前言
dnscrypt-proxy是一个开源github项目,用于加密dns请求,支持Win/Linux/MacOS/Android/iOS等平台,
官方却有iOS编译方法,但已经不兼容现有系统环境,因此笔者自行编译。项目地址https://github.com/DNSCrypt/dnscrypt-proxy
编译
和以往一样笔者位MacOS系统
- 下载源码并进入dnscrypt-proxy/dnscrypt-proxy目录
- 修改main.go,注意代码中包括了官方提到的防内存过高被杀进程的memorystatus_control,还有我自己发现的SIGURG的处理,此bug目前原因未知,进程启动没多久就会因为无法处理SIGURG而崩溃,google搜了下无所获,猜测是go的某个依赖库有问题,因此直接自己handle了该信号,可正常运行
package main
/*
#include <stdint.h>
int memorystatus_control(uint32_t command, int32_t pid, uint32_t flags, void *buffer, size_t buffersize);
*/
import "C"
import (
crypto_rand "crypto/rand"
"encoding/binary"
"flag"
"fmt"
"math/rand"
"os"
"os/signal"
"runtime"
"sync"
"syscall"
"github.com/jedisct1/dlog"
"github.com/kardianos/service"
)
const (
AppVersion = "2.1.4"
DefaultConfigFileName = "dnscrypt-proxy.toml"
)
type App struct {
wg sync.WaitGroup
quit chan struct{}
proxy *Proxy
flags *ConfigFlags
}
func handle_sigurg() {
c := make(chan os.Signal)
signal.Notify(c, syscall.SIGURG)
go func() {
for s := range c {
switch s {
case syscall.SIGURG:
fmt.Println("SIGURG")
break
default:
break
}
}
}()
}
func main() {
handle_sigurg()
TimezoneSetup()
dlog.Init("dnscrypt-proxy", dlog.SeverityNotice, "DAEMON")
runtime.MemProfileRate = 0
seed := make([]byte, 8)
crypto_rand.Read(seed)
rand.Seed(int64(binary.LittleEndian.Uint64(seed[:])))
pwd, err := os.Getwd()
if err != nil {
dlog.Fatal("Unable to find the path to the current directory")
}
svcFlag := flag.String("service", "", fmt.Sprintf("Control the system service: %q", service.ControlAction))
version := flag.Bool("version", false, "print current proxy version")
flags := ConfigFlags{}
flags.Resolve = flag.String("resolve", "", "resolve a DNS name (string can be <name> or <name>,<resolver address>)")
flags.List = flag.Bool("list", false, "print the list of available resolvers for the enabled filters")
flags.ListAll = flag.Bool("list-all", false, "print the complete list of available resolvers, ignoring filters")
flags.JSONOutput = flag.Bool("json", false, "output list as JSON")
flags.Check = flag.Bool("check", false, "check the configuration file and exit")
flags.ConfigFile = flag.String("config", DefaultConfigFileName, "Path to the configuration file")
flags.Child = flag.Bool("child", false, "Invokes program as a child process")
flags.NetprobeTimeoutOverride = flag.Int("netprobe-timeout", 60, "Override the netprobe timeout")
flags.ShowCerts = flag.Bool("show-certs", false, "print DoH certificate chain hashes")
flag.Parse()
if *version {
fmt.Println(AppVersion)
os.Exit(0)
}
if os.Getuid() == 0 {
var MEMORYSTATUS_CMD_SET_JETSAM_TASK_LIMIT C.uint = 6;
if C.memorystatus_control(MEMORYSTATUS_CMD_SET_JETSAM_TASK_LIMIT, C.int(os.Getpid()), 0, nil, 0) != 0 {
dlog.Warn("Failed to disable iOS launchd's memory restrictions; loading a large blacklist, for example, may cause dnscrypt-proxy to be killed!")
