阿里 AliDNS
国内 anycast 部署,速度稳定,家用首选
IPv4
IPv6
DoH
DoT
9 个主流公共 DNS 服务的完整数据:国内 4 家(阿里 / DNSPod / 114 / 百度)+ 国际 5 家(Cloudflare / Google / Quad9 / OpenDNS / AdGuard)。 上方点 IPv4 / IPv6 / DoH / DoT 任一格即可复制;下方 「OS 配置生成器」选系统 + 选 provider,自动生成 macOS / Windows / Linux / iOS / Android / OpenWrt / Docker / 浏览器 DoH 的配置命令。
用 networksetup 命令直接改当前网络服务的 DNS。
推荐用 PowerShell(管理员);老系统可走 netsh。
Ubuntu 18.04+ / Debian 10+ / Fedora 等默认走 systemd-resolved。
传统方式。注意 NetworkManager / DHCP 客户端可能覆盖此文件。
Wi-Fi 可手动配置;蜂窝网络需通过描述文件(mobileconfig)配 DoH/DoT。
Android 9+ 系统级私人 DNS(仅 DoT);Wi-Fi 静态 DNS 仅当前网络生效。
改一次全家所有设备生效;通过 dnsmasq 转发或 DHCP 下发。
全局守护进程层 vs 单容器层;优先全局,避免每次 run 加参数。
浏览器单独走 DoH,绕过系统 DNS(系统层抓包看不到 DNS 明文)。
networksetup -setdnsservers Wi-Fi 223.5.5.5 223.6.6.6
# 有线(如已启用):networksetup -setdnsservers Ethernet 223.5.5.5 223.6.6.6networksetup -setdnsservers Wi-Fi 223.5.5.5 223.6.6.6 2400:3200::1 2400:3200:baba::1scutil --dns | grep nameserver
networksetup -getdnsservers Wi-Fisudo dscacheutil -flushcache && sudo killall -HUP mDNSRespondernetworksetup -setdnsservers Wi-Fi emptynetworksetup -setdnsservers Wi-Fi 119.29.29.29 119.28.28.28
# 有线(如已启用):networksetup -setdnsservers Ethernet 119.29.29.29 119.28.28.28networksetup -setdnsservers Wi-Fi 119.29.29.29 119.28.28.28 2402:4e00:: 2402:4e00:1::scutil --dns | grep nameserver
networksetup -getdnsservers Wi-Fisudo dscacheutil -flushcache && sudo killall -HUP mDNSRespondernetworksetup -setdnsservers Wi-Fi emptynetworksetup -setdnsservers Wi-Fi 114.114.114.114 114.114.115.115
# 有线(如已启用):networksetup -setdnsservers Ethernet 114.114.114.114 114.114.115.115scutil --dns | grep nameserver
networksetup -getdnsservers Wi-Fisudo dscacheutil -flushcache && sudo killall -HUP mDNSRespondernetworksetup -setdnsservers Wi-Fi emptynetworksetup -setdnsservers Wi-Fi 180.76.76.76scutil --dns | grep nameserver
networksetup -getdnsservers Wi-Fisudo dscacheutil -flushcache && sudo killall -HUP mDNSRespondernetworksetup -setdnsservers Wi-Fi emptynetworksetup -setdnsservers Wi-Fi 1.1.1.1 1.0.0.1
# 有线(如已启用):networksetup -setdnsservers Ethernet 1.1.1.1 1.0.0.1networksetup -setdnsservers Wi-Fi 1.1.1.1 1.0.0.1 2606:4700:4700::1111 2606:4700:4700::1001scutil --dns | grep nameserver
networksetup -getdnsservers Wi-Fisudo dscacheutil -flushcache && sudo killall -HUP mDNSRespondernetworksetup -setdnsservers Wi-Fi emptynetworksetup -setdnsservers Wi-Fi 8.8.8.8 8.8.4.4
# 有线(如已启用):networksetup -setdnsservers Ethernet 8.8.8.8 8.8.4.4networksetup -setdnsservers Wi-Fi 8.8.8.8 8.8.4.4 2001:4860:4860::8888 2001:4860:4860::8844scutil --dns | grep nameserver
networksetup -getdnsservers Wi-Fisudo dscacheutil -flushcache && sudo killall -HUP mDNSRespondernetworksetup -setdnsservers Wi-Fi emptynetworksetup -setdnsservers Wi-Fi 9.9.9.9 149.112.112.112
# 有线(如已启用):networksetup -setdnsservers Ethernet 9.9.9.9 149.112.112.112networksetup -setdnsservers Wi-Fi 9.9.9.9 149.112.112.112 2620:fe::fe 2620:fe::9scutil --dns | grep nameserver
networksetup -getdnsservers Wi-Fisudo dscacheutil -flushcache && sudo killall -HUP mDNSRespondernetworksetup -setdnsservers Wi-Fi emptynetworksetup -setdnsservers Wi-Fi 208.67.222.222 208.67.220.220
# 有线(如已启用):networksetup -setdnsservers Ethernet 208.67.222.222 208.67.220.220networksetup -setdnsservers Wi-Fi 208.67.222.222 208.67.220.220 2620:119:35::35 2620:119:53::53scutil --dns | grep nameserver
networksetup -getdnsservers Wi-Fisudo dscacheutil -flushcache && sudo killall -HUP mDNSRespondernetworksetup -setdnsservers Wi-Fi emptynetworksetup -setdnsservers Wi-Fi 94.140.14.14 94.140.15.15
