Awesome
overture
Overture is a customized DNS relay server.
Overture means the orchestral piece at the beginning of a classical music composition, just like DNS which is nearly the first step of surfing the Internet.
Please note:
- Read the entire README first is necessary if you want to use overture safely or create an issue for this project .
- Production usage is not recommended and there is no guarantee or warranty of it.
Features
- Multiple DNS upstream
- Via UDP/TCP with custom port
- Via SOCKS5 proxy (TCP only)
- With EDNS Client Subnet (ECS) RFC7871
- Dispatcher
- Custom domain
- Custom IP network
- IPv6 record (AAAA) redirection
- Full IPv6 support
- Minimum TTL modification
- Hosts (Both IPv4 and IPv6 are supported and IPs will be returned in a random order. If you want to use regex match hosts, please understand how regex works first)
- Cache with ECS and Redis(Persistence) support
- DNS over HTTP server support
Dispatch process
DNS queries with certain domain will be forced to use selected DNS when matched.
For the IP network dispatch, overture will send queries to primary DNS first. Then, If that answer is empty or not matched, the alternative DNS servers will be used instead.
Installation
The binary releases are available in releases.
Usages
Start with the default config file ./config.yml
Only file having a .json
suffix will be considered as json format for compatibility and that support is deprecated.
$ ./overture
Or use your own config file:
$ ./overture -c /path/to/config.yml
Verbose mode:
$ ./overture -v
Log to file:
$ ./overture -l /path/to/overture.log
For other options, please check the helping menu:
$ ./overture -h
Tips:
- Root privilege might be required if you want to let overture listen on port 53 or one of other system ports.
Configuration Syntax
Configuration file is "config.yml" by default:
bindAddress: :53
debugHTTPAddress: 127.0.0.1:5555
dohEnabled: false
primaryDNS:
- name: DNSPod
address: 119.29.29.29:53
protocol: udp
socks5Address:
timeout: 6
ednsClientSubnet:
policy: disable
externalIP:
noCookie: true
alternativeDNS:
- name: 114DNS
address: 114.114.114.114:53
protocol: udp
socks5Address:
timeout: 6
ednsClientSubnet:
policy: disable
externalIP:
noCookie: true
onlyPrimaryDNS: false
ipv6UseAlternativeDNS: false
alternativeDNSConcurrent: false
whenPrimaryDNSAnswerNoneUse: primaryDNS
ipNetworkFile:
primary: ./ip_network_primary_sample
alternative: ./ip_network_alternative_sample
domainFile:
primary: ./domain_primary_sample
alternative: ./domain_alternative_sample
matcher: full-map
hostsFile:
hostsFile: ./hosts_sample
finder: full-map
minimumTTL: 0
domainTTLFile: ./domain_ttl_sample
cacheSize: 0
cacheRedisUrl: redis://localhost:6379/0
cacheRedisConnectionPoolSize: 10
rejectQType:
- 255
Tips:
-
bindAddress: Specifying any port (e.g.
:53
) will let overture listen on all available addresses (both IPv4 and IPv6). Overture will handle both TCP and UDP requests. Literal IPv6 addresses are enclosed in square brackets (e.g.[2001:4860:4860::8888]:53
) -
debugHTTPAddress: Specifying an HTTP port for debug (
5555
is the default port despite it is also acknowledged as the android Wi-Fi adb listener port), currently used to dump DNS cache, and the request url is/cache
, available query argument isnobody
(boolean)-
true(default): only get the cache size;
$ curl 127.0.0.1:5555/cache | jq { "length": 1, "capacity": 100, "body": {} }
-
false: get cache size along with cache detail.
$ curl 127.0.0.1:5555/cache?nobody=false | jq { "length": 1, "capacity": 100, "body": { "www.baidu.com. 1": [ { "name": "www.baidu.com.", "ttl": 1140, "type": "CNAME", "rdata": "www.a.shifen.com." }, { "name": "www.a.shifen.com.", "ttl": 300, "type": "CNAME", "rdata": "www.wshifen.com." }, { "name": "www.wshifen.com.", "ttl": 300, "type": "A", "rdata": "104.193.88.123" }, { "name": "www.wshifen.com.", "ttl": 300, "type": "A", "rdata": "104.193.88.77" } ] } }
-
-
dohEnabled: Enable DNS over HTTP server using
DebugHTTPAddress
above with url path/dns-query
. DNS over HTTPS server can be easily achieved helping by another web server software like caddy or nginx. -
primaryDNS/alternativeDNS:
- name: This field is only used for logging.