}
}
app := &App{
flags: &flags,
}
svcConfig := &service.Config{
Name: "dnscrypt-proxy",
DisplayName: "DNSCrypt client proxy",
Description: "Encrypted/authenticated DNS proxy",
WorkingDirectory: pwd,
Arguments: []string{"-config", *flags.ConfigFile},
}
svc, err := service.New(app, svcConfig)
if err != nil {
svc = nil
dlog.Debug(err)
}
app.proxy = NewProxy()
_ = ServiceManagerStartNotify()
if len(*svcFlag) != 0 {
if svc == nil {
dlog.Fatal("Built-in service installation is not supported on this platform")
}
if err := service.Control(svc, *svcFlag); err != nil {
dlog.Fatal(err)
}
if *svcFlag == "install" {
dlog.Notice("Installed as a service. Use `-service start` to start")
} else if *svcFlag == "uninstall" {
dlog.Notice("Service uninstalled")
} else if *svcFlag == "start" {
dlog.Notice("Service started")
} else if *svcFlag == "stop" {
dlog.Notice("Service stopped")
} else if *svcFlag == "restart" {
dlog.Notice("Service restarted")
}
return
}
if svc != nil {
if err := svc.Run(); err != nil {
dlog.Fatal(err)
}
} else {
app.Start(nil)
}
}
func (app *App) Start(service service.Service) error {
if service != nil {
go func() {
app.AppMain()
}()
} else {
app.AppMain()
}
return nil
}
func (app *App) AppMain() {
if err := ConfigLoad(app.proxy, app.flags); err != nil {
dlog.Fatal(err)
}
if err := PidFileCreate(); err != nil {
dlog.Criticalf("Unable to create the PID file: %v", err)
}
if err := app.proxy.InitPluginsGlobals(); err != nil {
dlog.Fatal(err)
}
app.quit = make(chan struct{})
app.wg.Add(1)
app.proxy.StartProxy()
runtime.GC()
<-app.quit
dlog.Notice("Quit signal received...")
app.wg.Done()
}
func (app *App) Stop(service service.Service) error {
PidFileRemove()
dlog.Notice("Stopped.")
return nil
}
- 如官方说明添加dnscrypt-proxy.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "https://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>get-task-allow</key>
<true/>
<key>proc_info-allow</key>
<true/>
<key>task_for_pid-allow</key>
<true/>
<key>com.apple.private.network.reserved-port</key>
<true/>
<key>com.apple.security.network.client</key>
<true/>
<key>com.apple.security.network.server</key>
<true/>
<key>com.apple.developer.networking.networkextension</key>
<true/>
<key>com.apple.network.multipath-tcp</key>
<true/>
<key>platform-application</key>
<true/>
<key>com.apple.private.security.container-required</key>
<false/>
</dict>
</plist>
- 添加build.sh如下
#!/bin/bash
export GOROOT=$(go env GOROOT)
CGO_ENABLED=1 GOOS=ios GOARCH=arm64 CC="$GOROOT/misc/ios/clangwrap.sh" CXX="$GOROOT/misc/ios/clangwrap.sh" \
CGO_CFLAGS="-isysroot $(xcrun --sdk iphoneos --show-sdk-path) -miphoneos-version-min=9.0 -fembed-bitcode -arch arm64" \
CGO_CXXFLAGS="-isysroot $(xcrun --sdk iphoneos --show-sdk-path) -miphoneos-version-min=9.0 -fembed-bitcode -arch arm64" \
CGO_LDFLAGS="-isysroot $(xcrun --sdk iphoneos --show-sdk-path) -miphoneos-version-min=9.0 -fembed-bitcode -arch arm64" \
go build -ldflags="-s -w" -tags=ios
ldid -Sdnscrypt-proxy.plist dnscrypt-proxy
- 执行build.sh编译,得到dnscrypt-proxy,将文件example-dnscrypt-proxy.toml改为dnscrypt-proxy.toml,一起传入iPhone做测试
