fork of: https://github.com/lixingcong/dnsmasq-regex
-
Install normal dnsmasq, make sure it works (follow local setup instructions in firewall/dnsmasq-walled-garden/Readme.md)
-
Create a build directory:
./00_TEMP_BUILD_DIR/
make a copy of all files in it. -
Download dnsmasq v2.90 (https://thekelleys.org.uk/dnsmasq/) and extract it into:
./00_TEMP_BUILD_DIR/dnsmasq
-
Done: Edit
./00_TEMP_BUILD_DIR/Makefile
, change:
DNSMASQ_COPTS="-DHAVE_REGEX -DHAVE_REGEX_IPSET"
To:
#DNSMASQ_COPTS="-DHAVE_REGEX -DHAVE_REGEX_IPSET"
DNSMASQ_COPTS="-DHAVE_REGEX"
- We don't want to make the project yet, we want to apply the regex patches only (from repo https://github.com/lixingcong/dnsmasq-regex).
In the same Makefile
, disable building by commenting the two building lines cd dnsmasq && $(MAKE) COPTS=$(DNSMASQ_COPTS)
-
Run
make
inside./00_TEMP_BUILD_DIR/
. This will apply the patches. -
If you compile it now and run it, you will get the error:
Job for dnsmasq.service failed because the control process exited with error code.
See "systemctl status dnsmasq.service" and "journalctl -xeu dnsmasq.service" for details.
journalctl -xeu dnsmasq.service
produces Failed to start dnsmasq - A lightweight DHCP and caching DNS server.
journalctl -f
log shows: dnsmasq: failed to bind DHCP server socket: Permission denied
.
To fix it, you need to enable dbus
.
- Enable dbus: Edit
./00_TEMP_BUILD_DIR/dnsmasq/src/config.h
uncomment the line/* #define HAVE_DBUS */
X - NO LONGER REQUIRED: On ubuntu, you need to sudo apt install nettle-dev
and uncomment /* #define HAVE_DNSSEC */
Update: Uncomment also the following two lines:
#define HAVE_REGEX
#define HAVE_REGEX_IPSET
- Open
./00_TEMP_BUILD_DIR/Makefile
, uncomment the two lines we commented earlier, then comment the following line to disable applying patches (this is becaues the patches won't be applied if theconfig.h
file is modified).
@patch -p 1 -d dnsmasq < $^ && touch $@
-
Run
make
inside./00_TEMP_BUILD_DIR/
. This will build dnsmasq. -
To install it: We don't want to build it again, so edit
./00_TEMP_BUILD_DIR/dnsmasq/Makefile
and change:install : all install-common
To:
#install : all install-common
install : install-common
Then run sudo make install
inside ./00_TEMP_BUILD_DIR/dnsmasq/
- Either: You will need to modify the service path:
sudo vim /usr/lib/systemd/system/dnsmasq.service
from /usr/bin/dnsmasq
to /usr/local/sbin/dnsmasq
then run systemctl daemon-reload
.
Or: type which dnsmasq
, see where it is installed, move it to dnsmasq_old
and replace it by the new one.
-
Run
systemctl restart dnsmasq
Then/usr/local/sbin/dnsmasq --version
You should see it sayingregex
-
To make sure which dnsmasq is running, run
whereis dnsmasq
orwhich dnsmasq
// Solve error on ubuntu:
If running the executable gives libpcre.so.1 is not found
, run sudo apt-cache search pcre
and install needed library (not sure which one, but one of them works)
ldconfig -p | grep libpcre.so.1
sudo find / -name libpcre.so
Lastest version: v2.90
patches:
Inspired by these repos:
Original regex patch for dnsmasq 2.63
Offical dnsmasq:
For Debian/Ubuntu:
# Install the dependencies
sudo apt install -y libpcre3-dev libnftables-dev pkg-config
# Clone the repo
git clone https://github.com/lixingcong/dnsmasq-regex
cd dnsmasq-regex
# update the sub-module 'dnsmasq' to latest version
# only update when a newer version is released
bash ./update_submodule.sh
# build it
make
# Run the binary, check if the compile option contains "regex(+ipset,nftset)"
./dnsmasq/src/dnsmasq --version
Tips: If you do not need the patch of ipset/nftables, just edit the file "Makefile" and build from source again.
Change this line
DNSMASQ_COPTS="-DHAVE_REGEX -DHAVE_REGEX_IPSET"
to
DNSMASQ_COPTS="-DHAVE_REGEX"
You could write regex line starts with ':' and ends with ':'
server=114.114.114.114
server=/google.com/8.8.8.8
server=/:myvpn[0-9]*\.company\.com:/1.1.1.1
server=/:a[0-9]\.yyy\.com:/#
address=/:a[0-9]\.xxx\.com:/127.0.0.1
ipset=/:.*youtube.*:/test
nftset=/:.*\.google.co.*:/ip#dnsmasq-table#google-ipset
The config above will:
- set default upstream server to
114.114.114.114
- match normal domain
google.com
then forward DNS queries to8.8.8.8
- match domain
myvpn[0-9]*\.company\.com
then forward DNS queries to1.1.1.1
- match domain
a[0-9]\.yyy\.com
then forward DNS queries114.114.114.114
normally(default upstream server) - match domain
a[0-9]\.xxx\.com
then return DNS record of localhost(to block ads?) - add
.*youtube.*
query answers to ipsettest
- add
.*\.google.co.*
query answers to nftables set, equivalent tonft add element ip dnsmasq-table google-ipset { 172.217.161.74 }
Here is a example config file: dnsmasq_regex_example.conf
Tips:
-
A simple script to generate domains configurations: my-gfwlist
-
The regex line
[a-z]*gle\.com
will match bothgoogle.com
andgoogle.com.hk
. Use anchor^
and$
to produce a more precise match.
Simon, the author of Dnsmasq, has rewritten the function to shorten the lookup time for queries. I have to rewrite the patch too. So the domain match function was changed.
If you upgrade from older version(2.85 or older), considering modify your config file. Maybe just simply move lines up and down.😉
The regex lines will generate a linkedlist to match(from top to bottom). If the domain matched both regex servers, DNS query will be forwarded the one which appears first.
Consider the config file below, the domain wx.qq.com
will be forwarded to upstream 1.1.1.1
, not 8.8.8.8
server=/:\.qq\.com:/1.1.1.1
server=/:\.qq\.com:/8.8.8.8
If the domain matched normal and regex servers, DNS query will be forwarded to the normal one.
Consider the config file below, the domain wx.qq.com
will be forwarded to upstream 1.1.1.1
, neither 8.8.8.8
nor 1.2.4.8
server=/:w\w?\.qq\.com:/1.2.4.8
server=/qq.com/1.1.1.1
server=/:\.qq\.com:/8.8.8.8
Please check this page: dnsmasq-regex-openwrt