Replies: 26 comments 1 reply
-
|
谢谢,你这个图画的很好~! |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
关于镜像大小,目前未解压前是二十多M,解压后是六十多M,已经算很小的了,这个docker其实更适合运行在NAS这种空间和内存比较富裕的环境中,因为他是递归DNS,内存越大缓存效果越好,redis的持久化储存也需要空间。docker启动后会自动根据性能设置配置文件,最低情况下有200M空间是比较好的。 |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
找了个u盘,捣腾了很久终于用上了,就是启动初始化很慢,差不多3-5分钟的样子,不过目前有下面几个问题:
openwrt本机查询 kdig +short TXT whoami.ds.akahelp.net -p 5443
"ns" "2a01:3a0:53:53::"电脑上查的 dig +short TXT whoami.ds.akahelp.net @192.168.5.1 -p 5443
"ip" "101.87.77.39"
"ns" "2a04:e4c0:20::73"
"ecs" "101.87.77.0/24/24"容器日志 系统日志 |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
我也没想到ARM镜像能顺利跑起来,redis那个警告warnning不用管,第二个报错似乎是提示你内存不足,你 |
Beta Was this translation helpful? Give feedback.
0 replies
-
对的,暂时先用这个端口测试,以免搞不定整个网络挂掉😂
root@OpenWrt:~# free -m
total used free shared buff/cache available
Mem: 507764 143028 90380 1632 274356 312932
Swap: 0 0 0 |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
内存确实有点小,这是512M的路由器吧?上面那个报错似乎是说因为内存不足把你 |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
跑的起docker的路由器应该也不便宜吧,要不要整个垃圾N1玩玩? |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
其实这比我之前用adguardhome占的内存要少很多,之前动不动内存用掉50%以上,但这个docker仅占12%左右的内存。 root@OpenWrt:~# docker exec -it paopaodns /bin/sh
/data # ps -ef
PID USER TIME COMMAND
1 root 0:00 {init.sh} /bin/sh /usr/sbin/init.sh
13 root 0:00 crond
41 root 0:19 dnscrypt-proxy -config /data/dnscrypt-resolvers/dnscrypt.t
42 root 0:03 mosdns start -d /tmp -c mosdns.yaml
68 root 1:21 redis-server 127.0.0.1:6379
69 root 0:00 {watch_list.sh} /bin/sh /usr/sbin/watch_list.sh
70 root 0:00 {watch_list.sh} /bin/sh /usr/sbin/watch_list.sh
71 root 0:00 inotifywait -e modify /data/force_cn_list.txt /data/force_
72 root 0:00 inotifywait -e modify /etc/unbound/named.cache
207 root 0:00 /bin/sh
213 root 0:00 ps -ef上面那两个watch_list是unbound的吗?
😂以前路由矿难的七八十收的,前段时间也刚刚收了个电视盒子,不过暂时搞不定,继续在openwrt上捣腾。 |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
你可以对比上面那个你发的容器日志: stdout: PID USER TIME COMMAND
stdout: 1 root 0:00 {init.sh} /bin/sh /usr/sbin/init.sh
stdout: 13 root 0:00 crond
stdout: 41 root 0:00 dnscrypt-proxy -config /data/dnscrypt-resolvers/dnscrypt.toml
stdout: 42 root 0:00 mosdns start -d /tmp -c mosdns.yaml
stdout: 57 root 0:00 unbound -c /tmp/unbound_raw.conf
stdout: 58 root 0:00 {watch_list.sh} /bin/sh /usr/sbin/watch_list.sh
stdout: 59 root 0:00 {data_update.sh} /bin/sh /usr/sbin/data_update.sh
stdout: 61 root 0:00 sleep 62
stdout: 66 unbound 0:00 unbound -c /tmp/unbound_forward.conf
stdout: 67 root 0:00 ps应该有这些进程才对。watch_list是监控数据文件发生变化后重启服务的,就你发的这个容器启动的时候的日志来说,PID 41 42 57 66都是要运行的程序……如果你找不到 |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
注意到了,两个unbound进程应该是被杀掉了,但这个docker并没有占很多内存,有没有办法对小内存的这个问题优化?
|
Beta Was this translation helpful? Give feedback.
0 replies
-
|
你可以尝试修改容器里面的 41 MEM1=25m
42 MEM2=50m
43 MEM3=500000
44 MEM4=200mb |
Beta Was this translation helpful? Give feedback.
0 replies
-
改后重启还是没unbound进程,昨天太晚也没继续捣腾了 |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
等编译完成后,你可以删除镜像再重新拉取新镜像试试,对低内存优化了一下。如果不成功,可以把启动日志贴一下。 |
Beta Was this translation helpful? Give feedback.