/usr/bin/dnscrypt-proxy -config /etc/dnscrypt-proxy/dnscrypt-proxy.toml -logfile /tmp/dnscrypt-proxy.log
可以看到运行正常:
[2023-03-31 13:14:02] [NOTICE] dnscrypt-proxy 2.1.4
[2023-03-31 13:14:02] [NOTICE] Network connectivity detected
[2023-03-31 13:14:02] [NOTICE] Now listening to 127.0.0.1:53 [UDP]
[2023-03-31 13:14:02] [NOTICE] Now listening to 127.0.0.1:53 [TCP]
[2023-03-31 13:14:02] [NOTICE] Now listening to [::1]:53 [UDP]
[2023-03-31 13:14:02] [NOTICE] Now listening to [::1]:53 [TCP]
[2023-03-31 13:14:02] [NOTICE] Source [public-resolvers] loaded
[2023-03-31 13:14:02] [NOTICE] Source [relays] loaded
[2023-03-31 13:14:02] [NOTICE] Firefox workaround initialized
[2023-03-31 13:14:14] [NOTICE] [dns.sb] OK (DoH) - rtt: 316ms
[2023-03-31 13:14:14] [NOTICE] [openinternet] OK (DNSCrypt) - rtt: 181ms
[2023-03-31 13:14:21] [NOTICE] [quad9-dnscrypt-ip4-nofilter-pri] OK (DNSCrypt) - rtt: 183ms
[2023-03-31 13:14:21] [NOTICE] [quad9-dnscrypt-ip4-nofilter-pri] OK (DNSCrypt) - rtt: 183ms - additional certificate
[2023-03-31 13:14:22] [NOTICE] [meganerd-doh-ipv4] OK (DoH) - rtt: 309ms
[2023-03-31 13:14:23] [NOTICE] [dnscrypt.ca-1] OK (DNSCrypt) - rtt: 242ms
[2023-03-31 13:14:23] [NOTICE] [scaleway-fr] OK (DNSCrypt) - rtt: 214ms
[2023-03-31 13:14:25] [NOTICE] [dns.digitalsize.net] OK (DoH) - rtt: 406ms
[2023-03-31 13:14:32] [NOTICE] [dct-at1] OK (DNSCrypt) - rtt: 259ms
[2023-03-31 13:14:32] [NOTICE] [meganerd] OK (DNSCrypt) - rtt: 263ms
[2023-03-31 13:14:48] [NOTICE] [jp.tiar.app] TIMEOUT
[2023-03-31 13:14:57] [NOTICE] [ams-doh-nl] OK (DoH) - rtt: 1095ms
[2023-03-31 13:15:02] [NOTICE] [dnswarden-uncensor-dc] TIMEOUT
[2023-03-31 13:15:03] [NOTICE] [dct-nl1] OK (DNSCrypt) - rtt: 253ms
[2023-03-31 13:15:13] [NOTICE] [scaleway-ams] OK (DNSCrypt) - rtt: 268ms
[2023-03-31 13:15:15] [NOTICE] [dns.digitale-gesellschaft.ch-2] OK (DoH) - rtt: 394ms
[2023-03-31 13:15:17] [NOTICE] [cloudflare] OK (DoH) - rtt: 189ms
[2023-03-31 13:15:18] [NOTICE] [wevpn-useast] OK (DNSCrypt) - rtt: 311ms
[2023-03-31 13:15:18] [NOTICE] [ams-dnscrypt-nl] OK (DNSCrypt) - rtt: 246ms
[2023-03-31 13:15:29] [NOTICE] [wevpn-singapore] OK (DNSCrypt) - rtt: 289ms
[2023-03-31 13:15:31] [NOTICE] [njalla-doh] OK (DoH) - rtt: 302ms
[2023-03-31 13:15:31] [NOTICE] [plan9dns-nj] OK (DNSCrypt) - rtt: 248ms
[2023-03-31 13:15:31] [NOTICE] [plan9dns-nj] OK (DNSCrypt) - rtt: 248ms - additional certificate
[2023-03-31 13:15:37] [NOTICE] [dnscrypt.uk-ipv4] OK (DNSCrypt) - rtt: 261ms
[2023-03-31 13:15:38] [NOTICE] [dnswarden-uncensor-dc-swiss] OK (DNSCrypt) - rtt: 186ms
[2023-03-31 13:15:38] [NOTICE] [techsaviours.org-dnscrypt] OK (DNSCrypt) - rtt: 215ms
[2023-03-31 13:15:39] [NOTICE] [serbica] OK (DNSCrypt) - rtt: 236ms
[2023-03-31 13:15:44] [NOTICE] [altername] OK (DNSCrypt) - rtt: 224ms
[2023-03-31 13:15:45] [NOTICE] [saldns03-conoha-ipv4] OK (DNSCrypt) - rtt: 204ms
[2023-03-31 13:15:45] [NOTICE] [dnscrypt.pl] OK (DNSCrypt) - rtt: 314ms
[2023-03-31 13:15:45] [NOTICE] [saldns01-conoha-ipv4] OK (DNSCrypt) - rtt: 184ms
[2023-03-31 13:15:45] [WARNING] [adguard-dns-unfiltered] uses a non-standard provider name ('2.dnscrypt.unfiltered.ns1.adguard.com.' doesn't start with '2.dnscrypt-cert.')
