convert your dns request into httpdns request(DoH) and log them,Provide alt DNS to LAN with customized hosts.
ISP's DNS hijack In China has been drive me nuts for a long time,and I've been tried for lots of dns encryption projects,their encryption and RFC standard extend was really good,but due to most of these projects doesn't have DNS server in China,so it always makes my daily browsing slowly.
finally,I found that DNSpod have a simple Httpdns API server in China and currently there has no evidence showed which ISP already hijack the http dns request between user's network and DNSpod server, so I developed this tiny tool to make it work.
by version 1.5 now this tool will use standard DOH which will access https://doh.pub/dns-query for results,which considered as a better security performance.
- Current Version: 1.8
- Language:golang
1. Clone this project to your local disk.
2. Open this project's folder and Compile SnowPearDNS.go to executables:
go build SnowPearDNS.go
or you can directly download compiled executables for win if your are using Windows:
64bit_forWindows
32bit_forWindows
or download here for linux if you are using Linux:
64bit_forLinux_ELF
32bit_forLinux_ELF
3. Running the executables you got from last step and Configuration your local DNS server to 127.0.0.1.
4. Enjoy your browsing!
from version 1.8,you can now load dns records from
-c <your hosts file location>
option.
- Do you have a dns record cache in this tool?
Yes,since sometimes http request will lost and DNSpod has limit on concurrency request made the http dns request very slow,I've add a memcache by using muesli's cache2go,default expiration time of one record haven't been hited is One day(60*60*24*seconds). Since it's cached in memory so everytime you restart this process it will force clear cache.
- How can I know DNSpod's server works good for me,what if there is a high latency to DNSpod server from my network?
Well,you can using ping tool to check the latency between your network and DNSpod server by:
ping 119.29.29.29
remember that the ICMP echo back latency in ms may not the real latency compare to do one http request to dnspod on your network.If it's really too slow,you may got a vps which you can trust and has no dns hijack in the cloud network and running a httpdns server like dnspod,and change the dns server url in SnowPearDNS.go,or you can do some encryption modify to improve the security performence.But The better way here I think you can try some other dns encryption project like https://github.com/bitbeans/SimpleDnsCrypt This opensource project has been provided a lots of dns encrypted server all over the world.
- How's the security of this tool?
As I said at first "currently there has no evidence showed that which ISP already hijack the http dns request between user's network and DNSpod server In China",so if you got wrong dns record or you found your ISP hijacked the httpdns request,please let me know and I'll consider to develop a better dns tool with encryption which has it's own server and client.
For security reason it will not using your local hosts file by default,but you can enable it by running it with -hosts params.
by version 1.5 now this tool will use standard DOH which will access https://doh.pub/dns-query for results,which considered better security performance.remember that due to doh.pub is aslo a domain that need to resolve before we use it as DOH server,so there still need access old http dns server 119.119.119.119 first to get it's resolve when startup.
- on windows there need at least 2 dns ipaddress set on ethernet settings?
the tool itself by default will listen on
0.0.0.0
,so simple put main DNS as 127.0.0.1,another to your LAN address.(which like 192.168.1.x 172.0.1.x...)
also by this you can serve the other teminal in your LAN if you like.
- miekg
https://github.com/miekg/dns - fangdingjun
https://github.com/fangdingjun/gdns - muesli
https://github.com/muesli/cache2go