# 有线(如已启用):networksetup -setdnsservers Ethernet 94.140.14.14 94.140.15.15networksetup -setdnsservers Wi-Fi 94.140.14.14 94.140.15.15 2a10:50c0::ad1:ff 2a10:50c0::ad2:ffscutil --dns | grep nameserver
networksetup -getdnsservers Wi-Fisudo dscacheutil -flushcache && sudo killall -HUP mDNSRespondernetworksetup -setdnsservers Wi-Fi emptySet-DnsClientServerAddress -InterfaceAlias "以太网" -ServerAddresses ("223.5.5.5", "223.6.6.6")
# Wi-Fi 一般叫 "WLAN",无线网卡名以 Get-NetAdapter 实际显示为准Set-DnsClientServerAddress -InterfaceAlias "以太网" -ServerAddresses ("223.5.5.5", "223.6.6.6", "2400:3200::1", "2400:3200:baba::1")netsh interface ipv4 set dnsservers "以太网" static 223.5.5.5 primary
netsh interface ipv4 add dnsservers "以太网" 223.6.6.6 index=2Get-DnsClientServerAddress
ipconfig /all | findstr DNSipconfig /flushdnsSet-DnsClientServerAddress -InterfaceAlias "以太网" -ResetServerAddressesSet-DnsClientServerAddress -InterfaceAlias "以太网" -ServerAddresses ("119.29.29.29", "119.28.28.28")
# Wi-Fi 一般叫 "WLAN",无线网卡名以 Get-NetAdapter 实际显示为准Set-DnsClientServerAddress -InterfaceAlias "以太网" -ServerAddresses ("119.29.29.29", "119.28.28.28", "2402:4e00::", "2402:4e00:1::")netsh interface ipv4 set dnsservers "以太网" static 119.29.29.29 primary
netsh interface ipv4 add dnsservers "以太网" 119.28.28.28 index=2Get-DnsClientServerAddress
ipconfig /all | findstr DNSipconfig /flushdnsSet-DnsClientServerAddress -InterfaceAlias "以太网" -ResetServerAddressesSet-DnsClientServerAddress -InterfaceAlias "以太网" -ServerAddresses ("114.114.114.114", "114.114.115.115")
# Wi-Fi 一般叫 "WLAN",无线网卡名以 Get-NetAdapter 实际显示为准netsh interface ipv4 set dnsservers "以太网" static 114.114.114.114 primary
netsh interface ipv4 add dnsservers "以太网" 114.114.115.115 index=2Get-DnsClientServerAddress
ipconfig /all | findstr DNSipconfig /flushdnsSet-DnsClientServerAddress -InterfaceAlias "以太网" -ResetServerAddressesGet-DnsClientServerAddress
ipconfig /all | findstr DNSipconfig /flushdnsSet-DnsClientServerAddress -InterfaceAlias "以太网" -ResetServerAddressesSet-DnsClientServerAddress -InterfaceAlias "以太网" -ServerAddresses ("1.1.1.1", "1.0.0.1")
# Wi-Fi 一般叫 "WLAN",无线网卡名以 Get-NetAdapter 实际显示为准Set-DnsClientServerAddress -InterfaceAlias "以太网" -ServerAddresses ("1.1.1.1", "1.0.0.1", "2606:4700:4700::1111", "2606:4700:4700::1001")netsh interface ipv4 set dnsservers "以太网" static 1.1.1.1 primary
netsh interface ipv4 add dnsservers "以太网" 1.0.0.1 index=2Get-DnsClientServerAddress
ipconfig /all | findstr DNSipconfig /flushdnsSet-DnsClientServerAddress -InterfaceAlias "以太网" -ResetServerAddressesSet-DnsClientServerAddress -InterfaceAlias "以太网" -ServerAddresses ("8.8.8.8", "8.8.4.4")
# Wi-Fi 一般叫 "WLAN",无线网卡名以 Get-NetAdapter 实际显示为准Set-DnsClientServerAddress -InterfaceAlias "以太网" -ServerAddresses ("8.8.8.8", "8.8.4.4", "2001:4860:4860::8888", "2001:4860:4860::8844")netsh interface ipv4 set dnsservers "以太网" static 8.8.8.8 primary
netsh interface ipv4 add dnsservers "以太网" 8.8.4.4 index=2Get-DnsClientServerAddress
ipconfig /all | findstr DNSipconfig /flushdnsSet-DnsClientServerAddress -InterfaceAlias "以太网" -ResetServerAddressesSet-DnsClientServerAddress -InterfaceAlias "以太网" -ServerAddresses ("9.9.9.9", "149.112.112.112")
# Wi-Fi 一般叫 "WLAN",无线网卡名以 Get-NetAdapter 实际显示为准Set-DnsClientServerAddress -InterfaceAlias "以太网" -ServerAddresses ("9.9.9.9", "149.112.112.112", "2620:fe::fe", "2620:fe::9")netsh interface ipv4 set dnsservers "以太网" static 9.9.9.9 primary
netsh interface ipv4 add dnsservers "以太网" 149.112.112.112 index=2Get-DnsClientServerAddress
