banner
Geek

Geek

🧠在家居士 | 🥦素食者 | 🏃🏻马拉松爱好者 | 📡AI降临派 | 过🪜技术资深学者 | 🤖科技狂 | 📤更新狂🆅 https://www.igeekbb.com/
twitter
github

PassWall+MosDNS diversion settings

Statement: This time it's just my personal experience. Due to not tinkering with DNS for many years, based on my previous experience setting up SmartDNS and learning the basic settings of the MosDNS plugin, I decided to simplify and make it efficient and less prone to errors. I abandoned the complex combination of MosDNS+Adguard Home+PassWall and only used PassWall+MosDNS to achieve fast webpage loading and 4K streaming (powerful ladder). If there are any mistakes or better configurations, everyone is welcome to discuss on Twitter.

Updated on October 6, 2023:

  • MosDNS updated to V5.2.1 [link]
  • Changed domestic DNS servers to HTTPS
  • Changed DNS server concurrency to 2
  • Enabled DNS ad filtering
  • Selected ChinaDNS-NG in PassWall

Cause:

A few days ago, I recommended an OpenWrt firmware on Twitter, which came with a DNS plugin called MosDNS. According to its official Github page, it was first released in November 2020 and has now iterated to v5.2.1. I found that the configuration of this DNS forwarder is much simpler than SmartDNS. Thinking back to the two episodes of "DNS Leakage" by Bu Lianglin ([link1][link2]), I didn't pay much attention to it at that time, thinking that if there is a leakage, so be it. We are just pursuing the ultimate internet speed experience. Now I realize how naive I was. Since we can avoid unnecessary troubles through technology, why not better protect ourselves? So, I will record my setup process below.

MosDNS Settings:

MosDNS Basic Settings - Basic Options:

  • If you want to enable DNS ad filtering, remember to check the last option.

MosDNS Basic Settings - Advanced Options:

  • If you want to enable DNS ad filtering, remember to check the last option.

PassWall Settings:

PassWall DNS:

  • Remote DNS: 127.0.0.1:5335

OpenWrt DHCP Settings:

DHCP/DNS Basic Settings:

  • Check if DNS forwarding is set to 127.0.0.1#5335 (this will automatically change after the above settings, just verify it).

Verification:

After completing the above settings, check for DNS leakage at https://ipleak.net/ and WebRTC leakage at https://browserleaks.com/webrtc. If there are no Chinese DNS servers, then you're basically done. This is just the initial entry-level gameplay. For advanced gameplay and understanding of the principles, you can refer to Bu Lianglin's DNS explanation videos.

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.