AAAA 2001:470:4212:10::100:53:10
ns4.opennic.glue. 7200 IN A 163.172.168.171
ns5.opennic.glue. 7200 IN A 94.103.153.176
ns5.opennic.glue. 7200 IN AAAA 2a02:990:219:1:ba:1337:cafe:3
ns6.opennic.glue. 7200 IN A 207.192.71.13
ns8.opennic.glue. 7200 IN A 178.63.116.152
ns8.opennic.glue. 7200 IN AAAA 2a01:4f8:141:4281::999
ns9.opennic.glue. 7200 IN A 174.138.48.29
ns9.opennic.glue. 7200 IN AAAA 2604:a880:800:a1::2a:2001
ns10.opennic.glue. 7200 IN A 188.226.146.136
ns10.opennic.glue. 7200 IN AAAA 2001:470:1f04:ebf::2
;; Query time: 212 msec
;; SERVER: 174.138.48.29#53(174.138.48.29)
;; WHEN: Wed Oct 31 15:28:13 CST 2018

127
server-conf/unbound/unbound.conf Executable file
View File

@@ -0,0 +1,127 @@
server:
interface: 127.0.0.1@48
interface: ::1@48
access-control: 127.0.0.1 allow
access-control: ::1 allow
#access-control: 0.0.0.0/0 allow
#access-control: ::/0 allow
prefer-ip6: yes
delay-close: 1500
do-ip4: yes
do-ip6: yes
do-tcp: yes
do-udp: yes
do-not-query-localhost: no
verbosity: 0
log-time-ascii: no
log-servfail: no
client-subnet-always-forward: yes
aggressive-nsec: yes
harden-dnssec-stripped: yes # if 'no', disable dnssec
harden-short-bufsize: yes
harden-large-queries: yes
harden-glue: yes
harden-below-nxdomain: yes
harden-referral-path: yes
use-caps-for-id: yes
qname-minimisation: yes
qname-minimisation-strict: no #some domain might be failed to request
so-reuseport: yes
minimal-responses: yes
deny-any: yes
rrset-roundrobin: yes
prefetch: yes
prefetch-key: yes
serve-expired: yes
serve-expired-ttl: 86400 # max 1 day
#serve-expired-ttl-reset: no
hide-identity: yes
hide-version: yes
hide-trustanchor: yes
edns-tcp-keepalive: yes
#edns-tcp-keepalive-timeout: 12000 # 2min
#tcp-idle-timeout: 30000 # 30 sec
num-threads: 1
msg-cache-slabs: 1
rrset-cache-slabs: 1
key-cache-slabs: 1
infra-cache-slabs: 1
msg-cache-size: 54m # default 4m
rrset-cache-size: 108m # rrset=msg*2 # default 4m
key-cache-size: 54m # default 4m
neg-cache-size: 27m # default 1m
infra-cache-numhosts: 50000
# dnscrypt-shared-secret-cache-size: 13m # default 4m
# dnscrypt-nonce-cache-size: 13m # default 4m
outgoing-range: 4096
incoming-num-tcp: 100
outgoing-num-tcp: 100
neg-cache-size: 25m
unwanted-reply-threshold: 10000000
cache-min-ttl: 90
cache-max-ttl: 900
infra-host-ttl: 3600
val-bogus-ttl: 120
cache-max-negative-ttl: 10 # Time to live maximum for negative responses, these have a SOA in the authority section that is limited in time. Default is 3600. This applies to nxdomain and nodata answers.
