diff --git a/FastGithub.Dns/DnsHostedService.cs b/FastGithub.Dns/DnsHostedService.cs
index 1817ce6..88393ff 100644
--- a/FastGithub.Dns/DnsHostedService.cs
+++ b/FastGithub.Dns/DnsHostedService.cs
@@ -12,7 +12,7 @@ namespace FastGithub.Dns
     /// <summary>
     /// dns后台服务
     /// </summary>
-    sealed class DnsHostedService : IHostedService
+    sealed class DnsHostedService : BackgroundService
     {
         private readonly DnsServer dnsServer;
         private readonly IOptions<DnsOptions> options;
@@ -31,22 +31,51 @@ namespace FastGithub.Dns
             ILogger<DnsHostedService> logger)
         {
             this.dnsServer = new DnsServer(githubRequestResolver, options.Value.UpStream);
+            this.dnsServer.Listening += DnsServer_Listening;
+            this.dnsServer.Errored += DnsServer_Errored;
             this.options = options;
             this.logger = logger;
         }
 
         /// <summary>
-        /// 启动dns服务
+        /// 监听后
         /// </summary>
-        /// <param name="cancellationToken"></param>
-        /// <returns></returns>
-        public Task StartAsync(CancellationToken cancellationToken)
+        /// <param name="sender"></param>
+        /// <param name="e"></param>
+        private void DnsServer_Listening(object? sender, EventArgs e)
         {
-            this.dnsServer.Listen();
             this.logger.LogInformation("dns服务启动成功");
             this.dnsAddresses = this.SetNameServers(IPAddress.Loopback, this.options.Value.UpStream);
+        }
 
-            return Task.CompletedTask;
+        /// <summary>
+        /// dns异常
+        /// </summary>
+        /// <param name="sender"></param>
+        /// <param name="e"></param>
+        private void DnsServer_Errored(object? sender, DnsServer.ErroredEventArgs e)
+        {
+            if (e.Exception is not OperationCanceledException)
+            {
+                this.logger.LogError($"dns服务异常：{e.Exception.Message}");
+            }
+        }
+
+        /// <summary>
+        /// 启动dns
+        /// </summary>
+        /// <param name="stoppingToken"></param>
+        /// <returns></returns>
+        protected async override Task ExecuteAsync(CancellationToken stoppingToken)
+        {
+            try
+            {
+                await this.dnsServer.Listen();
+            }
+            catch (Exception ex)
+            {
+                this.logger.LogWarning($"dns服务启动失败：{ex.Message}");
+            }
         }
 
         /// <summary>
@@ -54,7 +83,7 @@ namespace FastGithub.Dns
         /// </summary>
         /// <param name="cancellationToken"></param>
         /// <returns></returns>
-        public Task StopAsync(CancellationToken cancellationToken)
+        public override Task StopAsync(CancellationToken cancellationToken)
         {
             this.dnsServer.Dispose();
             this.logger.LogInformation("dns服务已终止");
diff --git a/FastGithub.ReverseProxy/KestrelServerOptionsExtensions.cs b/FastGithub.ReverseProxy/KestrelServerOptionsExtensions.cs
index b15a742..262bbb2 100644
--- a/FastGithub.ReverseProxy/KestrelServerOptionsExtensions.cs
+++ b/FastGithub.ReverseProxy/KestrelServerOptionsExtensions.cs
@@ -6,6 +6,7 @@ using Microsoft.Extensions.Logging;
 using System;
 using System.Collections.Concurrent;
 using System.Security.Cryptography.X509Certificates;
+using System.Threading;
 
 namespace FastGithub
 {
@@ -14,6 +15,11 @@ namespace FastGithub
     /// </summary>
     public static class KestrelServerOptionsExtensions
     {
+        /// <summary>
+        /// 域名与证书
+        /// </summary>
+        private static readonly ConcurrentDictionary<string, Lazy<X509Certificate2>> domainCerts = new();
+
         /// <summary>
         /// 监听github的反向代理
         /// </summary>
@@ -26,8 +32,29 @@ namespace FastGithub
             var logger = loggerFactory.CreateLogger($"{nameof(FastGithub)}{nameof(ReverseProxy)}");
             TryInstallCaCert(caPublicCerPath, logger);
 
-            kestrel.ListenAnyIP(443, listen => listen.UseGithubHttps(caPublicCerPath, caPrivateKeyPath));
+            kestrel.ListenAnyIP(443, listen =>
+                listen.UseHttps(https =>
+                    https.ServerCertificateSelector = (ctx, domain) =>
+                        GetOrCreateCert(domain)));
+
             logger.LogInformation("反向代理服务启动成功");
+
+
+            X509Certificate2 GetOrCreateCert(string key)
+            {
+                if (key == string.Empty)
+                {
+                    key = "github.com";
+                }
+
+                return domainCerts.GetOrAdd(key, domain => new Lazy<X509Certificate2>(() =>
+                {
+                    var domains = new[] { domain };
+                    var validFrom = DateTime.Today.AddYears(-1);
+                    var validTo = DateTime.Today.AddYears(10);
+                    return CertGenerator.Generate(domains, 2048, validFrom, validTo, caPublicCerPath, caPrivateKeyPath);
+                }, LazyThreadSafetyMode.ExecutionAndPublication)).Value;
+            }
         }
 
         /// <summary>
@@ -57,32 +84,5 @@ namespace FastGithub
             }
         }
 
-        /// <summary>
-        /// 应用fastGihub的https
-        /// </summary>
-        /// <param name="listenOptions"></param>
-        /// <param name="caPublicCerPath"></param>
-        /// <param name="caPrivateKeyPath"></param>
-        /// <returns></returns>
-        private static ListenOptions UseGithubHttps(this ListenOptions listenOptions, string caPublicCerPath, string caPrivateKeyPath)
-        {
-            return listenOptions.UseHttps(https =>
-            {
-                var certs = new ConcurrentDictionary<string, X509Certificate2>();
-                https.ServerCertificateSelector = (ctx, domain) => certs.GetOrAdd(domain, CreateCert);
-            });
-
-            X509Certificate2 CreateCert(string domain)
-            {
-                if (domain == string.Empty)
-                {
-                    domain = "github.com";
-                }
-                var domains = new[] { domain };
-                var validFrom = DateTime.Today.AddYears(-1);
-                var validTo = DateTime.Today.AddYears(10);
-                return CertGenerator.Generate(domains, 2048, validFrom, validTo, caPublicCerPath, caPrivateKeyPath);
-            }
-        }
     }
 }