最近在调整家里的网络访问架构,将默认国际出口调整到香港,以保证高峰期的访问速度,但是还存在部分时间段需要流媒体解锁的需求,所以准备通过部署DNS解锁的方式来实现,这篇先介绍我部署的DNS解锁服务.

网络上有大佬已经做过一键部署脚本,参考https://github.com/myxuchangbin/dnsmasq_sniproxy_install,这个脚本目前不支持arm架构,如果你需要arm架构的,可以用这个https://raw.githubusercontent.com/xieruan/dnsmasq_sniproxy_install/master/dnsmasq_sniproxy.sh,用法跟前面那个一样.

一键脚本虽然简单,但是对环境依赖较高,我更加倾向于用docker来部署这套服务,刚好有找到一个https://github.com/dictcp/docker-dnsmasq-sniproxy,我也fork了一份https://github.com/ilovn/docker-dnsmasq-sniproxy.

克隆项目

1
2
3
git clone https://github.com/ilovn/docker-dnsmasq-sniproxy.git

cd docker-dnsmasq-sniproxy

部署测试

1
docker-compose up

检查有无报错,如果没有,且53端口的dns服务可用,我们接着来配置要解锁的域名清单.

修改解锁域名

1
nano dnsmasq.conf

按照里面的格式,补充解锁域名,最后xxx.xxx.xxx.xxx是IP,改为你的解锁服务器的公网IP.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
user=root
bind-dynamic
bogus-priv
domain-needed
log-facility=-
local-ttl=60
address=/netflix.com/xxx.xxx.xxx.xxx
address=/akadns.net/xxx.xxx.xxx.xxx
address=/akam.net/xxx.xxx.xxx.xxx
address=/akamai.com/xxx.xxx.xxx.xxx
address=/akamai.net/xxx.xxx.xxx.xxx
address=/akamaiedge.net/xxx.xxx.xxx.xxx
address=/akamaihd.net/xxx.xxx.xxx.xxx
address=/akamaistream.net/xxx.xxx.xxx.xxx
address=/akamaitech.net/xxx.xxx.xxx.xxx
address=/akamaitechnologies.com/xxx.xxx.xxx.xxx
address=/akamaitechnologies.fr/xxx.xxx.xxx.xxx
address=/akamaized.net/xxx.xxx.xxx.xxx
address=/edgekey.net/xxx.xxx.xxx.xxx
address=/edgesuite.net/xxx.xxx.xxx.xxx
address=/srip.net/xxx.xxx.xxx.xxx
address=/footprint.net/xxx.xxx.xxx.xxx
address=/level3.net/xxx.xxx.xxx.xxx
address=/llnwd.net/xxx.xxx.xxx.xxx
address=/edgecastcdn.net/xxx.xxx.xxx.xxx
address=/cloudfront.net/xxx.xxx.xxx.xxx
address=/netflix.com/xxx.xxx.xxx.xxx
address=/netflix.net/xxx.xxx.xxx.xxx
address=/nflximg.com/xxx.xxx.xxx.xxx
address=/nflximg.net/xxx.xxx.xxx.xxx
address=/nflxvideo.net/xxx.xxx.xxx.xxx
address=/nflxso.net/xxx.xxx.xxx.xxx
address=/nflxext.com/xxx.xxx.xxx.xxx
address=/hulu.com/xxx.xxx.xxx.xxx
address=/huluim.com/xxx.xxx.xxx.xxx
address=/hbonow.com/xxx.xxx.xxx.xxx
address=/hbogo.com/xxx.xxx.xxx.xxx
address=/hbo.com/xxx.xxx.xxx.xxx
address=/amazon.com/xxx.xxx.xxx.xxx
address=/amazon.co.uk/xxx.xxx.xxx.xxx
address=/amazonvideo.com/xxx.xxx.xxx.xxx
address=/crackle.com/xxx.xxx.xxx.xxx
address=/pandora.com/xxx.xxx.xxx.xxx
address=/vudu.com/xxx.xxx.xxx.xxx
address=/blinkbox.com/xxx.xxx.xxx.xxx
address=/abc.com/xxx.xxx.xxx.xxx
address=/fox.com/xxx.xxx.xxx.xxx
address=/theplatform.com/xxx.xxx.xxx.xxx
address=/nbc.com/xxx.xxx.xxx.xxx
address=/nbcuni.com/xxx.xxx.xxx.xxx
address=/ip2location.com/xxx.xxx.xxx.xxx
address=/pbs.org/xxx.xxx.xxx.xxx
address=/warnerbros.com/xxx.xxx.xxx.xxx
