Want to take your software engineering career to the next level? Join the mailing list for career tips & advice Click here


Protect yourself against DNS poisoning in China.

Star full 4f7b624809470f25b6493d5a7b30d9b9cb905931146e785d67c86ef0c205a402Star full 4f7b624809470f25b6493d5a7b30d9b9cb905931146e785d67c86ef0c205a402Star full 4f7b624809470f25b6493d5a7b30d9b9cb905931146e785d67c86ef0c205a402Star full 4f7b624809470f25b6493d5a7b30d9b9cb905931146e785d67c86ef0c205a402Star full 4f7b624809470f25b6493d5a7b30d9b9cb905931146e785d67c86ef0c205a402 (1 ratings)
Rated 5.0 out of 5
Subscribe to updates I use ChinaDNS

Statistics on ChinaDNS

Number of watchers on Github 2439
Number of open issues 35
Average time to close an issue 8 days
Main language C
Average time to merge a PR 9 days
Open pull requests 5+
Closed pull requests 9+
Last commit almost 5 years ago
Repo Created almost 6 years ago
Repo Last Updated about 2 years ago
Size 1.21 MB
Organization / Authorshadowsocks
Latest Release1.3.2
Page Updated
Do you use ChinaDNS? Leave a review!
View open issues (35)
View ChinaDNS activity
View on github
Fresh, new opensource launches 🚀🚀🚀
Software engineers: It's time to get promoted. Starting NOW! Subscribe to my mailing list and I will equip you with tools, tips and actionable advice to grow in your career.
Evaluating ChinaDNS for your project? Score Explanation
Commits Score (?)
Issues & PR Score (?)


Build Status Coverage Status

Traditional way to bypass DNS poisoning is to send all queries to a foreign DNS server via VPN. However some Chinese websites will get bad results if they have CDNs outside the country.

The second way is to maintain a list of domains of which you want to resolve from local DNS or foreign DNS. This list changes too often, taking too much effort to maintain.

ChinaDNS automatically queries local DNS servers to resolve Chinese domains and queries foreign DNS servers to resolve foreign domains. It is smart enough to work only with a Chinese IP range file, which doesn't change often.

In order to bypass IP blocking, you SHOULD use VPN software like ShadowVPN.


  • Linux / Unix

    Download a release.

    ./configure && make
    src/chinadns -m -c chnroute.txt
  • OpenWRT

    • Download precompiled for OpenWRT trunk and CPU: ar71xx, brcm63xx, brcm47xx, ramips_24kec. Open an issue if you think your CPU is a popular one but not listed here.
    • If you use other CPU or other OpenWRT versions, build yourself: cd into SDK root, then

      pushd package
      git clone https://github.com/clowwindy/ChinaDNS.git
      make menuconfig # select Network/ChinaDNS
      make -j
      make V=99 package/ChinaDNS/openwrt/compile
  • Tomoto

    • Download Tomato toolchain, build by yourself.
    • Uncompress the downloaded file to ~/.
    • Copy the brcm directory under ~/WRT54GL-US_v4.30.11_11/tools/ to /opt, then

      export PATH=/opt/brcm/hndtools-mipsel-uclibc/bin/:/opt/brcm/hndtools-mipsel-linux/bin/:$PATH
      git clone https://github.com/clowwindy/ChinaDNS.git
      cd ChinaDNS
      ./autogen.sh && ./configure --host=mipsel-linux --enable-static && make
  • Windows

    Download Python exe version.