0 replies
-
谢谢,不过小内存确实捉急,最新镜像依然会杀unbound!估计是没办法了😂docker日志 openwrt系统日志 |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
试了进docker手动运行 去docker hub上搜了几个独立的unbound,mvance/unbound也是用不了,启动直接自毙😂!klutchell/unbound这个是可以的。 |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
第一个没有arm版本所以你启动不了。我看看第二个。我觉得有可能是因为编译支持redis的unbound版本会占多点内存。 |
Beta Was this translation helpful? Give feedback.
0 replies
-
刚刚测试了这个crazy-max/docker-unbound,支持redis能正常启动运行 CacheDB compile #22,只不过它也是独立的🤷♂️。 |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
crazy-max/docker-unbound那个配置的是转发器,不是递归。递归占用更多内存吧。 |
Beta Was this translation helpful? Give feedback.
0 replies
-
已经第一时间测试,感觉应该是没问题了,不爆内存也不杀进程,我把日志贴出来你看看。 root@OpenWrt:~# docker exec -it paopaodns /bin/sh
/ # free -m
total used free shared buff/cache available
Mem: 496 156 38 1 303 287
Swap: 0 0 0
/ # ps -ef
PID USER TIME COMMAND
1 root 0:00 {init.sh} /bin/sh /usr/sbin/init.sh
20 root 0:00 crond
60 root 0:13 dnscrypt-proxy -config /data/dnscrypt-resolvers/dnscrypt.toml
61 root 0:00 mosdns start -d /tmp -c mosdns.yaml
80 unbound 0:00 unbound -c /tmp/unbound_forward.conf -p
82 root 0:00 {data_update.sh} /bin/sh /usr/sbin/data_update.sh
84 root 0:00 {watch_list.sh} /bin/sh /usr/sbin/watch_list.sh
85 root 0:00 {watch_list.sh} /bin/sh /usr/sbin/watch_list.sh
87 root 0:00 inotifywait -e modify /data/force_cn_list.txt /data/force_nocn_list.txt /data/Country-only-cn-private.mmdb
88 root 0:00 inotifywait -e modify /etc/unbound/named.cache
89 root 0:03 redis-server 127.0.0.1:6379
91 unbound 0:00 unbound -c /tmp/unbound_raw.conf -p
147 root 0:00 {data_update.sh} /bin/sh /usr/sbin/data_update.sh
148 root 0:00 curl -4 --connect-timeout 10 -s https://raw.githubusercontent.com/Loyalsoldier/geoip/release/Country-only-cn-private.mmdb.sha256sum
149 root 0:00 grep -Eo [0-9A-Za-z]{64}
150 root 0:00 head -1
161 root 0:00 /bin/sh
168 root 0:00 ps -ef
/ # exit
root@OpenWrt:~# dig +short TXT whoami.ds.akahelp.net -p 5443
"ns" "101.87.77.219" |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
谢谢测试,跑一下 |
Beta Was this translation helpful? Give feedback.
0 replies
-
/ # debug.sh
====ENV TEST====
MEM:100k 200k 200 16mb
CORES:1
POWCORES:1
TZ:Asia/Shanghai
UPDATE:weekly
DNS_SERVERNAME:PaoPaoDNS,blog.03k.org
ETHIP:172.17.0.2
DNSPORT:53
SOCKS5:no
CNAUTO:yes
IPV6:no
====ENV TEST====
PID USER TIME COMMAND
1 root 0:00 {init.sh} /bin/sh /usr/sbin/init.sh
20 root 0:00 crond
60 root 0:28 dnscrypt-proxy -config /data/dnscrypt-resolvers/dnscrypt.t
61 root 0:01 mosdns start -d /tmp -c mosdns.yaml
80 unbound 0:00 unbound -c /tmp/unbound_forward.conf -p
84 root 0:00 {watch_list.sh} /bin/sh /usr/sbin/watch_list.sh
85 root 0:00 {watch_list.sh} /bin/sh /usr/sbin/watch_list.sh
87 root 0:00 inotifywait -e modify /data/force_cn_list.txt /data/force_
88 root 0:00 inotifywait -e modify /etc/unbound/named.cache
89 root 0:12 redis-server 127.0.0.1:6379
91 unbound 0:02 unbound -c /tmp/unbound_raw.conf -p
197 root 0:00 /bin/sh
203 root 0:00 {debug.sh} /bin/sh /usr/sbin/debug.sh
205 root 0:00 ps -ef
domain:whoami.ds.akahelp.net
CNIP URL test:
101.87.77.219
101.87.77.219
------------------
NOCN IP URL test:
101.87.77.219
101.87.77.219
101.87.77.219
101.87.77.219
101.87.77.219
------------------
IP INFO:
101.87.77.219
CN,Shanghai,Shanghai
ASN4812/China Telecom
HTTP/1.1
curl/8.0.1
------------------
The DNS hijacking test, you will see timed out message.
