OPNsense Forum
Archive => 19.1 Legacy Series => Topic started by: mervynsword on January 04, 2020, 03:53:54 pm
-
Recently I found out the ISP is hijacking DNS, so when I visit some websites or URLs I can`t get the right IP.
In China, the ISP now does not hijacking websites and URLs with a blacklist, as there are more and more websites we can`t visit today, I think they are doing it with a whitelist. This sucks.
Now I am using DNSCrypt-Proxy, this plugin is great, but there is another problem. When I am visiting some websites in ISP`s whitelist which they will not do DNS hijacking, the cloudflare DNS tranlates a CDN IP in USA which is very slow for me.
So I am trying to make a whitelist for myself, which contains all Chinese "good" websites, and then tranlates the URLs in the whitelist with a Chinese DNS like DNSPOD, and everything else with cloudflare DOH DNS.
How to do that? The whitelist contains thousands URLs, so enter the URLs one by one will kill me. :'(
-
You could probably write your own dns server, which can choose the upstream DNS server based on rules.
This is one I wrote a longer time ago which can be used as a template:
https://github.com/fabianfrz/dns
If you read a config file like
example.net,dns a
example.com,dns b
And hardcode a default of dns c you will likely get a usable solution. I think there is no out of the box solution for that except hardcoding the zone data.
-
Thank you very much.
I am trying to solve this problem by using DNSCrypt-Proxy while there is a Forwarder function.
But how can I import the whitelist? I tried to edit the forwarding-rules.txt in /usr/local/etc/dnscrypt-proxy. But when I restart the DNSCrypt-Proxy, the forwarding-rules.txt will be reset. There are about 40000 URLs. It`s a IMPOSSIBLE mission for me to enter them using web-GUI.