ipconfig /all | findstr DNSipconfig /flushdnsSet-DnsClientServerAddress -InterfaceAlias "以太网" -ResetServerAddressesSet-DnsClientServerAddress -InterfaceAlias "以太网" -ServerAddresses ("208.67.222.222", "208.67.220.220")
# Wi-Fi 一般叫 "WLAN",无线网卡名以 Get-NetAdapter 实际显示为准Set-DnsClientServerAddress -InterfaceAlias "以太网" -ServerAddresses ("208.67.222.222", "208.67.220.220", "2620:119:35::35", "2620:119:53::53")netsh interface ipv4 set dnsservers "以太网" static 208.67.222.222 primary
netsh interface ipv4 add dnsservers "以太网" 208.67.220.220 index=2Get-DnsClientServerAddress
ipconfig /all | findstr DNSipconfig /flushdnsSet-DnsClientServerAddress -InterfaceAlias "以太网" -ResetServerAddressesSet-DnsClientServerAddress -InterfaceAlias "以太网" -ServerAddresses ("94.140.14.14", "94.140.15.15")
# Wi-Fi 一般叫 "WLAN",无线网卡名以 Get-NetAdapter 实际显示为准Set-DnsClientServerAddress -InterfaceAlias "以太网" -ServerAddresses ("94.140.14.14", "94.140.15.15", "2a10:50c0::ad1:ff", "2a10:50c0::ad2:ff")netsh interface ipv4 set dnsservers "以太网" static 94.140.14.14 primary
netsh interface ipv4 add dnsservers "以太网" 94.140.15.15 index=2Get-DnsClientServerAddress
ipconfig /all | findstr DNSipconfig /flushdnsSet-DnsClientServerAddress -InterfaceAlias "以太网" -ResetServerAddresses[Resolve]
DNS=223.5.5.5 223.6.6.6 2400:3200::1 2400:3200:baba::1
FallbackDNS=
DNSOverTLS=opportunisticsudo systemctl restart systemd-resolved
resolvectl status | head -20resolvectl query example.com
dig @223.5.5.5 example.com +short[Resolve]
DNS=119.29.29.29 119.28.28.28 2402:4e00:: 2402:4e00:1::
FallbackDNS=
DNSOverTLS=opportunisticsudo systemctl restart systemd-resolved
resolvectl status | head -20resolvectl query example.com
dig @119.29.29.29 example.com +short[Resolve]
DNS=114.114.114.114 114.114.115.115
FallbackDNS=
DNSOverTLS=opportunisticsudo systemctl restart systemd-resolved
resolvectl status | head -20resolvectl query example.com
dig @114.114.114.114 example.com +short[Resolve]
DNS=180.76.76.76 2400:da00::6666
FallbackDNS=
DNSOverTLS=opportunisticsudo systemctl restart systemd-resolved
resolvectl status | head -20resolvectl query example.com
dig @180.76.76.76 example.com +short[Resolve]
DNS=1.1.1.1 1.0.0.1 2606:4700:4700::1111 2606:4700:4700::1001
FallbackDNS=
DNSOverTLS=opportunisticsudo systemctl restart systemd-resolved
resolvectl status | head -20resolvectl query example.com
dig @1.1.1.1 example.com +short[Resolve]
DNS=8.8.8.8 8.8.4.4 2001:4860:4860::8888 2001:4860:4860::8844
FallbackDNS=
DNSOverTLS=opportunisticsudo systemctl restart systemd-resolved
resolvectl status | head -20resolvectl query example.com
dig @8.8.8.8 example.com +short[Resolve]
DNS=9.9.9.9 149.112.112.112 2620:fe::fe 2620:fe::9
FallbackDNS=
DNSOverTLS=opportunisticsudo systemctl restart systemd-resolved
resolvectl status | head -20resolvectl query example.com
dig @9.9.9.9 example.com +short[Resolve]
DNS=208.67.222.222 208.67.220.220 2620:119:35::35 2620:119:53::53
FallbackDNS=
DNSOverTLS=opportunisticsudo systemctl restart systemd-resolved
resolvectl status | head -20resolvectl query example.com
dig @208.67.222.222 example.com +short[Resolve]
DNS=94.140.14.14 94.140.15.15 2a10:50c0::ad1:ff 2a10:50c0::ad2:ff
FallbackDNS=
DNSOverTLS=opportunisticsudo systemctl restart systemd-resolved
resolvectl status | head -20resolvectl query example.com
dig @94.140.14.14 example.com +shortnameserver 223.5.5.5
nameserver 223.6.6.6