[2023-03-31 13:15:51] [NOTICE] [adguard-dns-unfiltered] OK (DNSCrypt) - rtt: 183ms
[2023-03-31 13:15:57] [NOTICE] [faelix-ch-ipv4] OK (DNSCrypt) - rtt: 185ms
[2023-03-31 13:15:58] [NOTICE] [dns.digitale-gesellschaft.ch] OK (DoH) - rtt: 303ms
[2023-03-31 13:16:01] [NOTICE] [bortzmeyer] OK (DoH) - rtt: 302ms
[2023-03-31 13:16:01] [NOTICE] [sby-limotelu] OK (DNSCrypt) - rtt: 339ms
[2023-03-31 13:16:02] [NOTICE] [quad9-dnscrypt-ip4-nofilter-ecs-pri] OK (DNSCrypt) - rtt: 241ms
[2023-03-31 13:16:02] [NOTICE] [quad9-dnscrypt-ip4-nofilter-ecs-pri] OK (DNSCrypt) - rtt: 241ms - additional certificate
[2023-03-31 13:16:03] [NOTICE] [dct-de1] OK (DNSCrypt) - rtt: 235ms
[2023-03-31 13:16:03] [NOTICE] [ffmuc.net] OK (DNSCrypt) - rtt: 259ms
[2023-03-31 13:16:03] [NOTICE] [deffer-dns.au] OK (DNSCrypt) - rtt: 203ms
[2023-03-31 13:16:05] [NOTICE] [uncensoreddns-ipv4] OK (DoH) - rtt: 310ms
[2023-03-31 13:16:18] [NOTICE] [sth-doh-se] OK (DoH) - rtt: 270ms
[2023-03-31 13:16:21] [NOTICE] [doh.appliedprivacy.net] OK (DoH) - rtt: 1083ms
[2023-03-31 13:16:28] [NOTICE] [ibksturm] TIMEOUT
[2023-03-31 13:16:39] [NOTICE] [pryv8boi] OK (DNSCrypt) - rtt: 268ms
[2023-03-31 13:16:46] [NOTICE] [plan9dns-mx-doh] OK (DoH) - rtt: 301ms
[2023-03-31 13:16:46] [NOTICE] [plan9dns-fl] OK (DNSCrypt) - rtt: 245ms
[2023-03-31 13:16:46] [NOTICE] [plan9dns-fl] OK (DNSCrypt) - rtt: 245ms - additional certificate
[2023-03-31 13:16:56] [NOTICE] System DNS configuration not usable yet, exceptionally resolving [ns3.opennameserver.org] using bootstrap resolvers over tcp
[2023-03-31 13:17:08] [NOTICE] [nextdns] OK (DoH) - rtt: 166ms
[2023-03-31 13:17:11] [NOTICE] [dnscrypt.ca-2-doh] OK (DoH) - rtt: 249ms
[2023-03-31 13:17:21] [NOTICE] [faelix-uk-ipv4] OK (DNSCrypt) - rtt: 236ms
[2023-03-31 13:17:25] [NOTICE] [libredns] OK (DoH) - rtt: 267ms
[2023-03-31 13:17:27] [NOTICE] [plan9dns-nj-doh] OK (DoH) - rtt: 245ms
[2023-03-31 13:17:27] [NOTICE] [plan9dns-mx] OK (DNSCrypt) - rtt: 284ms
[2023-03-31 13:17:27] [NOTICE] [plan9dns-mx] OK (DNSCrypt) - rtt: 284ms - additional certificate
[2023-03-31 13:17:33] [NOTICE] [saldns02-conoha-ipv4] TIMEOUT
[2023-03-31 13:17:36] [NOTICE] [uncensoreddns-dk-ipv4] OK (DoH) - rtt: 295ms
