XSY的FUN天地

overture实现防污染

ADMIN

September 11, 2021

23045 views

One comment

2815 words

随笔技术文档

## 前言

我自身的网络环境是比较优良的，本方案仅记录下我搭建过程，如果想要复刻或者是同场景得自己摸索下再部署，国内走腾讯云专线到119.29.29.29，国外走专线到8.8.8.8，通过名单实现无污染。

## 正文

overture配置
config.yml

```
bindAddress: :60150
debugHTTPAddress: 0.0.0.0:60199
dohEnabled: false
primaryDNS://主要dns，可设置为国内dns
  - name: dnspod
    address: 119.29.29.29:53
    protocol: udp
    timeout: 6
    ednsClientSubnet:
      policy: auto
      noCookie: false
alternativeDNS://替代dns，设置为国外
  - name: googledns
    address: 8.8.8.8:53
    protocol: udp
    timeout: 6
    ednsClientSubnet://edns默认开启，将源ip直接转发给上游
      policy: auto
      noCookie: false
onlyPrimaryDNS: false
ipv6UseAlternativeDNS: false
alternativeDNSConcurrent: false
whenPrimaryDNSAnswerNoneUse: alternativeDNS//如果没匹配到默认走国外解析
ipNetworkFile:
  primary: /etc/overture/china_ip_list.txt
domainFile:
  primary: /etc/overture/china_list.txt
  alternative: /etc/overture/gfw_list.txt
  matcher: suffix-tree
minimumTTL: 1//最小ttl，按照秒计算
cacheSize: 10000//缓存条数
cacheRedisUrl: redis://localhost:6379//缓存
cacheRedisConnectionPoolSize: 10
rejectQType:
  - 255
```

systemctl服务

```
cat << EOF > /lib/systemd/system/overture.service
[Unit]
Description=overture-dns-server
After=syslog.target network-online.target
[Service]
ExecStart=/sbin/overture -c /etc/overture/config.yml
StandardOutput=syslog
Restart=on-abnormal
[Install]
WantedBy=multi-user.target
EOF
```

列表更新脚本 overture_update_fliters.sh，首次运行overture前需要执行此脚本。

```
#! /bin/bash
cd /etc/overture
rm china_list.txt gfw_list.txt china_ip_list.txt
curl -s https://raw.githubusercontent.com/17mon/china_ip_list/master/china_ip_list.txt > china_ip_list.txt
curl -s https://raw.githubusercontent.com/felixonmars/dnsmasq-china-list/master/accelerated-domains.china.conf  | sed 's/server=\///g;s/\/114.114.114.114//g' > china_list1.txt
curl -s https://raw.githubusercontent.com/hq450/fancyss/master/rules/WhiteList_new.txt  | sed 's/Server=\///g;s/\///g' > china_list2.txt
cat china_list1.txt china_list2.txt | sort -u > china_list.txt
rm china_list1.txt china_list2.txt
curl -s https://raw.githubusercontent.com/Loukky/gfwlist-by-loukky/master/gfwlist.txt | base64 -d | sort -u | sed '/^$\|@@/d'| sed 's#!.\+##; s#|##g; s#@##g; s#http:\/\/##; s#https:\/\/##;' | sed '/\*/d; /apple\.com/d; /sina\.cn/d; /sina\.com\.cn/d; /baidu\.com/d; /qq\.com/d' | sed '/^[0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+$/d' | grep '^[0-9a-zA-Z\.-]\+$' | grep '\.' | sed 's#^\.\+##' | sort -u > gfwlist.txt
curl -s https://raw.githubusercontent.com/hq450/fancyss/master/rules/gfwlist.conf | sed 's/ipset=\/\.//g; s/\/gfwlist//g; /^server/d' > koolshare.txt
cat gfwlist.txt koolshare.txt | sort -u > gfw_list.txt
rm gfwlist.txt  koolshare.txt
systemctl restart overture
```

配置定时任务定期更新overture的域名和IP列表
`0 3 * * 1 /root/overture_update_fliters.sh`

Last modification：September 11, 2021