infra-cache-numhosts: 50000
auto-trust-anchor-file: "/var/lib/unbound/root.key"
# Refence: https://github.com/publicarray/dns-resolver-infra/blob/master/unbound/unbound.conf
local-zone: example. static
local-zone: local. static
local-zone: i2p. static
local-zone: home. static
local-zone: zghjccbob3n0. static
local-zone: dhcp. static
local-zone: lan. static
local-zone: localdomain. static
local-zone: ip. static
local-zone: internal. static
local-zone: openstacklocal. static
local-zone: dlink. static
local-zone: gateway. static
local-zone: corp. static
local-zone: workgroup. static
local-zone: belkin. static
local-zone: davolink. static
local-zone: z. static
local-zone: domain. static
local-zone: virtualmin. static
private-address: 0.0.0.0/8 # Should not be on the Internet (only valid as source address)
private-address: 10.0.0.0/8 # Private networks
private-address: 127.0.0.0/8 # Loopback, spam-blocklists (RBL) (https://www.dnsbl.info/) e.g. "dig +short 0.0.0.0.zen.spamhaus.org" will stop working (https://www.spamhaus.org/zen/, https://www.spamhaus.org/faq/section/DNSBL%20Usage#202)
private-address: 169.254.0.0/16 # link-local (networks without DHCP)
private-address: 172.16.0.0/12 # Private networks
private-address: 192.168.0.0/16 # Private networks
private-address: 255.255.255.255/32 # Broadcast destination
## IPv6
private-address: ::/128 # Unspecified addresses (only valid as source address)
private-address: ::1/128 # Loopback
private-address: 2001:db8::/32 # Documentation addresses used for documentation purposes such as user manuals, RFCs, etc. (RFC3849)
# private-address: ::ffff:0:0/96 # IPv4-mapped IPv6 addresses (depreciated and should not be on the public internet) (blocks potentially valid addresses / gives wrong result from DNS Benchmark)
private-address: fe80::/10 # IP address autoconfiguration (link-local unicast, Private network)
private-address: fc00::/7 # Unique Local Addresses (Private network)
# private-address: fec0::/10 # Depreciated site networks
# private-address: 2002::/16 # 6to4 (deprecated)
# private-address: 64:ff9b::/96 # 6to4 "Well-Known" Prefix
# private-address: 2001::/32 # Teredo
private-address: 2001:10::/28 # ORCHID
# private-address: ff00::/8 # Multicast
## Selected IPv4 mapped addresses from IPv4 above (fixes potentially wrong result from DNS Benchmark if blocking all of ::ffff:0:0/96)
private-address: ::ffff:0.0.0.0/120 # Private IPv4-mapped addresses
private-address: ::ffff:10.0.0.0/120 # Private IPv4-mapped addresses
private-address: ::ffff:127.0.0.1/120 # Loopback IPv4-mapped addresses, spam-blocklists (RBL)
private-address: ::ffff:169.254.0.0/112 # Link-local IPv4-mapped addresses
private-address: ::ffff:172.16.0.0/116 # Private IPv4-mapped addresses
private-address: ::ffff:192.168.0.0/112 # Private IPv4-mapped addresses
private-address: ::ffff:255.255.255.255/128 # Broadcast IPv4-mapped addresses

468
server-conf/unbound/unbound.conf.d/opennic.root.conf Executable file
View File

@@ -0,0 +1,468 @@
server:
domain-insecure: "opennic.glue"
auth-zone:
name: "opennic.glue"
for-downstream: no
for-upstream: yes
fallback-enabled: no
zonefile: "opennic.zone.d/opennic.glue"
master: 2a02:2770:15:0:21a:4aff:fefe:55e5
master: 84.22.107.90
master: 185.121.177.177
master: 2a05:dfc7:5353::53
server:
domain-insecure: "dns.opennic.glue"
auth-zone:
name: "dns.opennic.glue"
for-downstream: no
for-upstream: yes
fallback-enabled: no
zonefile: "opennic.zone.d/dns.opennic.glue"
master: 2a02:2770:15:0:21a:4aff:fefe:55e5
master: 84.22.107.90
master: 185.121.177.177
master: 2a05:dfc7:5353::53
server:
domain-insecure: "micro"
auth-zone:
name: "micro"
for-downstream: no
for-upstream: yes
fallback-enabled: no
