在上一篇文章 02.设置网络接口 中,已经设置了各网络接口,现在开始设置系统 DNS 。
使用 Winbox 登录 RouterOS ,点击左侧导航 IP
菜单的子菜单 DNS
,并修改参数。
参数 | 值 |
---|---|
Servers | 223.5.5.5 180.184.1.1 119.29.29.29 |
Allow Remote Requests | 必须勾选 |
Max. Concurrent Queries | 150 |
Cache Size | 2048 |
Cache Max TTL | 06:00:00 |
Servers
处可填写国内知名的 DNS 服务提供商,比如腾讯 DNSPod Public DNS 119.29.29.29
。
Allow Remote Requests
必须勾选 ,其作用是允许内网设备通过 RouterOS 地址来进行 DNS 查询。
在根据我的系列文章 Adguard Home 折腾手记 安装并配置了内网 DNS 服务器后,需要调整 RouterOS 的 DNS 配置。
点击左侧导航 IP
菜单的子菜单 DNS
,将 Servers
参数同样修改为内网 DNS 的 IP 地址。
DNS 黑洞是一组静态解析地址,基于 RFC6303 - Locally Served DNS Zones 和 RFC6761 - Special-Use Domain Names 创建。
由于 RouterOS 暂不支持 rDNS
和 mDNS
查询,使用 DNS 黑洞可一定程度上避免将内网数据意外泄露给公共 DNS 服务器。
配置 DNS 黑洞时,将以下命令一次性全部粘贴到 CLI
中执行即可。
/ip dns static
add comment="defconf: suppress special-use domain names" match-subdomain=yes type=NXDOMAIN name=alt
add comment="defconf: suppress special-use domain names" match-subdomain=yes type=NXDOMAIN name=home.arpa
add comment="defconf: suppress special-use domain names" match-subdomain=yes type=NXDOMAIN name=example
add comment="defconf: suppress special-use domain names" match-subdomain=yes type=NXDOMAIN name=bind
add comment="defconf: suppress special-use domain names" match-subdomain=yes type=NXDOMAIN name=invalid
add comment="defconf: suppress special-use domain names" match-subdomain=yes type=NXDOMAIN name=lan
add comment="defconf: suppress special-use domain names" match-subdomain=yes type=NXDOMAIN name=local
add comment="defconf: suppress special-use domain names" match-subdomain=yes type=NXDOMAIN name=localhost
add comment="defconf: suppress special-use domain names" match-subdomain=yes type=NXDOMAIN name=onion
add comment="defconf: suppress special-use domain names" match-subdomain=yes type=NXDOMAIN name=test
add comment="defconf: suppress special-use domain names" match-subdomain=yes type=NXDOMAIN name=10.in-addr.arpa
add comment="defconf: suppress special-use domain names" match-subdomain=yes type=NXDOMAIN name=16.172.in-addr.arpa
add comment="defconf: suppress special-use domain names" match-subdomain=yes type=NXDOMAIN name=17.172.in-addr.arpa
add comment="defconf: suppress special-use domain names" match-subdomain=yes type=NXDOMAIN name=18.172.in-addr.arpa
add comment="defconf: suppress special-use domain names" match-subdomain=yes type=NXDOMAIN name=19.172.in-addr.arpa
add comment="defconf: suppress special-use domain names" match-subdomain=yes type=NXDOMAIN name=20.172.in-addr.arpa
add comment="defconf: suppress special-use domain names" match-subdomain=yes type=NXDOMAIN name=21.172.in-addr.arpa
add comment="defconf: suppress special-use domain names" match-subdomain=yes type=NXDOMAIN name=22.172.in-addr.arpa
add comment="defconf: suppress special-use domain names" match-subdomain=yes type=NXDOMAIN name=23.172.in-addr.arpa
add comment="defconf: suppress special-use domain names" match-subdomain=yes type=NXDOMAIN name=24.172.in-addr.arpa
add comment="defconf: suppress special-use domain names" match-subdomain=yes type=NXDOMAIN name=25.172.in-addr.arpa
add comment="defconf: suppress special-use domain names" match-subdomain=yes type=NXDOMAIN name=26.172.in-addr.arpa
add comment="defconf: suppress special-use domain names" match-subdomain=yes type=NXDOMAIN name=27.172.in-addr.arpa
add comment="defconf: suppress special-use domain names" match-subdomain=yes type=NXDOMAIN name=28.172.in-addr.arpa
add comment="defconf: suppress special-use domain names" match-subdomain=yes type=NXDOMAIN name=29.172.in-addr.arpa
add comment="defconf: suppress special-use domain names" match-subdomain=yes type=NXDOMAIN name=30.172.in-addr.arpa
add comment="defconf: suppress special-use domain names" match-subdomain=yes type=NXDOMAIN name=31.172.in-addr.arpa
add comment="defconf: suppress special-use domain names" match-subdomain=yes type=NXDOMAIN name=168.192.in-addr.arpa
add comment="defconf: suppress special-use domain names" match-subdomain=yes type=NXDOMAIN name=0.in-addr.arpa
add comment="defconf: suppress special-use domain names" match-subdomain=yes type=NXDOMAIN name=127.in-addr.arpa
add comment="defconf: suppress special-use domain names" match-subdomain=yes type=NXDOMAIN name=254.169.in-addr.arpa
add comment="defconf: suppress special-use domain names" match-subdomain=yes type=NXDOMAIN name=2.0.192.in-addr.arpa
add comment="defconf: suppress special-use domain names" match-subdomain=yes type=NXDOMAIN name=100.51.198.in-addr.arpa
add comment="defconf: suppress special-use domain names" match-subdomain=yes type=NXDOMAIN name=113.0.203.in-addr.arpa
add comment="defconf: suppress special-use domain names" match-subdomain=yes type=NXDOMAIN name=255.255.255.255.in-addr.arpa
add comment="defconf: suppress special-use domain names" match-subdomain=yes type=NXDOMAIN name=0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa
add comment="defconf: suppress special-use domain names" match-subdomain=yes type=NXDOMAIN name=1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa
add comment="defconf: suppress special-use domain names" match-subdomain=yes type=NXDOMAIN name=d.f.ip6.arpa
add comment="defconf: suppress special-use domain names" match-subdomain=yes type=NXDOMAIN name=8.e.f.ip6.arpa
add comment="defconf: suppress special-use domain names" match-subdomain=yes type=NXDOMAIN name=9.e.f.ip6.arpa
add comment="defconf: suppress special-use domain names" match-subdomain=yes type=NXDOMAIN name=a.e.f.ip6.arpa
add comment="defconf: suppress special-use domain names" match-subdomain=yes type=NXDOMAIN name=b.e.f.ip6.arpa
add comment="defconf: suppress special-use domain names" match-subdomain=yes type=NXDOMAIN name=8.b.d.0.1.0.0.2.ip6.arpa
至此,RouterOS 设置系统 DNS 步骤完成。