Rozdíly
Zde můžete vidět rozdíly mezi vybranou verzí a aktuální verzí dané stránky.
Obě strany předchozí revize Předchozí verze Následující verze | Předchozí verze | ||
turris:kresd-filter-aaaa-for-netflix [01.01.2018 15:19] vm |
turris:kresd-filter-aaaa-for-netflix [09.06.2023 21:10] vm |
||
---|---|---|---|
Řádek 6: | Řádek 6: | ||
===== Set up BIND9 ===== | ===== Set up BIND9 ===== | ||
Install the server | Install the server | ||
- | opkg install bind-server | + | opkg install bind-rndc bind-server bind-server-filter-aaaa |
Replace ''/etc/bind/named.conf'' with this minimal configuration that filters AAAA: | Replace ''/etc/bind/named.conf'' with this minimal configuration that filters AAAA: | ||
<code - /etc/bind/named.conf> | <code - /etc/bind/named.conf> | ||
+ | plugin query "/usr/lib/bind/filter-aaaa.so" { | ||
+ | filter-aaaa-on-v4 yes; | ||
+ | filter-aaaa-on-v6 yes; | ||
+ | }; | ||
+ | |||
options { | options { | ||
directory "/tmp"; | directory "/tmp"; | ||
forwarders { | forwarders { | ||
- | 8.8.8.8; | + | 127.0.0.1; |
- | 8.8.4.4; | + | |
}; | }; | ||
forward only; | forward only; | ||
- | |||
- | dnssec-enable yes; | ||
auth-nxdomain no; | auth-nxdomain no; | ||
Řádek 25: | Řádek 27: | ||
listen-on port 2053 { 127.0.0.1; }; | listen-on port 2053 { 127.0.0.1; }; | ||
listen-on-v6 port 2053 { ::1; }; | listen-on-v6 port 2053 { ::1; }; | ||
- | filter-aaaa-on-v4 yes; | + | |
allow-query { any; }; // If running a on a public IP | allow-query { any; }; // If running a on a public IP | ||
allow-recursion { any; }; // If running a on a public IP | allow-recursion { any; }; // If running a on a public IP | ||
allow-query-cache { any; }; // If running a on a public IP | allow-query-cache { any; }; // If running a on a public IP | ||
}; | }; | ||
+ | </code> | ||
Enable BIND9 at boot | Enable BIND9 at boot | ||
Řádek 46: | Řádek 49: | ||
local netflix_rule = policy.add(policy.suffix(policy.FORWARD('127.0.0.1@2053'), policy.todnames({'netflix.com'}))) | local netflix_rule = policy.add(policy.suffix(policy.FORWARD('127.0.0.1@2053'), policy.todnames({'netflix.com'}))) | ||
policy.del(netflix_rule.id) | policy.del(netflix_rule.id) | ||
- | table.insert(policy.rules, 1, netflix_rule) | + | table.insert(policy. Rules, 1, netflix_rule) |
</code> | </code> | ||
Řádek 79: | Řádek 82: | ||
- https://www.ploek.org/post/netflix_openwrt/ | - https://www.ploek.org/post/netflix_openwrt/ | ||
- https://gist.github.com/jamesmacwhite/6a642cb6bad00c5cefa91ec3d742e2a6 | - https://gist.github.com/jamesmacwhite/6a642cb6bad00c5cefa91ec3d742e2a6 | ||
+ | - https://openwrt.org/docs/guide-user/services/dns/bind-server-filter-aaaa | ||
turris/kresd-filter-aaaa-for-netflix.txt · Poslední úprava: 09.06.2023 21:10 autor: vm