举个不十分恰当的例子,把互联网比作城市供水,每个地区自来水厂提供的水质和你所在管网末端位置的不同,有些家庭会明智的选择使用前置净水器,可以解决管道中的二次污染、软化水质、阻止水垢、防止锈蚀、保护净水器,当然还有太阳能和燃气热水器等等,但最终享受干净水的是人。精致的家庭还会使用厨下式厨余垃圾处理器,而落后的家庭甚至都不知道什么是前置净水器、什么是厨余处理器。所以总会有精致的家庭和落后的家庭,知识是永远不对称的存在着。互联网和供水一样,有大带宽和小带宽,有管网污染的问题,有被政府监控和被黑客偷窥的问题,还有烦人的广告问题,无论是视频前和视频中的广告,所以在入户光猫之后的主路由器上安装并使用私人DNS(AdGuard Home),就可以有助于“清洗流量”,虽然那些广告和监控程序不是DDOS的攻击,但一样是不可忽视的。

之前写过一个长文介绍如何自己用AdGuard Home搭建私人DNS

这次,我在主路由的5353端口部署了AdGuard Home,另外,在家里的其他两个路由的53端口也部署了AdGuard Home,然后自定义配置文件 “dnsmasq.conf”

all-servers
dhcp-option=252,”\n”
server=10.1.1.2
server=10.1.1.3
server=127.0.0.1#5353 #AdGuardHome
no-resolv #AdGuardHome
dns-forward-max=1000 #AdGuardHome

按照这样的设置,路由器会同时查询内网的三台AdGuard Home,大大提高稳定性,三台垮一台甚至两台都不影响上网,而且私人DNS服务都在内网,ping值都小于1毫秒,独立硬件,解析速度也有保障,算是榨干所有路由硬件性能了。

另外upstream_dns的设置,如果你想用DNS-over-TLS可以这样,好处是这样做可以避免ISP通过分析你的DNS请求掌握你的上网行为。

  – tls://dns.adguard.com

  – tls://dns.quad9.net

  – tls://1.1.1.1

如果你用的是浙江移动的光纤宽带,常规ipv4,速度快且稳定。

  – 211.140.188.188

  – 211.140.13.188

  – 223.5.5.5

  – 223.6.6.6

如果你想启用ipv6的解析(但是启用后不能过滤视频的广告)

  – 2409:8028:2000::1111

  – 2409:8028:2000::2222

  – 2620:0:ccc::2

  – 2620:0:ccd::2

自定义 AdGuardHome 配置

(适合不外插U盘opt,v.0.98.1版需要把最后那个schema_version:的3改成4)

bind_host: 0.0.0.0
bind_port: 3000
auth_name: maxlay
auth_pass: “821025”
language: zh-cn
rlimit_nofile: 0
dns:
bind_host: 0.0.0.0
port: 53
protection_enabled: true
filtering_enabled: true
blocking_mode: nxdomain
blocked_response_ttl: 10
querylog_enabled: true
ratelimit: 20
ratelimit_whitelist: []
refuse_any: true
bootstrap_dns:

  • 1.1.1.1:53
    all_servers: true
    allowed_clients: []
    disallowed_clients: []
    blocked_hosts: []
    parental_sensitivity: 0
    parental_enabled: false
    safesearch_enabled: false
    safebrowsing_enabled: false
    resolveraddress: “”
    upstream_dns:
  • 211.140.188.188
  • 211.140.13.188
  • 223.5.5.5
  • 223.6.6.6
    tls:
    enabled: false
    server_name: “”
    force_https: false
    port_https: 443
    port_dns_over_tls: 853
    certificate_chain: “”
    private_key: “”
    filters:
  • enabled: true
    url: https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt
    name: AdGuard Simplified Domain Names filter
    id: 1
  • enabled: true
    url: https://adaway.org/hosts.txt
    name: AdAway
    id: 2
  • enabled: true
    url: https://hosts-file.net/ad_servers.txt
    name: hpHosts – Ad and Tracking servers only
    id: 3
  • enabled: true
    url: https://www.malwaredomainlist.com/hostslist/hosts.txt
    name: MalwareDomainList.com Hosts List
    id: 4
  • enabled: true
    url: https://raw.githubusercontent.com/user1121114685/koolproxyR_rule_list/master/kpr_our_rule.txt
    name: kpr_our_rule
    id: 1566751157
  • enabled: true
    url: https://easylist-downloads.adblockplus.org/yt_annoyances_full.txt
    name: ‘Youtube: Pure Video Experience’
    id: 1566751158
  • enabled: true
    url: https://raw.githubusercontent.com/xinggsf/Adblock-Plus-Rule/master/ABP-FX.txt
    name: ABP-FX
    id: 1566751159
  • enabled: true
    url: https://easylist-downloads.adblockplus.org/easylistchina.txt
    name: EasyList China
    id: 1566751160
  • enabled: true
    url: https://raw.githubusercontent.com/Zereao/AD_Rules/master/ChinaList%2BEasyList(%E4%BF%AE%E6%AD%A3).txt
    name: ChinaList+EasyList(修正)
    id: 1566751161
  • enabled: false
    url: https://raw.githubusercontent.com/hl2guide/All-in-One-Customized-Adblock-List/master/deanoman-adblocklist.txt
    name: “\U0001F60D All-in-One Customized Adblock List 2.7”
    id: 1566752994
  • enabled: true
    url: https://raw.githubusercontent.com/vokins/yhosts/master/hosts.txt
    name: vokins
    id: 1566752995
  • enabled: true
    url: https://raw.githubusercontent.com/jdlingyu/ad-wars/master/hosts
    name: jdlingyu
    id: 1566752996
  • enabled: true
    url: https://hosts.nfz.moe/full/hosts
    name: nfz
    id: 1566752997
    user_rules:
  • “”
    dhcp:
    enabled: false
    interface_name: “”
    gateway_ip: “”
    subnet_mask: “”
    range_start: “”
    range_end: “”
    lease_duration: 86400
    icmp_timeout_msec: 1000
    clients: []
    log_file: “”
    verbose: false
    schema_version: 3