DNSCrypt is a piece of lightweight software that everyone should use to boost online privacy and security. It works by encrypting all DNS traffic between the user and DNS resolver, preventing any spying, spoofing or man-in-the-middle attacks.
Unbound is a validating, recursive, and caching DNS resolver.
NirCmd is a small command-line utility that allows you to do some useful tasks without displaying any user interface.
-
下载 DNSCrypt 32-bit或DNSCrypt 64-bit、Unbound、NirCmd 32-bit或NirCmd 64-bit
-
解压
dnscrypt-proxy-win32-full-1.7.0.zip或dnscrypt-proxy-win64-full-1.7.0.zip到E:\Program Files\DNSCrypt\;解压unbound-1.5.7.zip到E:\Program Files\unbound\;解压nircmd.zip或nircmd-x64.zip到C:\Windows\System32\ -
下载配置文件并解压到
E:\Program Files\unbound\ -
根据实际情况修改localdns.cmd和配置文件中的相关目录
-
运行localdns.cmd启动DNSCrypt和Unbound
-
在网络设置里面把DNS服务器设置成127.0.0.1
-
将localdns.cmd放到
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\目录,开机自动启动
常用hosts域名配置在unbound.local-zone.hosts.conf;广告域名和恶意软件域名配置在unbound.local-zone.block.conf。配置说明可参考Unbound+DNSCrypt双保险防DNS污染及劫持
国内域名默认由114.114.114.114和223.5.5.5解析,配置在unbound.forward-zone.China.conf;其他域名默认由监听在9999端口的DNSCrypt解析
修改unbound配置文件后,请先检查有没有错误配置,再重启unbound并刷新DNS解析缓存
cd /d "E:\Program Files\unbound\"
unbound-checkconf unbound.conf
unbound-control -c unbound.conf reload
ipconfig /flushdns
-
hosts域名列表取自https://github.com/racaljk/hosts
-
广告域名列表取自http://pgl.yoyo.org/adservers/serverlist.php?showintro=0
-
恶意软件域名列表取自http://www.malware-domains.com/files/immortal_domains.zip
-
国内域名列表取自dnsmasq-china-list,如果你有其他国内域名需要添加,请直接向
dnsmasq-china-list项目反馈