dns

d6109922 · nanahira · 77f87c9a · d6109922 · d6109922 · d6109922
Commit d6109922 authored Dec 08, 2020 by nanahira
5 changed files
--- a/files/dnsmasq/dnsmasq.conf.j2
+++ b/files/dnsmasq/dnsmasq.conf.j2
 server=127.0.0.1#55
 no-resolv
 strict-order
-interface=lo,{% for br in bridges %},{{br.name}}{% endfor %}
+interface=lo{% for br in bridges %},{{br.name}}{% endfor %}

 bind-interfaces
 port=53
@@ -11,12 +11,12 @@ dhcp-no-override
 dhcp-authoritative
 enable-ra

-no-dhcp-interface=lo,{% for br in bridges %}{% if not br.dhcp %},{{br.name}}{% endif %}{% endfor %}
+no-dhcp-interface=lo{% for br in bridges %}{% if not br.dhcp %},{{br.name}}{% endif %}{% endfor %}

 {% for br in bridges %}
 {% if br.dhcp %}

-dhcp-range={{br.name}},{{br.start}},{{br.end}},{{br.time}}
+dhcp-range={{br.name}},{{br.dhcp.start}},{{br.dhcp.end}},{{br.dhcp.time}}

 {% if br.ipv6 %}
 dhcp-range=tag:{{br.name}},::,constructor:{{br.name}},ra-names,24h

--- a/files/dnsmasq/docker-compose.yml
+++ b/files/dnsmasq/docker-compose.yml
 version: '2.4'
 services:
+  smartdns:
+    restart: always
+    image: git-registry.mycard.moe/nanahira/docker-smartdns
+    network_mode: host
+    command: -f -x -c /etc/smartdns/smartdns.conf
+    volumes:
+      - ./smartdns:/etc/smartdns:ro
+      - ./smartdns-cache:/tmp/smartdns-cache
  dnsmasq:
    restart: always
    image: git-registry.mycard.moe/nanahira/dnsmasq
@@ -10,13 +18,5 @@ services:
      - './dnsmasq.conf:/etc/dnsmasq.conf:ro'
      - './dnsmasq.d:/etc/dnsmasq.d:ro'
      - './misc:/var/lib/misc'
-  smartdns:
-    restart: always
-    image: git-registry.mycard.moe/nanahira/docker-smartdns                                                                
-    ports:
-      - '55:53'
-      - '55:53/udp'
-    command: -f -x -c /etc/smartdns/smartdns.conf
-    volumes:
-      - ./smartdns:/etc/smartdns:ro
-      - ./smartdns-cache:/tmp/smartdns-cache
+    depends_on:
+      - smartdns
--- a/files/dnsmasq/smartdns.conf.j2
+++ b/files/dnsmasq/smartdns.conf.j2
 server-name mycard-smartdns

-bind-tcp [::]:53
-bind [::]:53
+bind-tcp [::]:55
+bind [::]:55

 tcp-idle-time 3
 cache-size 4096
@@ -18,7 +18,7 @@ rr-ttl-max 86400

 log-level warn

-{% if smartdns_disable_ipv6 %}
+{% if smartdns.disable_ipv6 %}
 force-AAAA-SOA yes
 {% else %}
 dualstack-ip-selection yes
@@ -29,6 +29,11 @@ dualstack-ip-selection yes
 server-tls {{dns}} -group tls
 {% endfor %}

+# HTTPS DNSes
+{% for dns in smartdns.https_dns %}
+server-https {{dns}} -group tls
+{% endfor %}
+
 # China DNSes
 {% for dns in smartdns.china_dns %}
 server {{dns}} -group china -exclude-default-group

--- a/services.yaml
+++ b/services.yaml
+---
+  - hosts: router_nextgen
+    remote_user: root
+    vars:
+      mycard_domains:
+        - mycard.moe
+        - momobako.com
+        - yuzurisa.com
+        - moecube.com
+        - moestart.com
+        - moenext.com
+        - ygobbs.com
+        - newwise.com
+        - my-card.in
+        - mius.pro
+    tasks:
+      - name: dnsmasq directory
+        file:
+          name: '{{ansible_user_dir}}/nextgen-router/services/dnsmasq/smartdns'
+          state: directory
+          recurse: true
+      - name: dnsmasq docker-compose
+        copy:
+          src: ./files/dnsmasq/docker-compose.yml
+          dest: '{{ansible_user_dir}}/nextgen-router/services/dnsmasq/docker-compose.yml'
+      - name: dnsmasq.conf
+        template:
+          src: ./files/dnsmasq/dnsmasq.conf.j2
+          dest: '{{ansible_user_dir}}/nextgen-router/services/dnsmasq/dnsmasq.conf'
+        notify: restart_dnsmasq
+      - name: smartdns.conf
+        template:
+          src: ./files/dnsmasq/smartdns.conf.j2
+          dest: '{{ansible_user_dir}}/nextgen-router/services/dnsmasq/smartdns/smartdns.conf'
+        notify: restart_dnsmasq
+      - name: smartdns china list
+        copy:
+          src: ./data/china-list.conf
+          dest: '{{ansible_user_dir}}/nextgen-router/services/dnsmasq/smartdns/china-list.conf'
+        notify: restart_dnsmasq
+      - name: start dnsmasq
+        docker_compose:
+          project_src: '{{ansible_user_dir}}/nextgen-router/services/dnsmasq'
+          remove_orphans: true
+    handlers:
+      - name: restart_dnsmasq
+        docker_compose:
+          project_src: '{{ansible_user_dir}}/nextgen-router/services/dnsmasq'
+          restarted: true
--- a/variables.yaml
+++ b/variables.yaml
@@ -57,3 +57,14 @@ vars:
      link: bond0.41 # 上行链路
      username: user # 拨号用户名，密码在上面的pppoeUsers给出
      mac: null # 给ISP看的mac地址，null为随机
+  smartdns:
+    disable_ipv6: false
+    tls_dns:
+      - 8.8.8.8
+      - 1.1.1.1
+    https_dns:
+      - https://cloudflare-dns.com/dns-query
+      - https://dns.quad9.net/dns-query
+    china_dns:
+      - 114.114.114.114
+      - 223.5.5.5