nameserver 2400:3200::1
nameserver 2400:3200:baba::1sudo chattr +i /etc/resolv.conf
# 解锁:sudo chattr -i /etc/resolv.confdig example.com +short
dig @223.5.5.5 example.com +shortnameserver 119.29.29.29
nameserver 119.28.28.28
nameserver 2402:4e00::
nameserver 2402:4e00:1::sudo chattr +i /etc/resolv.conf
# 解锁:sudo chattr -i /etc/resolv.confdig example.com +short
dig @119.29.29.29 example.com +shortnameserver 114.114.114.114
nameserver 114.114.115.115
nameserver
nameserver sudo chattr +i /etc/resolv.conf
# 解锁:sudo chattr -i /etc/resolv.confdig example.com +short
dig @114.114.114.114 example.com +shortnameserver 180.76.76.76
nameserver
nameserver 2400:da00::6666
nameserver sudo chattr +i /etc/resolv.conf
# 解锁:sudo chattr -i /etc/resolv.confdig example.com +short
dig @180.76.76.76 example.com +shortnameserver 1.1.1.1
nameserver 1.0.0.1
nameserver 2606:4700:4700::1111
nameserver 2606:4700:4700::1001sudo chattr +i /etc/resolv.conf
# 解锁:sudo chattr -i /etc/resolv.confdig example.com +short
dig @1.1.1.1 example.com +shortnameserver 8.8.8.8
nameserver 8.8.4.4
nameserver 2001:4860:4860::8888
nameserver 2001:4860:4860::8844sudo chattr +i /etc/resolv.conf
# 解锁:sudo chattr -i /etc/resolv.confdig example.com +short
dig @8.8.8.8 example.com +shortnameserver 9.9.9.9
nameserver 149.112.112.112
nameserver 2620:fe::fe
nameserver 2620:fe::9sudo chattr +i /etc/resolv.conf
# 解锁:sudo chattr -i /etc/resolv.confdig example.com +short
dig @9.9.9.9 example.com +shortnameserver 208.67.222.222
nameserver 208.67.220.220
nameserver 2620:119:35::35
nameserver 2620:119:53::53sudo chattr +i /etc/resolv.conf
# 解锁:sudo chattr -i /etc/resolv.confdig example.com +short
dig @208.67.222.222 example.com +shortnameserver 94.140.14.14
nameserver 94.140.15.15
nameserver 2a10:50c0::ad1:ff
nameserver 2a10:50c0::ad2:ffsudo chattr +i /etc/resolv.conf
# 解锁:sudo chattr -i /etc/resolv.confdig example.com +short
dig @94.140.14.14 example.com +short设置 → Wi-Fi → 当前网络(i) → 配置 DNS → 手动 → 添加服务器:
223.5.5.5
223.6.6.6
2400:3200::1
2400:3200:baba::1
→ 移除原有的 DHCP 下发条目 → 存储iOS 不能直接输 DoT 主机名,需安装 .mobileconfig 描述文件:
服务器:dns.alidns.com
推荐访问 dns.dns.alidns.com 或 provider 文档下载,安装后 设置 → 通用 → VPN 与设备管理 → 启用设置 → Wi-Fi → 当前网络(i) → 配置 DNS → 手动 → 添加服务器:
119.29.29.29
119.28.28.28
2402:4e00::
2402:4e00:1::
→ 移除原有的 DHCP 下发条目 → 存储iOS 不能直接输 DoT 主机名,需安装 .mobileconfig 描述文件:
服务器:dot.pub
推荐访问 dns.dot.pub 或 provider 文档下载,安装后 设置 → 通用 → VPN 与设备管理 → 启用设置 → Wi-Fi → 当前网络(i) → 配置 DNS → 手动 → 添加服务器:
114.114.114.114
114.114.115.115
→ 移除原有的 DHCP 下发条目 → 存储设置 → Wi-Fi → 当前网络(i) → 配置 DNS → 手动 → 添加服务器:
180.76.76.76
2400:da00::6666
→ 移除原有的 DHCP 下发条目 → 存储设置 → Wi-Fi → 当前网络(i) → 配置 DNS → 手动 → 添加服务器:
1.1.1.1
1.0.0.1
2606:4700:4700::1111
2606:4700:4700::1001
→ 移除原有的 DHCP 下发条目 → 存储iOS 不能直接输 DoT 主机名,需安装 .mobileconfig 描述文件:
服务器:one.one.one.one
推荐访问 dns.one.one.one.one 或 provider 文档下载,安装后 设置 → 通用 → VPN 与设备管理 → 启用设置 → Wi-Fi → 当前网络(i) → 配置 DNS → 手动 → 添加服务器:
8.8.8.8
8.8.4.4
2001:4860:4860::8888
2001:4860:4860::8844
→ 移除原有的 DHCP 下发条目 → 存储iOS 不能直接输 DoT 主机名,需安装 .mobileconfig 描述文件:
服务器:dns.google
推荐访问 dns.dns.google 或 provider 文档下载,安装后 设置 → 通用 → VPN 与设备管理 → 启用设置 → Wi-Fi → 当前网络(i) → 配置 DNS → 手动 → 添加服务器:
9.9.9.9
149.112.112.112
2620:fe::fe
2620:fe::9
→ 移除原有的 DHCP 下发条目 → 存储iOS 不能直接输 DoT 主机名,需安装 .mobileconfig 描述文件:
服务器:dns.quad9.net
推荐访问 dns.dns.quad9.net 或 provider 文档下载,安装后 设置 → 通用 → VPN 与设备管理 → 启用设置 → Wi-Fi → 当前网络(i) → 配置 DNS → 手动 → 添加服务器:
208.67.222.222
208.67.220.220
2620:119:35::35
2620:119:53::53
→ 移除原有的 DHCP 下发条目 → 存储设置 → Wi-Fi → 当前网络(i) → 配置 DNS → 手动 → 添加服务器:
