用 Mangle 做 DNS 劫持

 

#ros
add action=mark-routing chain=prerouting dst-port=53 in-interface=vlan2000 new-routing-mark=dns-mark passthrough=yes protocol=udp

IP -> Route -> Add 0.0.0.0/0, gateway=DNS_IP, table=dns-mark

# server
 ip rule add fwmark 1 lookup 100 
 ip route add local 0.0.0.0/0 dev lo table 100 
iptables -t mangle -A PREROUTING -p udp -m udp --dport 53 -j MARK --set-xmark 0x1/0xffffffff

unbound.conf:
    interface: 0.0.0.0
    interface-automatic: yes
    ip-transparent: yes

sysctl.conf:
net.ipv4.ip_nonlocal_bind = 1

 

 

发表评论

电子邮件地址不会被公开。 必填项已用*标注