;; communications error to 6.7.8.9#53: timed out
;; communications error to 6.7.8.9#53: timed out
;; communications error to 6.7.8.9#53: timed out
;; no servers could be reached
----------whoami test----------
------------------
mosdns whoami dig:
"ns" "101.87.77.219"
------------------
local unbound whoami dig:
"ns" "101.87.77.219"
------------------
dnscrypt raw whoami dig:
"ns" "158.247.201.172"
------------------
dnscrypt with socks5 whoami dig:
;; communications error to 127.0.0.1#5303: connection refused
;; communications error to 127.0.0.1#5303: connection refused
;; communications error to 127.0.0.1#5303: connection refused
;; no servers could be reached
------------------
dnscrypt unbound whoami dig:
"ns" "158.247.201.172"
------------------
----------CN test----------
mosdns CN dig:
www.taobao.com.danuoyi.tbcache.com.
106.227.21.184
106.227.21.185
------------------
local unbound CN dig:
www.taobao.com.danuoyi.tbcache.com.
106.227.21.185
106.227.21.184
------------------
dnscrypt raw CN dig:
www.taobao.com.danuoyi.tbcache.com.
163.181.22.233
163.181.22.234
------------------
dnscrypt with socks5 CN dig:
;; communications error to 127.0.0.1#5303: connection refused
;; communications error to 127.0.0.1#5303: connection refused
;; communications error to 127.0.0.1#5303: connection refused
;; no servers could be reached
------------------
dnscrypt unbound CN dig:
www.taobao.com.danuoyi.tbcache.com.
128.1.157.232
128.1.157.233
------------------
----------NOCN test----------
mosdns NOCN dig:
youtube-ui.l.google.com.
142.251.42.174
142.251.42.206
142.251.222.46
172.217.26.238
172.217.31.142
142.250.198.14
142.250.199.110
172.217.174.110
172.217.161.46
172.217.175.238
142.250.207.14
216.58.220.110
172.217.175.46
142.250.196.142
142.250.207.46
142.250.196.110
------------------
local unbound NOCN dig:
31.13.80.169
------------------
dnscrypt raw NOCN dig:
youtube-ui.l.google.com.
142.251.42.174
142.251.42.206
142.251.222.46
172.217.26.238
172.217.31.142
142.250.198.14
142.250.199.110
172.217.174.110
172.217.161.46
172.217.175.238
142.250.207.14
216.58.220.110
172.217.175.46
142.250.196.142
142.250.207.46
142.250.196.110
------------------
dnscrypt with socks5 NOCN dig:
;; communications error to 127.0.0.1#5303: connection refused
;; communications error to 127.0.0.1#5303: connection refused
;; communications error to 127.0.0.1#5303: connection refused
;; no servers could be reached
------------------
dnscrypt unbound NOCN dig:
youtube-ui.l.google.com.
172.217.174.110
172.217.161.46
172.217.175.238
142.250.207.14
216.58.220.110
172.217.175.46
142.250.196.142
142.250.207.46
142.250.196.110
142.251.42.174
142.251.42.206
142.251.222.46
172.217.26.238
172.217.31.142
142.250.198.14
142.250.199.110
------------------
----------IPV6 test----------
dual CN domain IPV6:
dual NOCN domain IPV6:
IPV6 only domain : |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
很好,看起来一切工作正常。谢谢你的热心测试!😊 |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
512M内存都能跑起来?长时间运行内存会不会不足? |
Beta Was this translation helpful? Give feedback.
0 replies
-
容器启动时根据可用内存自动调整参数。占用内存不会超过上限。当然这意味着缓存大小也被限制了。 |
Beta Was this translation helpful? Give feedback.
0 replies
-
不用怀疑,日常就占12%,比单用adguardhome省多了。
家用也用不了多少缓存大小吧😂 |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
那等我rb5009来了我试试,谢谢~~ |
Beta Was this translation helpful? Give feedback.
1 reply
-
|
rb5009 测试可用哦 |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
常见ARM路由有128M的nand,装完docker其实还有剩60多M,但获取下载解压还是挤不下!
之前有在openwrt捣鼓unbound和dnscrypt但都不太行,现在是用mosdns和smartdns配合,不过都对国外网站还是不太“稳”,所以想试试这个docker。
不过之前没怎么用过docker,还在学习种,下一步如果镜像大小不能再小的话,先找个u盘挂载试试。
以下是我对paopaodns理解的网络拓扑图,有些地方还不太懂,以后慢慢问。
Beta Was this translation helpful? Give feedback.
All reactions