  • Linux / Unix Recommand using with option -m (DNS pointer mutation method) Run sudo chinadns -m -c chnroute.txt on your local machine. ChinaDNS creates a UDP DNS Server at

  • OpenWRT

    opkg install ChinaDNS_1.x.x_ar71xx.ipk
    /etc/init.d/chinadns start
    /etc/init.d/chinadns enable

    Invoke the enable command to run the initscript on boot

    (Optional) We strongly recommend you to set ChinaDNS as a upstream DNS server for dnsmasq instead of using ChinaDNS directly:

1. Run `/etc/init.d/chinadns stop`
2. Remove the 2 lines containing `iptables` in `/etc/init.d/chinadns`.
3. Update `/etc/dnsmasq.conf` to use only


4. Restart chinadns and dnsmasq

Test if it works correctly:

$ dig @ www.youtube.com -p5353
; <<>> DiG 9.8.3-P1 <<>> @ www.google.com -p5353
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29845
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;www.youtube.com.       IN  A

www.youtube.com.    21569   IN  CNAME   youtube-ui.l.google.com.
youtube-ui.l.google.com. 269    IN  A

;; Query time: 74 msec
;; WHEN: Fri Jan 30 18:37:57 2015
;; MSG SIZE  rcvd: 83

Currently ChinaDNS only supports UDP. Builtin OpenWRT init script works with dnsmasq, which handles TCP. If you use it directly without dnsmasq, you need to add a redirect rule for TCP:

iptables -t nat -A PREROUTING -p tcp --dport 53 -j DNAT --to-destination


usage: chinadns [-h] [-l IPLIST_FILE] [-b BIND_ADDR] [-p BIND_PORT]
       [-c CHNROUTE_FILE] [-s DNS] [-v]
Forward DNS requests.

-h, --help            show this help message and exit
-l IPLIST_FILE        path to ip blacklist file
-c CHNROUTE_FILE      path to china route file
                      if not specified, CHNRoute will be turned off
-d                    enable bi-directional CHNRoute filter
-y                    delay time for suspects, default: 0.3
-b BIND_ADDR          address that listens, default:
-p BIND_PORT          port that listens, default: 53
-s DNS                DNS servers to use, default:
-m                    Using DNS compression pointer mutation
                      (backlist and delaying would be disabled)
-v                    verbose logging

About chnroute

You can generate latest chnroute.txt using this command:

curl 'http://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest' | grep ipv4 | grep CN | awk -F\| '{ printf("%s/%d\n", $4, 32-log($5)/log(2)) }' > chnroute.txt


Copyright (C) 2015 clowwindy

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/.

Bugs and Issues

Please visit Issue Tracker

Mailing list: http://groups.google.com/group/shadowsocks

ChinaDNS open issues Ask a question     (View All Issues)
  • over 3 years 关于中文文档
  • almost 4 years 1.3.2bug
  • almost 5 years 偶尔出现ERR_NAME_RESOLUTION_FAILED
  • almost 5 years 为何我这里只有youtube打不开?
  • almost 5 years 和shadowsocks的udp转发配合存在问题
  • almost 5 years 关于内网解析的问题!
  • almost 5 years arm架构的有没有
  • almost 5 years more info " chinadns.c:626 sendto: No buffer space available "
  • almost 5 years 基于新版 DD-WRT 的 musl libc 编译问题及解决
  • almost 5 years query[AAAA] ipv6解析,返回值的问题
  • almost 5 years 部分域名好像解析不出结果?
  • about 5 years 一个新的域名是否被污染判定方式?
  • about 5 years 适不适合centos上使用?
  • about 5 years 能不能用include的形式来添加自定义列表?或者以chnroute.d文件夹的形式来存放列表?
  • about 5 years Strange phenomenon about the DNS resloving
  • about 5 years Completion of error handling
  • about 5 years The problem of ChinaDNS port?
  • over 5 years edns-client-subnet implementation
  • over 5 years Android support
  • over 5 years Support DNSSEC
  • over 5 years OpenWRT package Dependency
ChinaDNS open pull requests (View All Pulls)
  • Fix doc: use local ip for testing
  • README: doc how to install from git repo.
  • Modify IPv6 Address Filtering Strategy
  • Add run as daemon support
  • add dynamic white list support
ChinaDNS list of languages used
Other projects in C