Skip to content

Server Configuration

Currently, smartdns provides four server modes: UDP, TCP, DOH, and DOT.

UDP Server

  1. Configure with the bind parameter. For example:

    bind 0.0.0.0:53@eth0
    bind [::]:53@eth0
    bind :53@eth0
    

    Options:

    • @eth0 indicates that it only provides services on the corresponding NIC.
    • [::]:53 indicates that it listens to both IPV6 and IPV4 addresses.
    • :53 represents listening to IPV4 addresses.

TCP Server

  1. Configure with the bind-tcp parameter. For example:

    bind-tcp 0.0.0.0:53@eth0
    bind-tcp [::]:53@eth0
    bind-tcp :53@eth0
    
  2. Optional, the tcp-idle-time parameter controls the TCP idle disconnect time.

    tcp-idle-time 120
    

DOT, DOH Server

  1. Configure with the bind-tls, bind-https parameter. For example:

    # DOT server
    bind-tls 0.0.0.0:853@eth0
    bind-tls [::]:853@eth0
    bind-tls :853@eth0
    
    # DOH server
    bind-https 0.0.0.0:443@eth0
    bind-https [::]:443@eth0
    bind-https :443@eth0
    
  2. Set certificate and key files

    bind-cert-file smartdns-cert.pem
    bind-cert-key-file smartdns-key.pem
    bind-cert-key-pass pass
    

    Options:

    • bind-cert-file: Specifies the certificate file path.
    • bind-cert-key-file: Specifies the certificate key file path.
    • bind-cert-key-pass: Specifies the password for the certificate key file. (Optional)

    Note:

    If the above three parameters are not specified, smartdns will automatically generate a certificate chain in the same directory as the smartdns.conf configuration file. Clients can manually add the root certificate to the trusted certificate authority to use DOT and DOH services. The files are as follows:

    File Function Validity Description
    smartdns-root-key.pem Root certificate private key 10 years Automatically generated root certificate private key, used to sign the server certificate and added to the trusted root certificate authority on the client machine.
    smartdns-key.pem Server certificate private key 13 months Automatically generated server certificate private key, used for DOH, DOT, and WebUI HTTPS encryption on the server.
    smartdns-cert.pem Server certificate 13 months Automatically generated server certificate, signed using smartdns-root-key.pem. The SAN is automatically set to the host IP, hostname, and the domain name set by ddns-domain.

    If the server certificate expires after 13 months, restarting the smartdns server will automatically regenerate the server certificate.

  3. Optional, the tcp-idle-time parameter controls the TCP idle disconnect time.

    tcp-idle-time 120
    

Second DNS Server

In addition to supporting basic service, the bind-* parameter also supports more additional features, which can be used as a special second DNS server for specific needs. The corresponding functions that can be enabled are:

  1. Configuration example:

    bind :53 -no-rule-addr -no-speed-check -no-cache
    
  2. Parameter introduction:

Parameter Function
-group Set the corresponding upstream server group
-no-rule-addr Skip address rules
-no-rule-nameserver Skip Nameserver rules
-no-rule-ipset Skip ipset and nftset rules
-no-rule-soa Skip SOA(#) rules
-no-dualstack-selection Disable dual-stack speed test
-no-speed-check Disable speed test
-no-cache Stop caching
-force-aaaa-soa Disable IPV6 queries
-no-ip-alias Ignore IP alias rules
-ipset [ipsetname] Put the corresponding request result into the specified ipset
-nftset [nftsetname] Put the corresponding request result into the specified nftset