94.140.14.14
94.140.15.15
2a10:50c0::ad1:ff
2a10:50c0::ad2:ff
→ 移除原有的 DHCP 下发条目 → 存储iOS 不能直接输 DoT 主机名,需安装 .mobileconfig 描述文件:
服务器:dns.adguard-dns.com
推荐访问 dns.dns.adguard-dns.com 或 provider 文档下载,安装后 设置 → 通用 → VPN 与设备管理 → 启用设置 → 网络与互联网 → 私人 DNS → 私人 DNS 提供商主机名 → 输入:
dns.alidns.com
→ 保存。所有 Wi-Fi/移动网络全部生效设置 → WLAN → 长按当前网络 → 修改网络 → 高级选项 → IP 设置改为「静态」→
DNS 1:223.5.5.5
DNS 2:223.6.6.6
→ 保存(注意:会同时把 IP 改成手填,需手动输 IP/网关/子网,不熟谨慎)设置 → 网络与互联网 → 私人 DNS → 私人 DNS 提供商主机名 → 输入:
dot.pub
→ 保存。所有 Wi-Fi/移动网络全部生效设置 → WLAN → 长按当前网络 → 修改网络 → 高级选项 → IP 设置改为「静态」→
DNS 1:119.29.29.29
DNS 2:119.28.28.28
→ 保存(注意:会同时把 IP 改成手填,需手动输 IP/网关/子网,不熟谨慎)设置 → WLAN → 长按当前网络 → 修改网络 → 高级选项 → IP 设置改为「静态」→
DNS 1:114.114.114.114
DNS 2:114.114.115.115
→ 保存(注意:会同时把 IP 改成手填,需手动输 IP/网关/子网,不熟谨慎)设置 → WLAN → 长按当前网络 → 修改网络 → 高级选项 → IP 设置改为「静态」→
DNS 1:180.76.76.76
DNS 2:
→ 保存(注意:会同时把 IP 改成手填,需手动输 IP/网关/子网,不熟谨慎)设置 → 网络与互联网 → 私人 DNS → 私人 DNS 提供商主机名 → 输入:
one.one.one.one
→ 保存。所有 Wi-Fi/移动网络全部生效设置 → WLAN → 长按当前网络 → 修改网络 → 高级选项 → IP 设置改为「静态」→
DNS 1:1.1.1.1
DNS 2:1.0.0.1
→ 保存(注意:会同时把 IP 改成手填,需手动输 IP/网关/子网,不熟谨慎)设置 → 网络与互联网 → 私人 DNS → 私人 DNS 提供商主机名 → 输入:
dns.google
→ 保存。所有 Wi-Fi/移动网络全部生效设置 → WLAN → 长按当前网络 → 修改网络 → 高级选项 → IP 设置改为「静态」→
DNS 1:8.8.8.8
DNS 2:8.8.4.4
→ 保存(注意:会同时把 IP 改成手填,需手动输 IP/网关/子网,不熟谨慎)设置 → 网络与互联网 → 私人 DNS → 私人 DNS 提供商主机名 → 输入:
dns.quad9.net
→ 保存。所有 Wi-Fi/移动网络全部生效设置 → WLAN → 长按当前网络 → 修改网络 → 高级选项 → IP 设置改为「静态」→
DNS 1:9.9.9.9
DNS 2:149.112.112.112
→ 保存(注意:会同时把 IP 改成手填,需手动输 IP/网关/子网,不熟谨慎)设置 → WLAN → 长按当前网络 → 修改网络 → 高级选项 → IP 设置改为「静态」→
DNS 1:208.67.222.222
DNS 2:208.67.220.220
→ 保存(注意:会同时把 IP 改成手填,需手动输 IP/网关/子网,不熟谨慎)设置 → 网络与互联网 → 私人 DNS → 私人 DNS 提供商主机名 → 输入:
dns.adguard-dns.com
→ 保存。所有 Wi-Fi/移动网络全部生效设置 → WLAN → 长按当前网络 → 修改网络 → 高级选项 → IP 设置改为「静态」→
DNS 1:94.140.14.14
DNS 2:94.140.15.15
→ 保存(注意:会同时把 IP 改成手填,需手动输 IP/网关/子网,不熟谨慎)uci -q delete dhcp.@dnsmasq[0].server
uci add_list dhcp.@dnsmasq[0].server='223.5.5.5'
uci add_list dhcp.@dnsmasq[0].server='223.6.6.6'
uci set dhcp.@dnsmasq[0].noresolv='1'
uci commit dhcp
/etc/init.d/dnsmasq restartuci -q delete dhcp.lan.dhcp_option
uci add_list dhcp.lan.dhcp_option="6,223.5.5.5,223.6.6.6"
uci commit dhcp
/etc/init.d/dnsmasq restartopkg update && opkg install stubby
# 编辑 /etc/stubby/stubby.yml 在 upstream_recursive_servers 加入:
# - address_data: 223.5.5.5
# tls_auth_name: "dns.alidns.com"
# - address_data: 223.6.6.6
# tls_auth_name: "dns.alidns.com"
/etc/init.d/stubby restartuci -q delete dhcp.@dnsmasq[0].server
uci add_list dhcp.@dnsmasq[0].server='119.29.29.29'
uci add_list dhcp.@dnsmasq[0].server='119.28.28.28'
uci set dhcp.@dnsmasq[0].noresolv='1'
uci commit dhcp
/etc/init.d/dnsmasq restartuci -q delete dhcp.lan.dhcp_option
uci add_list dhcp.lan.dhcp_option="6,119.29.29.29,119.28.28.28"
uci commit dhcp
/etc/init.d/dnsmasq restartopkg update && opkg install stubby
# 编辑 /etc/stubby/stubby.yml 在 upstream_recursive_servers 加入:
# - address_data: 119.29.29.29
# tls_auth_name: "dot.pub"
# - address_data: 119.28.28.28
# tls_auth_name: "dot.pub"
/etc/init.d/stubby restartuci -q delete dhcp.@dnsmasq[0].server
uci add_list dhcp.@dnsmasq[0].server='114.114.114.114'
uci add_list dhcp.@dnsmasq[0].server='114.114.115.115'
uci set dhcp.@dnsmasq[0].noresolv='1'
uci commit dhcp
/etc/init.d/dnsmasq restartuci -q delete dhcp.lan.dhcp_option
uci add_list dhcp.lan.dhcp_option="6,114.114.114.114,114.114.115.115"
uci commit dhcp
/etc/init.d/dnsmasq restartuci -q delete dhcp.@dnsmasq[0].server
uci add_list dhcp.@dnsmasq[0].server='1.1.1.1'
