Inicio Explorar Ayuda
Iniciar sesión
OpenWrt
/
smartdns
espejo de https://github.com/pymumu/smartdns.git
2
0
Fork 0
Archivos Incidencias 0 Wiki
Rama: doc
Ramas Etiquetas
smartdns
/
en
/
docs
/
config
/
server-config.md

server-config.md 4.0 KB
Permalink Histórico Raw

hide:

  • toc ---

Server Configuration

Currently, smartdns provides four server modes: UDP, TCP, DOH, and DOT.

UDP Server

  1. Configure with the bind parameter. For example:

    bind 0.0.0.0:53@eth0
bind [::]:53@eth0
bind :53@eth0

    Options:

    • @eth0 indicates that it only provides services on the corresponding NIC.
    • [::]:53 indicates that it listens to both IPV6 and IPV4 addresses.
    • :53 represents listening to IPV4 addresses.

TCP Server

  1. Configure with the bind-tcp parameter. For example:

    bind-tcp 0.0.0.0:53@eth0
bind-tcp [::]:53@eth0
bind-tcp :53@eth0

  2. Optional, the tcp-idle-time parameter controls the TCP idle disconnect time.

    tcp-idle-time 120

DOT, DOH Server

  1. Configure with the bind-tls, bind-https parameter. For example:

    # DOT server
bind-tls 0.0.0.0:853@eth0
bind-tls [::]:853@eth0
bind-tls :853@eth0

# DOH server
bind-https 0.0.0.0:443@eth0
bind-https [::]:443@eth0
bind-https :443@eth0

  2. Set certificate and key files

    bind-cert-file smartdns-cert.pem
bind-cert-key-file smartdns-key.pem
bind-cert-key-pass pass

    Options:

    • bind-cert-file: Specifies the certificate file path.
    • bind-cert-key-file: Specifies the certificate key file path.
    • bind-cert-key-pass: Specifies the password for the certificate key file. (Optional)

    Note:

    If the above three parameters are not specified, smartdns will automatically generate a certificate chain in the same directory as the smartdns.conf configuration file. Clients can manually add the root certificate to the trusted certificate authority to use DOT and DOH services. The files are as follows:

    File|Function|Validity|Description --|--|--|-- smartdns-root-key.pem|Root certificate private key|10 years|Automatically generated root certificate private key, used to sign the server certificate and added to the trusted root certificate authority on the client machine. smartdns-key.pem|Server certificate private key|13 months|Automatically generated server certificate private key, used for DOH, DOT, and WebUI HTTPS encryption on the server. smartdns-cert.pem|Server certificate|13 months|Automatically generated server certificate, signed using smartdns-root-key.pem. The SAN is automatically set to the host IP, hostname, and the domain name set by ddns-domain.

    If the server certificate expires after 13 months, restarting the smartdns server will automatically regenerate the server certificate.

  3. Optional, the tcp-idle-time parameter controls the TCP idle disconnect time.

    tcp-idle-time 120

Second DNS Server

In addition to supporting basic service, the bind-* parameter also supports more additional features, which can be used as a special second DNS server for specific needs. The corresponding functions that can be enabled are:

  1. Configuration example:

    bind :53 -no-rule-addr -no-speed-check -no-cache

  2. Parameter introduction:

| Parameter | Function | | --------- | ---------------------------------------- | | -group | Set the corresponding upstream server group | | -no-rule-addr | Skip address rules | | -no-rule-nameserver | Skip Nameserver rules | | -no-rule-ipset | Skip ipset and nftset rules | | -no-rule-soa | Skip SOA(#) rules | | -no-dualstack-selection | Disable dual-stack speed test | | -no-speed-check | Disable speed test | | -no-cache | Stop caching | | -force-aaaa-soa | Disable IPV6 queries | | -no-ip-alias |Ignore IP alias rules| | -ipset [ipsetname] |Put the corresponding request result into the specified ipset| | -nftset [nftsetname] |Put the corresponding request result into the specified nftset|