zonefile: "opennic.zone.d/micro"
master: 2a02:2770:15:0:21a:4aff:fefe:55e5
master: 84.22.107.90
master: 185.121.177.177
master: 2a05:dfc7:5353::53
server:
domain-insecure: "ing"
auth-zone:
name: "ing"
for-downstream: no
for-upstream: yes
fallback-enabled: no
zonefile: "opennic.zone.d/ing"
master: 2a02:2770:15:0:21a:4aff:fefe:55e5
master: 84.22.107.90
master: 185.121.177.177
master: 2a05:dfc7:5353::53
server:
domain-insecure: "glue"
auth-zone:
name: "glue"
for-downstream: no
for-upstream: yes
fallback-enabled: no
zonefile: "opennic.zone.d/glue"
master: 2a02:2770:15:0:21a:4aff:fefe:55e5
master: 84.22.107.90
master: 185.121.177.177
master: 2a05:dfc7:5353::53
server:
domain-insecure: "bbs"
auth-zone:
name: "bbs"
for-downstream: no
for-upstream: yes
fallback-enabled: no
zonefile: "opennic.zone.d/bbs"
master: 2a02:2770:15:0:21a:4aff:fefe:55e5
master: 84.22.107.90
master: 185.121.177.177
master: 2a05:dfc7:5353::53
server:
domain-insecure: "bit"
auth-zone:
name: "bit"
for-downstream: no
for-upstream: yes
fallback-enabled: no
zonefile: "opennic.zone.d/bit"
master: 2a02:2770:15:0:21a:4aff:fefe:55e5
master: 84.22.107.90
master: 185.121.177.177
master: 2a05:dfc7:5353::53
server:
domain-insecure: "chan"
auth-zone:
name: "chan"
for-downstream: no
for-upstream: yes
fallback-enabled: no
zonefile: "opennic.zone.d/chan"
master: 2a02:2770:15:0:21a:4aff:fefe:55e5
master: 84.22.107.90
master: 185.121.177.177
master: 2a05:dfc7:5353::53
server:
domain-insecure: "dyn"
auth-zone:
name: "dyn"
for-downstream: no
for-upstream: yes
fallback-enabled: no
zonefile: "opennic.zone.d/dyn"
master: 2a02:2770:15:0:21a:4aff:fefe:55e5
master: 84.22.107.90
master: 185.121.177.177
master: 2a05:dfc7:5353::53
server:
domain-insecure: "free"
auth-zone:
name: "free"
for-downstream: no
for-upstream: yes
fallback-enabled: no
zonefile: "opennic.zone.d/free"
master: 2a02:2770:15:0:21a:4aff:fefe:55e5
master: 84.22.107.90
master: 185.121.177.177
master: 2a05:dfc7:5353::53
server:
domain-insecure: "fur"
auth-zone:
name: "fur"
for-downstream: no
for-upstream: yes
fallback-enabled: no
zonefile: "opennic.zone.d/fur"
master: 2a02:2770:15:0:21a:4aff:fefe:55e5
master: 84.22.107.90
master: 185.121.177.177
master: 2a05:dfc7:5353::53
server:
domain-insecure: "geek"
auth-zone:
name: "geek"
for-downstream: no
for-upstream: yes
fallback-enabled: no
zonefile: "opennic.zone.d/geek"
master: 2a02:2770:15:0:21a:4aff:fefe:55e5
master: 84.22.107.90
master: 185.121.177.177
master: 2a05:dfc7:5353::53
server:
domain-insecure: "gopher"
auth-zone:
name: "gopher"
for-downstream: no
for-upstream: yes
fallback-enabled: no
zonefile: "opennic.zone.d/gopher"
master: 2a02:2770:15:0:21a:4aff:fefe:55e5
master: 84.22.107.90
master: 185.121.177.177
master: 2a05:dfc7:5353::53
server:
domain-insecure: "indy"
auth-zone:
name: "indy"
for-downstream: no
for-upstream: yes
fallback-enabled: no
zonefile: "opennic.zone.d/indy"
master: 2a02:2770:15:0:21a:4aff:fefe:55e5
master: 84.22.107.90
master: 185.121.177.177
master: 2a05:dfc7:5353::53
server:
domain-insecure: "libre"
auth-zone:
name: "libre"
for-downstream: no
for-upstream: yes
fallback-enabled: no
zonefile: "opennic.zone.d/libre"
master: 2a02:2770:15:0:21a:4aff:fefe:55e5
master: 84.22.107.90
master: 185.121.177.177
master: 2a05:dfc7:5353::53
server:
domain-insecure: "neo"
auth-zone:
name: "neo"
for-downstream: no
for-upstream: yes
fallback-enabled: no
zonefile: "opennic.zone.d/neo"
master: 2a02:2770:15:0:21a:4aff:fefe:55e5
master: 84.22.107.90
master: 185.121.177.177
master: 2a05:dfc7:5353::53
server:
domain-insecure: "null"
auth-zone:
name: "null"
for-downstream: no
for-upstream: yes
fallback-enabled: no
zonefile: "opennic.zone.d/null"
master: 2a02:2770:15:0:21a:4aff:fefe:55e5