uci add_list dhcp.@dnsmasq[0].server='1.0.0.1'
uci set dhcp.@dnsmasq[0].noresolv='1'
uci commit dhcp
/etc/init.d/dnsmasq restartuci -q delete dhcp.lan.dhcp_option
uci add_list dhcp.lan.dhcp_option="6,1.1.1.1,1.0.0.1"
uci commit dhcp
/etc/init.d/dnsmasq restartopkg update && opkg install stubby
# 编辑 /etc/stubby/stubby.yml 在 upstream_recursive_servers 加入:
# - address_data: 1.1.1.1
# tls_auth_name: "one.one.one.one"
# - address_data: 1.0.0.1
# tls_auth_name: "one.one.one.one"
/etc/init.d/stubby restartuci -q delete dhcp.@dnsmasq[0].server
uci add_list dhcp.@dnsmasq[0].server='8.8.8.8'
uci add_list dhcp.@dnsmasq[0].server='8.8.4.4'
uci set dhcp.@dnsmasq[0].noresolv='1'
uci commit dhcp
/etc/init.d/dnsmasq restartuci -q delete dhcp.lan.dhcp_option
uci add_list dhcp.lan.dhcp_option="6,8.8.8.8,8.8.4.4"
uci commit dhcp
/etc/init.d/dnsmasq restartopkg update && opkg install stubby
# 编辑 /etc/stubby/stubby.yml 在 upstream_recursive_servers 加入:
# - address_data: 8.8.8.8
# tls_auth_name: "dns.google"
# - address_data: 8.8.4.4
# tls_auth_name: "dns.google"
/etc/init.d/stubby restartuci -q delete dhcp.@dnsmasq[0].server
uci add_list dhcp.@dnsmasq[0].server='9.9.9.9'
uci add_list dhcp.@dnsmasq[0].server='149.112.112.112'
uci set dhcp.@dnsmasq[0].noresolv='1'
uci commit dhcp
/etc/init.d/dnsmasq restartuci -q delete dhcp.lan.dhcp_option
uci add_list dhcp.lan.dhcp_option="6,9.9.9.9,149.112.112.112"
uci commit dhcp
/etc/init.d/dnsmasq restartopkg update && opkg install stubby
# 编辑 /etc/stubby/stubby.yml 在 upstream_recursive_servers 加入:
# - address_data: 9.9.9.9
# tls_auth_name: "dns.quad9.net"
# - address_data: 149.112.112.112
# tls_auth_name: "dns.quad9.net"
/etc/init.d/stubby restartuci -q delete dhcp.@dnsmasq[0].server
uci add_list dhcp.@dnsmasq[0].server='208.67.222.222'
uci add_list dhcp.@dnsmasq[0].server='208.67.220.220'
uci set dhcp.@dnsmasq[0].noresolv='1'
uci commit dhcp
/etc/init.d/dnsmasq restartuci -q delete dhcp.lan.dhcp_option
uci add_list dhcp.lan.dhcp_option="6,208.67.222.222,208.67.220.220"
uci commit dhcp
/etc/init.d/dnsmasq restartuci -q delete dhcp.@dnsmasq[0].server
uci add_list dhcp.@dnsmasq[0].server='94.140.14.14'
uci add_list dhcp.@dnsmasq[0].server='94.140.15.15'
uci set dhcp.@dnsmasq[0].noresolv='1'
uci commit dhcp
/etc/init.d/dnsmasq restartuci -q delete dhcp.lan.dhcp_option
uci add_list dhcp.lan.dhcp_option="6,94.140.14.14,94.140.15.15"
uci commit dhcp
/etc/init.d/dnsmasq restartopkg update && opkg install stubby
# 编辑 /etc/stubby/stubby.yml 在 upstream_recursive_servers 加入:
# - address_data: 94.140.14.14
# tls_auth_name: "dns.adguard-dns.com"
# - address_data: 94.140.15.15
# tls_auth_name: "dns.adguard-dns.com"
/etc/init.d/stubby restart{
"dns": ["223.5.5.5", "223.6.6.6"]
}sudo systemctl daemon-reload
sudo systemctl restart docker
docker info | grep -A2 'Name:'docker run --dns=223.5.5.5 --dns=223.6.6.6 -it --rm alpine nslookup example.comservices:
app:
image: your-image
dns:
- 223.5.5.5
- 223.6.6.6{
"dns": ["119.29.29.29", "119.28.28.28"]
}sudo systemctl daemon-reload
sudo systemctl restart docker
docker info | grep -A2 'Name:'docker run --dns=119.29.29.29 --dns=119.28.28.28 -it --rm alpine nslookup example.comservices:
app:
image: your-image
dns:
- 119.29.29.29
- 119.28.28.28{
"dns": ["114.114.114.114", "114.114.115.115"]
}sudo systemctl daemon-reload
sudo systemctl restart docker
docker info | grep -A2 'Name:'docker run --dns=114.114.114.114 --dns=114.114.115.115 -it --rm alpine nslookup example.comservices:
app:
image: your-image
dns:
- 114.114.114.114
- 114.114.115.115sudo systemctl daemon-reload
sudo systemctl restart docker
docker info | grep -A2 'Name:'{
"dns": ["1.1.1.1", "1.0.0.1"]
}sudo systemctl daemon-reload
sudo systemctl restart docker
docker info | grep -A2 'Name:'docker run --dns=1.1.1.1 --dns=1.0.0.1 -it --rm alpine nslookup example.comservices:
app:
image: your-image
dns:
- 1.1.1.1
- 1.0.0.1{
"dns": ["8.8.8.8", "8.8.4.4"]
}sudo systemctl daemon-reload
sudo systemctl restart docker
docker info | grep -A2 'Name:'docker run --dns=8.8.8.8 --dns=8.8.4.4 -it --rm alpine nslookup example.comservices:
app:
image: your-image
dns:
- 8.8.8.8
- 8.8.4.4{
"dns": ["9.9.9.9", "149.112.112.112"]
}sudo systemctl daemon-reload
sudo systemctl restart docker
docker info | grep -A2 'Name:'docker run --dns=9.9.9.9 --dns=149.112.112.112 -it --rm alpine nslookup example.comservices:
app:
image: your-image
dns:
- 9.9.9.9
- 149.112.112.112{
"dns": ["208.67.222.222", "208.67.220.220"]
}sudo systemctl daemon-reload
sudo systemctl restart docker
docker info | grep -A2 'Name:'docker run --dns=208.67.222.222 --dns=208.67.220.220 -it --rm alpine nslookup example.comservices:
app:
image: your-image
dns:
- 208.67.222.222
- 208.67.220.220{
"dns": ["94.140.14.14", "94.140.15.15"]
}sudo systemctl daemon-reload
sudo systemctl restart docker
docker info | grep -A2 'Name:'docker run --dns=94.140.14.14 --dns=94.140.15.15 -it --rm alpine nslookup example.comservices:
app:
image: your-image
dns:
- 94.140.14.14
- 94.140.15.15chrome://settings/security → 高级 → 使用安全 DNS → 自定义 → 输入:
https://dns.alidns.com/dns-query
(Edge:edge://settings/privacy → 安全 → 使用安全 DNS)about:preferences#privacy → 滚到「DNS over HTTPS」→ 选 Max Protection 或自定义 → 输入:
https://dns.alidns.com/dns-queryCloudflare:访问 https://1.1.1.1/help 看「Connected to 1.1.1.1: Yes」
通用:访问 https://dnsleaktest.com/ 看返回的 DNS 地址是否为期望的 providerchrome://settings/security → 高级 → 使用安全 DNS → 自定义 → 输入:
https://doh.pub/dns-query
(Edge:edge://settings/privacy → 安全 → 使用安全 DNS)about:preferences#privacy → 滚到「DNS over HTTPS」→ 选 Max Protection 或自定义 → 输入:
https://doh.pub/dns-queryCloudflare:访问 https://1.1.1.1/help 看「Connected to 1.1.1.1: Yes」
通用:访问 https://dnsleaktest.com/ 看返回的 DNS 地址是否为期望的 providerchrome://settings/security → 高级 → 使用安全 DNS → 自定义 → 输入:
https://cloudflare-dns.com/dns-query
(Edge:edge://settings/privacy → 安全 → 使用安全 DNS)about:preferences#privacy → 滚到「DNS over HTTPS」→ 选 Max Protection 或自定义 → 输入:
https://cloudflare-dns.com/dns-queryCloudflare:访问 https://1.1.1.1/help 看「Connected to 1.1.1.1: Yes」
通用:访问 https://dnsleaktest.com/ 看返回的 DNS 地址是否为期望的 providerchrome://settings/security → 高级 → 使用安全 DNS → 自定义 → 输入:
https://dns.google/dns-query
(Edge:edge://settings/privacy → 安全 → 使用安全 DNS)about:preferences#privacy → 滚到「DNS over HTTPS」→ 选 Max Protection 或自定义 → 输入:
https://dns.google/dns-queryCloudflare:访问 https://1.1.1.1/help 看「Connected to 1.1.1.1: Yes」
通用:访问 https://dnsleaktest.com/ 看返回的 DNS 地址是否为期望的 providerchrome://settings/security → 高级 → 使用安全 DNS → 自定义 → 输入:
https://dns.quad9.net/dns-query
(Edge:edge://settings/privacy → 安全 → 使用安全 DNS)about:preferences#privacy → 滚到「DNS over HTTPS」→ 选 Max Protection 或自定义 → 输入:
https://dns.quad9.net/dns-queryCloudflare:访问 https://1.1.1.1/help 看「Connected to 1.1.1.1: Yes」
通用:访问 https://dnsleaktest.com/ 看返回的 DNS 地址是否为期望的 providerchrome://settings/security → 高级 → 使用安全 DNS → 自定义 → 输入:
https://doh.opendns.com/dns-query
