DNSCrypt is a piece of lightweight software that everyone should use to boost online privacy and security. It works by encrypting all DNS traffic between the user and DNS resolver, preventing any spying, spoofing or man-in-the-middle attacks.
Unbound is a validating, recursive, and caching DNS resolver.
NirCmd is a small command-line utility that allows you to do some useful tasks without displaying any user interface.
解压nircmd.exe到C:\Windows\System32\或其他系统path目录
下载并解压所有配置文件到E:\Program Files\unbound\
启动DNSCrypt
nircmd exec2 hide "E:\Program Files\DNSCrypt\" "E:\Program Files\DNSCrypt\dnscrypt-proxy.exe" --local-address=127.0.0.1:9999 --resolver-name=cisco --resolver-address=208.67.220.220:443 --provider-name=2.dnscrypt-cert.opendns.com --provider-key=B735:1140:206F:225D:3E2B:D822:D7FD:691E:A1C3:3CC8:D666:8D0C:BE04:BFAB:CA43:FB79 --tcp-only --max-active-requests=1024 --plugin libdcplugin_example_logging.dll,dns.log --loglevel=7
启动Unbound
nircmd exec2 hide "E:\Program Files\unbound\" "E:\Program Files\unbound\unbound.exe" -c unbound.conf
可以将上面两条启动命令写入localdns.cmd,放到C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\目录,实现开机自动启动
注:安装目录默认为E:\Program Files\DNSCrypt\和E:\Program Files\unbound\,请根据实际情况修改启动命令和配置文件中的相关目录
使用说明可参考Unbound+DNSCrypt双保险防DNS污染及劫持
常用hosts域名配置在unbound.local-zone.hosts.conf
广告域名和恶意软件域名配置在unbound.local-zone.block.conf
国内域名默认由114.114.114.114和223.5.5.5解析,配置在unbound.forward-zone.China.conf
暗网域名默认由监听在9053端口的TorDNS解析,配置在unbound.forward-zone.Tor.conf,默认不启用
其他域名默认由监听在9999端口的DNSCrypt解析,配置在unbound.forward-zone.Global.conf
常用hosts域名列表参考了https://github.com/racaljk/hosts和https://github.com/lennylxx/ipv6-hosts
广告域名列表取自http://pgl.yoyo.org/adservers/serverlist.php?showintro=0
恶意软件域名列表取自http://www.malware-domains.com/files/immortal_domains.zip
国内域名列表取自dnsmasq-china-list,如果你有其他国内域名需要添加,请直接向dnsmasq-china-list项目反馈
在网络设置里面把DNS服务器设置成127.0.0.1