[2023-03-31 13:17:36] [NOTICE] [dnscrypt.ca-2] OK (DNSCrypt) - rtt: 284ms
[2023-03-31 13:17:37] [NOTICE] [dct-ru1] OK (DNSCrypt) - rtt: 116ms
[2023-03-31 13:17:48] [NOTICE] [dnscrypt.ca-1-doh] OK (DoH) - rtt: 305ms
[2023-03-31 13:17:48] [NOTICE] [starrydns] OK (DNSCrypt) - rtt: 92ms
[2023-03-31 13:17:54] [NOTICE] [dnscrypt.be] TIMEOUT
[2023-03-31 13:18:07] [NOTICE] [doh-crypto-sx] OK (DoH) - rtt: 408ms
[2023-03-31 13:18:08] [NOTICE] [v.dnscrypt.uk-ipv4] OK (DNSCrypt) - rtt: 246ms
[2023-03-31 13:18:08] [NOTICE] [sth-dnscrypt-se] OK (DNSCrypt) - rtt: 224ms
[2023-03-31 13:18:08] [NOTICE] Sorted latencies:
[2023-03-31 13:18:08] [NOTICE] - 92ms starrydns
[2023-03-31 13:18:08] [NOTICE] - 116ms dct-ru1
[2023-03-31 13:18:08] [NOTICE] - 166ms nextdns
[2023-03-31 13:18:08] [NOTICE] - 181ms openinternet
[2023-03-31 13:18:08] [NOTICE] - 183ms quad9-dnscrypt-ip4-nofilter-pri
[2023-03-31 13:18:08] [NOTICE] - 183ms adguard-dns-unfiltered
[2023-03-31 13:18:08] [NOTICE] - 184ms saldns01-conoha-ipv4
[2023-03-31 13:18:08] [NOTICE] - 185ms faelix-ch-ipv4
[2023-03-31 13:18:08] [NOTICE] - 186ms dnswarden-uncensor-dc-swiss
[2023-03-31 13:18:08] [NOTICE] - 189ms cloudflare
[2023-03-31 13:18:08] [NOTICE] - 203ms deffer-dns.au
[2023-03-31 13:18:08] [NOTICE] - 204ms saldns03-conoha-ipv4
[2023-03-31 13:18:08] [NOTICE] - 214ms scaleway-fr
[2023-03-31 13:18:08] [NOTICE] - 215ms techsaviours.org-dnscrypt
[2023-03-31 13:18:08] [NOTICE] - 224ms altername
[2023-03-31 13:18:08] [NOTICE] - 224ms sth-dnscrypt-se
[2023-03-31 13:18:08] [NOTICE] - 235ms dct-de1
[2023-03-31 13:18:08] [NOTICE] - 236ms serbica
[2023-03-31 13:18:08] [NOTICE] - 236ms faelix-uk-ipv4
[2023-03-31 13:18:08] [NOTICE] - 241ms quad9-dnscrypt-ip4-nofilter-ecs-pri
[2023-03-31 13:18:08] [NOTICE] - 242ms dnscrypt.ca-1
[2023-03-31 13:18:08] [NOTICE] - 245ms plan9dns-fl
[2023-03-31 13:18:08] [NOTICE] - 245ms plan9dns-nj-doh
[2023-03-31 13:18:08] [NOTICE] - 246ms ams-dnscrypt-nl
[2023-03-31 13:18:08] [NOTICE] - 246ms v.dnscrypt.uk-ipv4
[2023-03-31 13:18:08] [NOTICE] - 248ms plan9dns-nj
[2023-03-31 13:18:08] [NOTICE] - 249ms dnscrypt.ca-2-doh
[2023-03-31 13:18:08] [NOTICE] - 253ms dct-nl1