master: 84.22.107.90
master: 185.121.177.177
master: 2a05:dfc7:5353::53
server:
domain-insecure: "oss"
auth-zone:
name: "oss"
for-downstream: no
for-upstream: yes
fallback-enabled: no
zonefile: "opennic.zone.d/oss"
master: 2a02:2770:15:0:21a:4aff:fefe:55e5
master: 84.22.107.90
master: 185.121.177.177
master: 2a05:dfc7:5353::53
server:
domain-insecure: "oz"
auth-zone:
name: "oz"
for-downstream: no
for-upstream: yes
fallback-enabled: no
zonefile: "opennic.zone.d/oz"
master: 2a02:2770:15:0:21a:4aff:fefe:55e5
master: 84.22.107.90
master: 185.121.177.177
master: 2a05:dfc7:5353::53
server:
domain-insecure: "parody"
auth-zone:
name: "parody"
for-downstream: no
for-upstream: yes
fallback-enabled: no
zonefile: "opennic.zone.d/parody"
master: 2a02:2770:15:0:21a:4aff:fefe:55e5
master: 84.22.107.90
master: 185.121.177.177
master: 2a05:dfc7:5353::53
server:
domain-insecure: "pirate"
auth-zone:
name: "pirate"
for-downstream: no
for-upstream: yes
fallback-enabled: no
zonefile: "opennic.zone.d/pirate"
master: 2a02:2770:15:0:21a:4aff:fefe:55e5
master: 84.22.107.90
master: 185.121.177.177
master: 2a05:dfc7:5353::53
server:
domain-insecure: "o"
auth-zone:
name: "o"
for-downstream: no
for-upstream: yes
fallback-enabled: no
zonefile: "opennic.zone.d/o"
master: 2a02:2770:15:0:21a:4aff:fefe:55e5
master: 84.22.107.90
master: 185.121.177.177
master: 2a05:dfc7:5353::53
server:
domain-insecure: "lib"
auth-zone:
name: "lib"
for-downstream: no
for-upstream: yes
fallback-enabled: no
zonefile: "opennic.zone.d/lib"
master: 2a02:2770:15:0:21a:4aff:fefe:55e5
master: 84.22.107.90
master: 185.121.177.177
master: 2a05:dfc7:5353::53
server:
domain-insecure: "coin"
auth-zone:
name: "coin"
for-downstream: no
for-upstream: yes
fallback-enabled: no
zonefile: "opennic.zone.d/coin"
master: 2a02:2770:15:0:21a:4aff:fefe:55e5
master: 84.22.107.90
master: 185.121.177.177
master: 2a05:dfc7:5353::53
server:
domain-insecure: "emc"
auth-zone:
name: "emc"
for-downstream: no
for-upstream: yes
fallback-enabled: no
zonefile: "opennic.zone.d/emc"
master: 2a02:2770:15:0:21a:4aff:fefe:55e5
master: 84.22.107.90
master: 185.121.177.177
master: 2a05:dfc7:5353::53
server:
domain-insecure: "bazar"
auth-zone:
name: "bazar"
for-downstream: no
for-upstream: yes
fallback-enabled: no
zonefile: "opennic.zone.d/bazar"
master: 2a02:2770:15:0:21a:4aff:fefe:55e5
master: 84.22.107.90
master: 185.121.177.177
master: 2a05:dfc7:5353::53
server:
domain-insecure: "cyb"
auth-zone:
name: "cyb"
for-downstream: no
for-upstream: yes
fallback-enabled: no
zonefile: "opennic.zone.d/cyb"
master: 2a02:2770:15:0:21a:4aff:fefe:55e5
master: 84.22.107.90
master: 185.121.177.177
master: 2a05:dfc7:5353::53
server:
domain-insecure: "ku"
auth-zone:
name: "ku"
for-downstream: no
for-upstream: yes
fallback-enabled: no
zonefile: "opennic.zone.d/ku"
master: 2a02:2770:15:0:21a:4aff:fefe:55e5
master: 84.22.107.90
master: 185.121.177.177
master: 2a05:dfc7:5353::53
server:
domain-insecure: "te"
auth-zone:
name: "te"
for-downstream: no
for-upstream: yes
fallback-enabled: no
zonefile: "opennic.zone.d/te"
master: 2a02:2770:15:0:21a:4aff:fefe:55e5
master: 84.22.107.90
master: 185.121.177.177
master: 2a05:dfc7:5353::53
server:
domain-insecure: "uu"
auth-zone:
name: "uu"
for-downstream: no
for-upstream: yes
fallback-enabled: no
zonefile: "opennic.zone.d/uu"
master: 2a02:2770:15:0:21a:4aff:fefe:55e5
master: 84.22.107.90
master: 185.121.177.177
master: 2a05:dfc7:5353::53
server:
domain-insecure: "ti"
auth-zone:
name: "ti"
for-downstream: no
for-upstream: yes
fallback-enabled: no
zonefile: "opennic.zone.d/ti"
master: 2a02:2770:15:0:21a:4aff:fefe:55e5
master: 84.22.107.90
master: 185.121.177.177
master: 2a05:dfc7:5353::53