diff --git a/docs/getting-started/external-dns.md b/docs/getting-started/external-dns.md new file mode 100644 index 0000000..ff5adef --- /dev/null +++ b/docs/getting-started/external-dns.md @@ -0,0 +1,91 @@ +# Use External DNS + +> **Note** +> DNS request should be forwarded by dae for domain based traffic split. This guide will show you how to configure dae with external DNS. + +If you use a external DNS like AdguardHome, you could refer to the following guide. + +## External DNS on localhost + +If you set up a external DNS on localhost, you may want to let the DNS queries to dns.google proxied. For example, if you have following configuration in AdguardHome: + +``` +Listen on: the same machine with dae, port 53. + +China mainland: udp://223.5.5.5:53 +Others: https://dns.google/dns-query +``` + +You should configure dae as follows: + +1. Complete `wan_interface` in "global" section to proxy requests of AdguardHome. + +2. Insert following rule as the first line of "routing" section to avoid loops. + + ```python + pname(AdGuardHome) && l4proto(udp) && dport(53) -> must_direct + ``` + + And make sure domain `dns.google` will be proxied in routing rules. + +3. Add upstream and request to section "dns". + + ``` + dns { + upstream { + adguardhome: 'udp://127.0.0.1:53' + } + request { + fallback: adguardhome + } + } + ``` + +4. If you bind to LAN, make sure your DHCP server will distribute dae as the DNS server (DNS request should be forwarded by dae for domain based traffic split). + +## External DNS on another machine in LAN + +If you set up a external DNS on another machine in LAN, you may want to let the DNS queries to dns.google proxied. For example, if you have following configuration in AdguardHome: + +``` +Listen on: 192.168.30.3:53 (mac address: 8c:16:45:36:1c:5a) + +China mainland: udp://223.5.5.5:53 +Others: https://dns.google/dns-query +``` + +You should configure dae as follows: + +1. Fill in `lan_interface` in "global" section to proxy requests of AdguardHome. + +2. Insert following rule as the first line of "routing" section to avoid loops. + + ```python + sip(192.168.30.3) && l4proto(udp) && dport(53) -> must_direct + # Or use MAC address if in the same link: + # mac(8c:16:45:36:1c:5a) && l4proto(udp) && dport(53) -> must_direct + ``` + + And make sure domain `dns.google` will be proxied in routing rules. + +3. Add upstream and request to section "dns". + + ``` + dns { + upstream { + adguardhome: 'udp://192.168.30.3:53' + } + request { + fallback: adguardhome + } + } + ``` + +4. If you bind to LAN, make sure your DHCP server will distribute dae as the DNS server (DNS request should be forwarded by dae for domain based traffic split). + +## + + + ``` + + ``` \ No newline at end of file diff --git a/docs/getting-started/kernel-upgrade.md b/docs/getting-started/kernel-upgrade.md index 1262b14..00500ea 100644 --- a/docs/getting-started/kernel-upgrade.md +++ b/docs/getting-started/kernel-upgrade.md @@ -15,7 +15,7 @@ Upgrading the Linux kernel is not easy; you must do this only if you find securi Before you start upgrading your Linux kernel, you must know the Kernel’s `current version` running inside your host machine. You may do so by `uname -r`. In case of `eBPF`, the minimum required version is `>= 5.8` -Various Linux distributions have different methods to upgrade the Linux kernel. This guide convers ways to upgrade the kernel to a desired version for most `Armbian Linux`, `Debian-based Linux`, `RedHar, Fedora based Linux`, and `Arch-based Linux` distributions. +Various Linux distributions have different methods to upgrade the Linux kernel. This guide convers ways to upgrade the kernel to a desired version for most `Armbian Linux`, `Debian-based Linux`, `RedHat, Fedora based Linux`, and `Arch-based Linux` distributions. > **Note** > Since `dae` is builts with `eBPF`, your host must meet the minimum Kernel version, `>= 5.8` for dae to properly running. diff --git a/example.dae b/example.dae index 767d8b5..c4f7264 100644 --- a/example.dae +++ b/example.dae @@ -122,7 +122,7 @@ routing { # If you bind to WAN and set upstream (in section "dns") to a DNS service in localhost (dnsmasq, adguard, etc.), # to avoid loops, let them "must_direct", which makes DNS requests not redirect back to dae again. # "pname" means process name. - #pname(dnsmasq) && l4proto(udp) && port(53) -> must_direct + #pname(dnsmasq) && l4proto(udp) && dport(53) -> must_direct # Network managers in localhost should be direct to avoid false negative network connectivity check when binding to # WAN.