[2023-03-31 13:18:08] [NOTICE] - 259ms dct-at1
[2023-03-31 13:18:08] [NOTICE] - 259ms ffmuc.net
[2023-03-31 13:18:08] [NOTICE] - 261ms dnscrypt.uk-ipv4
[2023-03-31 13:18:08] [NOTICE] - 263ms meganerd
[2023-03-31 13:18:08] [NOTICE] - 267ms libredns
[2023-03-31 13:18:08] [NOTICE] - 268ms scaleway-ams
[2023-03-31 13:18:08] [NOTICE] - 268ms pryv8boi
[2023-03-31 13:18:08] [NOTICE] - 270ms sth-doh-se
[2023-03-31 13:18:08] [NOTICE] - 284ms plan9dns-mx
[2023-03-31 13:18:08] [NOTICE] - 284ms dnscrypt.ca-2
[2023-03-31 13:18:08] [NOTICE] - 289ms wevpn-singapore
[2023-03-31 13:18:08] [NOTICE] - 295ms uncensoreddns-dk-ipv4
[2023-03-31 13:18:08] [NOTICE] - 301ms plan9dns-mx-doh
[2023-03-31 13:18:08] [NOTICE] - 302ms njalla-doh
[2023-03-31 13:18:09] [NOTICE] - 302ms bortzmeyer
[2023-03-31 13:18:09] [NOTICE] - 303ms dns.digitale-gesellschaft.ch
[2023-03-31 13:18:09] [NOTICE] - 305ms dnscrypt.ca-1-doh
[2023-03-31 13:18:09] [NOTICE] - 309ms meganerd-doh-ipv4
[2023-03-31 13:18:09] [NOTICE] - 310ms uncensoreddns-ipv4
[2023-03-31 13:18:09] [NOTICE] - 311ms wevpn-useast
[2023-03-31 13:18:09] [NOTICE] - 314ms dnscrypt.pl
[2023-03-31 13:18:09] [NOTICE] - 316ms dns.sb
[2023-03-31 13:18:09] [NOTICE] - 339ms sby-limotelu
[2023-03-31 13:18:09] [NOTICE] - 394ms dns.digitale-gesellschaft.ch-2
[2023-03-31 13:18:09] [NOTICE] - 406ms dns.digitalsize.net
[2023-03-31 13:18:09] [NOTICE] - 408ms doh-crypto-sx
[2023-03-31 13:18:09] [NOTICE] - 1083ms doh.appliedprivacy.net
[2023-03-31 13:18:09] [NOTICE] - 1095ms ams-doh-nl
[2023-03-31 13:18:09] [NOTICE] Server with the lowest initial latency: starrydns (rtt: 92ms)
[2023-03-31 13:18:09] [NOTICE] dnscrypt-proxy is ready - live servers: 56
此时使用nslookup测试dns服务器:
nslookup www.baidu.com 127.0.0.1
得到正确结果:
iPhone:~ root# nslookup www.baidu.com 127.0.0.1
Server: 127.0.0.1
Address: 127.0.0.1#53
Non-authoritative answer:
www.baidu.com canonical name = www.a.shifen.com.
www.a.shifen.com canonical name = www.wshifen.com.
Name: www.wshifen.com
Address: 45.113.192.101
Name: www.wshifen.com
Address: 45.113.192.102
下面就是打包为deb了,由于过程较为繁琐,笔者又比较懒就不写了。
实际使用时,需要在“系统设置-Wifi”里面设置DNS为127.0.0.1且删掉其他dns。即可生效,从此远离dns污染
|Archiver|小黑屋|技术宅的结界
( 滇ICP备16008837号 )|网站地图
发表于 2023-3-31 21:34:18
