e39ec7fc05
* refactor(/docs): rework documentation structure layout * refactor(/docs): update file reference paths * feat(/docs): add English version of other-proxy-protocol.md * refacotr: move docs/templates/ docs/sync/ to hack/ * fix(example.dae|readme): update ref link to adopt new file structure * refactor: rename other-proxy-protocol.md -> proxy-protocols.md * docs(readme): add ref to proxy-protocols.md * feat(/docs): add English version of how-it-works.md * refactor: rename how-it-works; add nav links * fix: fix linting errors * fix: fix linting errors --------- Co-authored-by: earrmouth <43926351+earrmouth@users.noreply.github.com>
3.7 KiB
Use External DNS
Note
DNS request should be forwarded by dae for domain based traffic split. This guide will show you how to configure dae with external DNS.
If you use a external DNS like AdguardHome, you could refer to the following guide.
External DNS on localhost
If you set up an external DNS on localhost, you may want to let the DNS queries to dns.google.com proxied. For example, if you have the following configuration in AdguardHome:
Listen on: the same machine with dae, port 53.
China mainland: udp://223.5.5.5:53
Others: https://dns.google.com/dns-query
You should configure dae as follows:
-
Complete
wan_interfacein "global" section to proxy requests of AdguardHome. -
Insert following rule as the first line of "routing" section to avoid loops.
pname(AdGuardHome) && l4proto(udp) && dport(53) -> must_directAnd make sure domain
dns.google.comwill be proxied in routing rules. -
Add upstream and request to section "dns".
dns { upstream { adguardhome: 'udp://127.0.0.1:53' } routing { request { fallback: adguardhome } } } -
If you bind to WAN, make sure your
/etc/resolv.confdoes NOT use your local external DNS directly. For example, you can set it asnameserver 119.29.29.29, and then DNS traffic will be hijacked by dae when the packets are sent through NIC. Most of the time,/etc/resolv.confwill be modified back by your DNS service like dnsmasq after rebooting, which is hard to deal with. We recommended you to uninstall them or givesudo chattr +i /etc/resolv.confif you encounter such situation. -
If you bind to LAN, make sure your DHCP server will distribute dae as the DNS server (DNS request should be forwarded by dae for domain based traffic split).
-
If there is still a DNS issue and there are no warn/error logs, you have to change your listening port of external DNS (here is AdGuardHome) from 53 to non-53 port. See #31.
-
If you use PVE, refer to #37.
External DNS on another machine in LAN
If you set up a external DNS on another machine in LAN, you may want to let the DNS queries to dns.google.com proxied. For example, if you have following configuration in AdguardHome:
Listen on: 192.168.30.3:53 (mac address: 8c:16:45:36:1c:5a)
China mainland: udp://223.5.5.5:53
Others: https://dns.google.com/dns-query
You should configure dae as follows:
-
Fill in
lan_interfacein "global" section to proxy requests of AdguardHome. -
Insert following rule as the first line of "routing" section to avoid loops.
sip(192.168.30.3) && l4proto(udp) && dport(53) -> must_direct # Or use MAC address if in the same link: # mac(8c:16:45:36:1c:5a) && l4proto(udp) && dport(53) -> must_directAnd make sure domain
dns.google.comwill be proxied in routing rules. -
Add upstream and request to section "dns".
dns { upstream { adguardhome: 'udp://192.168.30.3:53' } routing { request { fallback: adguardhome } } } -
If you bind to LAN, make sure your DHCP server will distribute dae as the DNS server (DNS request should be forwarded by dae for domain based traffic split).
-
If there is still a DNS issue and there are no warn/error logs, you have to change your listening port of external DNS (here is AdGuardHome) from 53 to non-53 port. See #31.
-
If you use PVE, refer to #37.