address=/southpark.cc.com/xxx.xxx.xxx.xxx
address=/cbs.com/xxx.xxx.xxx.xxx
address=/brightcove.com/xxx.xxx.xxx.xxx
address=/cwtv.com/xxx.xxx.xxx.xxx
address=/spike.com/xxx.xxx.xxx.xxx
address=/go.com/xxx.xxx.xxx.xxx
address=/mtv.com/xxx.xxx.xxx.xxx
address=/mtvnservices.com/xxx.xxx.xxx.xxx
address=/playstation.net/xxx.xxx.xxx.xxx
address=/uplynk.com/xxx.xxx.xxx.xxx
address=/maxmind.com/xxx.xxx.xxx.xxx
address=/disney.com/xxx.xxx.xxx.xxx
address=/disneyjunior.com/xxx.xxx.xxx.xxx
address=/adobedtm.com/xxx.xxx.xxx.xxx
address=/bam.nr-data.net/xxx.xxx.xxx.xxx
address=/bamgrid.com/xxx.xxx.xxx.xxx
address=/braze.com/xxx.xxx.xxx.xxx
address=/cdn.optimizely.com/xxx.xxx.xxx.xxx
address=/cdn.registerdisney.go.com/xxx.xxx.xxx.xxx
address=/cws.conviva.com/xxx.xxx.xxx.xxx
address=/d9.flashtalking.com/xxx.xxx.xxx.xxx
address=/disney-plus.net/xxx.xxx.xxx.xxx
address=/disney-portal.my.onetrust.com/xxx.xxx.xxx.xxx
address=/disney.demdex.net/xxx.xxx.xxx.xxx
address=/disney.my.sentry.io/xxx.xxx.xxx.xxx
address=/disneyplus.bn5x.net/xxx.xxx.xxx.xxx
address=/disneyplus.com/xxx.xxx.xxx.xxx
address=/disneyplus.com.ssl.sc.omtrdc.net/xxx.xxx.xxx.xxx
address=/disneystreaming.com/xxx.xxx.xxx.xxx
address=/dssott.com/xxx.xxx.xxx.xxx
address=/execute-api.us-east-1.amazonaws.com/xxx.xxx.xxx.xxx
address=/js-agent.newrelic.com/xxx.xxx.xxx.xxx
address=/xboxlive.com/xxx.xxx.xxx.xxx
address=/lovefilm.com/xxx.xxx.xxx.xxx
address=/turner.com/xxx.xxx.xxx.xxx
address=/amctv.com/xxx.xxx.xxx.xxx
address=/sho.com/xxx.xxx.xxx.xxx
address=/mog.com/xxx.xxx.xxx.xxx
address=/wdtvlive.com/xxx.xxx.xxx.xxx
address=/beinsportsconnect.tv/xxx.xxx.xxx.xxx
address=/beinsportsconnect.net/xxx.xxx.xxx.xxx
address=/fig.bbc.co.uk/xxx.xxx.xxx.xxx
address=/open.live.bbc.co.uk/xxx.xxx.xxx.xxx
address=/sa.bbc.co.uk/xxx.xxx.xxx.xxx
address=/www.bbc.co.uk/xxx.xxx.xxx.xxx
address=/crunchyroll.com/xxx.xxx.xxx.xxx
address=/ifconfig.co/xxx.xxx.xxx.xxx
address=/omtrdc.net/xxx.xxx.xxx.xxx
address=/sling.com/xxx.xxx.xxx.xxx
address=/movetv.com/xxx.xxx.xxx.xxx
address=/happyon.jp/xxx.xxx.xxx.xxx
address=/abema.tv/xxx.xxx.xxx.xxx
address=/hulu.jp/xxx.xxx.xxx.xxx
address=/optus.com.au/xxx.xxx.xxx.xxx
address=/optusnet.com.au/xxx.xxx.xxx.xxx
address=/gamer.com.tw/xxx.xxx.xxx.xxx
address=/bahamut.com.tw/xxx.xxx.xxx.xxx
address=/hinet.net/xxx.xxx.xxx.xxx

正式启动服务

1
docker-compose up -d

验证服务

在另外的服务器上通过nslookup来验证是否生效

1
2
3
4
5
6
7
8
9
~ nslookup - 解锁IP
> netflix.com
Server:         解锁IP
Address:        解锁IP#53

Non-authoritative answer:
Name:   netflix.com
Address: 解锁IP
>

注意安全

现在这样的部署方式,你的解锁服务就暴露在互联网了,还需要实施一些访问限制来控制,具体可以通过iptable或者其他方式,大家自行选择即可.