- address: Same rule as BindAddress.
- protocol:
tcp
,udp
,tcp-tls
orhttps
tcp-tls
: Address format is "servername:port@serverAddress", try one.one.one.one:853 or one.one.one.one:853@1.1.1.1https
: Just try https://cloudflare-dns.com/dns-query- Check DNS Privacy Public Resolvers for more public
tcp-tls
,https
resolvers.
- socks5Address: Forward dns query to this SOCKS5 proxy,
“”
to disable. - ednsClientSubnet: Use this to improve DNS accuracy for many reasons. Please check RFC7871 for
details.
- policy
auto
: If the client IP is not in the reserved IP network, use the client IP. Otherwise, use the external IP.manual
: Use the external IP if this field is not empty, otherwise use the client IP if it is not one of the reserved IPs.disable
: Disable this feature.
- externalIP: If this field is empty, ECS will be disabled when the inbound IP is not an external IP.
- noCookie: Disable cookie.
- policy
-
onlyPrimaryDNS: Disable dispatcher feature, use primary DNS only.
-
ipv6UseAlternativeDNS: For to redirect IPv6 DNS queries to alternative DNS servers.
-
alternativeDNSConcurrent: Query the primaryDNS and alternativeDNS at the same time.
-
whenPrimaryDNSAnswerNoneUse: If the response of primaryDNS exists and there is no
ANSWER SECTION
in it, the final chosen DNS upstream should be defined here. (There is noAAAA
record for most domains right now) -
*File: Both relative like
./file
or absolute path like/path/to/file
are supported. Especially, for Windows users, please use properly escaped path likeC:\\path\\to\\file.txt
in the configuration. -
domainFile.Matcher: Matching policy and implementation, including "full-list", "full-map", "regex-list", "mix-list", "suffix-tree" and "final". Default value is "full-map".
-
hostsFile.Finder: Finder policy and implementation, including "full-map", "regex-list". Default value is "full-map".
-
domainTTLFile: Regex match only for now;
-
minimumTTL: Set the minimum TTL value (in seconds) in order to improve caching efficiency, use
0
to disable. -
cacheSize: The number of query record to cache, use
0
to disable. -
cacheRedisUrl, cacheRedisConnectionPoolSize: Use redis cache instead of local cache.
-
rejectQType: Reject query with specific DNS record types, check List of DNS record types for details.
Domain file example (full match)
example.com
Domain file example (regex match)
^xxx.xx
IP network file example (CIDR match)
1.0.1.0/24
::1/128
Domain TTL file example (regex match)
example.com$ 100
Hosts file example (full match)
127.0.0.1 localhost
::1 localhost
Hosts file example (regex match)
10.8.0.1 example.com$
DNS servers with ECS support
- DNSPod 119.29.29.29:53
For DNSPod, ECS might only work via udp, you can test it by patched dig to certify this argument by comparing answers.
The accuracy depends on the server side.
$ dig @119.29.29.29 www.qq.com +client=119.29.29.29
; <<>> DiG 9.9.3 <<>> @119.29.29.29 www.qq.com +client=119.29.29.29
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64995
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; CLIENT-SUBNET: 119.29.29.29/32/24
;; QUESTION SECTION:
;www.qq.com. IN A
;; ANSWER SECTION:
www.qq.com. 300 IN A 101.226.103.106
;; Query time: 52 msec
;; SERVER: 119.29.29.29#53(119.29.29.29)
;; WHEN: Wed Mar 08 18:00:52 CST 2017
;; MSG SIZE rcvd: 67
$ dig @119.29.29.29 www.qq.com +client=119.29.29.29 +tcp
; <<>> DiG 9.9.3 <<>> @119.29.29.29 www.qq.com +client=119.29.29.29 +tcp
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58331
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.qq.com. IN A
;; ANSWER SECTION:
www.qq.com. 43 IN A 59.37.96.63
www.qq.com. 43 IN A 14.17.32.211
www.qq.com. 43 IN A 14.17.42.40
;; Query time: 81 msec
;; SERVER: 119.29.29.29#53(119.29.29.29)
;; WHEN: Wed Mar 08 18:01:32 CST 2017
;; MSG SIZE rcvd: 87
Acknowledgements
- dns: BSD-3-Clause
- skydns: MIT
- go-dnsmasq: MIT
- All Contributors
License
This project is under the MIT license. See the LICENSE file for the full license text.