(Edge:edge://settings/privacy → 安全 → 使用安全 DNS)about:preferences#privacy → 滚到「DNS over HTTPS」→ 选 Max Protection 或自定义 → 输入:
https://doh.opendns.com/dns-queryCloudflare:访问 https://1.1.1.1/help 看「Connected to 1.1.1.1: Yes」
通用:访问 https://dnsleaktest.com/ 看返回的 DNS 地址是否为期望的 providerchrome://settings/security → 高级 → 使用安全 DNS → 自定义 → 输入:
https://dns.adguard-dns.com/dns-query
(Edge:edge://settings/privacy → 安全 → 使用安全 DNS)about:preferences#privacy → 滚到「DNS over HTTPS」→ 选 Max Protection 或自定义 → 输入:
https://dns.adguard-dns.com/dns-queryCloudflare:访问 https://1.1.1.1/help 看「Connected to 1.1.1.1: Yes」
通用:访问 https://dnsleaktest.com/ 看返回的 DNS 地址是否为期望的 provider公共 DNS 速查与配置——把”换 DNS 服务器”从「翻设置面板 + 找命令 + 拼接参数」压缩成「点格子复制 IP」+「选系统选 provider 复制命令」两步。所有 IP / DoH / DoT 端点和命令模板都打包在页面里,离线也能查。
| 场景 | 推荐 provider | 推荐配置方式 |
|---|---|---|
| 家用 / 办公电脑 | 阿里 / DNSPod | macOS / Windows 命令行配 IPv4 + IPv6 |
| 全屋路由器统配 | 阿里 / DNSPod | OpenWrt dnsmasq 上游或 DHCP option |
| 隐私优先 / 加密 | Cloudflare / Quad9 | 浏览器 DoH 或 Android 私人 DNS(DoT) |
国内:阿里 AliDNS · DNSPod(腾讯)· 114DNS · 百度 国际:Cloudflare · Google · Quad9 · OpenDNS · AdGuard
每家给出 IPv4 主备、IPv6 主备(如有)、DoH 端点、DoT 主机名,并标注 Anycast、ECS、过滤策略等关键属性。
首选阿里 AliDNS(223.5.5.5):anycast 部署、解析速度稳定、纯净不拦截,家用办公服务器都合适。次选 DNSPod(119.29.29.29):腾讯运营,与微信生态相关域名解析略快,DoH/DoT 域名最简短(doh.pub、dot.pub)。老牌 114DNS 仅支持 IPv4,没有 DoH/DoT,适合老设备兜底。百度公共 DNS 字段较少,DoH/DoT 未公开。一般原则:装一主一备,避免单点。
可用但波动大。Cloudflare 的 1.1.1.1 在国内大部分地区能解析,但延迟从 30ms 到几百 ms 不等,部分运营商间歇性丢包;Google 8.8.8.8 的 IP 走国际链路,晚高峰常见超时。实用建议:(1) 国内首选阿里/DNSPod 作主 DNS,留 1.1.1.1 或 8.8.8.8 做备份;(2) 走 DoH(cloudflare-dns.com、dns.google)由于 HTTPS 复用,反而比明文 53 端口稳;(3) 海外业务/翻墙环境再考虑 Cloudflare/Google 作主 DNS。
两者都加密 DNS 查询、防中间人和明文嗅探。区别:(1) DoH 走 443 端口,混在普通 HTTPS 流量里,不易被识别和阻断;浏览器原生支持,无需系统设置即可启用;(2) DoT 走专用 853 端口,识别明显但路由器/防火墙好做策略;Android 9+ 系统级"私人 DNS"原生支持。实操建议:(1) 想"对单个浏览器立即生效" → DoH;(2) 想"全设备统一加密" → 路由器 stubby 走 DoT,或 Android 9+ 私人 DNS;(3) macOS/iOS 需要描述文件 mobileconfig,门槛稍高。
按顺序检查:(1) DNS 缓存未清:macOS 跑 sudo killall -HUP mDNSResponder,Windows 跑 ipconfig /flushdns,Linux 跑 sudo systemctl restart systemd-resolved;(2) 配置写错位置:macOS 看 scutil --dns、Windows 看 Get-DnsClientServerAddress、Linux 看 resolvectl status 实际生效值;(3) 被 NetworkManager / DHCP 覆盖:Linux 直接改 /etc/resolv.conf 容易被覆盖,要么用 systemd-resolved 配 /etc/systemd/resolved.conf,要么 chattr +i 锁文件;(4) VPN / 代理拦截 DNS:很多 VPN 客户端强制接管 DNS,先关 VPN 再测;(5) 浏览器 DoH 优先:Chrome 启用了 DoH 时不走系统 DNS,单独检查 chrome://settings/security。
理论上 provider 能看到所有解析请求,但主流家都有隐私承诺:(1) Cloudflare 承诺 24 小时内删除查询日志,并由 KPMG 审计;(2) Quad9 瑞士非营利运营,承诺不记录 IP,默认拦截恶意域名;(3) Google 永久不记录可识别个人的查询;(4) 国内厂商(阿里/腾讯)按隐私政策保留较短期日志用于反滥用,不公开承诺审计。最佳实践:(1) 在意隐私选 Quad9 或 Cloudflare + DoH;(2) 完全不信任公共 DNS 可自建 unbound + DoT 上游;(3) 注意:HTTPS 浏览的页面内容公共 DNS 看不到,只能看到访问的域名。
有 IPv6 网络就配,没有也别强行加。判断方法:访问 https://test-ipv6.com/ ,分数 ≥ 9 说明 IPv6 可用。配置规则:(1) macOS/Windows DNS 列表里 IPv4 + IPv6 共存即可,系统按优先级使用;(2) 如果运营商没下发 IPv6,强加 IPv6 DNS 不会用到,但也不会出错;(3) 部分老路由器对混合 DNS 处理有 bug,遇到解析异常先撤掉 IPv6 测一下;(4) 公司服务器只走 IPv4 时不必加 IPv6。本工具的 (IPv4 + IPv6 主备) 配置块只在 provider 同时提供两栈时显示,不会让你配空地址。
家用首选路由器改一次——全屋设备(含智能音箱、电视盒子等不能手动配 DNS 的设备)统一受益。OpenWrt 推荐用 dnsmasq 作上游(路由内解析)+ DHCP option 6 下发给客户端二选一:(1) dnsmasq 上游模式:客户端看到的 DNS 是路由器自身,路由器再转发到公共 DNS——好处是路由器可以拦广告/做策略;(2) DHCP 下发模式:客户端直接拿到公共 DNS——好处是 DNS 查询路径更短。单设备配置场景:(1) 不在自己路由下(公司、咖啡馆);(2) 想给某设备走特殊 DNS(比如开发机走 Quad9 防恶意域名)。
114DNS 至今未公开 DoH/DoT 端点。它在 2010 年代国产 DNS 中以"防劫持"知名,但近年技术更新慢,仍只支持明文 53 端口。替代选择:要 DoH/DoT 加密就用阿里(dns.alidns.com)或 DNSPod(doh.pub / dot.pub),两家都是国内主流且免费公开。如果一定要把 114 当主 DNS,可以用本地 stubby/dnscrypt-proxy 做加密代理 + 114 作明文上游——但这就失去 DoH 端到端加密的意义了。