https://github.com/dmachard/DNS-collector
Grab your DNS logs, detect anomalies, and finally understand what's happening on your network. The missing piece between DNS servers and your data stack.
https://github.com/dmachard/DNS-collector
collector coredns dns dns-server dnstap fluentd golang grafana logs loki openmetrics pcap powerdns prometheus security-tools sniffer statistics
Last synced: about 2 months ago
JSON representation
Grab your DNS logs, detect anomalies, and finally understand what's happening on your network. The missing piece between DNS servers and your data stack.
- Host: GitHub
- URL: https://github.com/dmachard/DNS-collector
- Owner: dmachard
- License: mit
- Created: 2021-07-03T18:39:54.000Z (over 4 years ago)
- Default Branch: main
- Last Pushed: 2025-08-16T06:52:28.000Z (about 2 months ago)
- Last Synced: 2025-08-18T20:14:48.694Z (about 2 months ago)
- Topics: collector, coredns, dns, dns-server, dnstap, fluentd, golang, grafana, logs, loki, openmetrics, pcap, powerdns, prometheus, security-tools, sniffer, statistics
- Language: Go
- Homepage:
- Size: 31.4 MB
- Stars: 277
- Watchers: 12
- Forks: 55
- Open Issues: 56
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- Funding: .github/FUNDING.yml
- License: LICENSE
- Security: SECURITY.md
Awesome Lists containing this project
README
## What is DNS-collector?
**DNS-collector** is a lightweight tool that captures DNS queries and responses from your DNS servers, processes them intelligently, and sends clean data to your monitoring or analytics systems.
What it does:
- **Captures DNS data** from your DNS servers (BIND, PowerDNS, Unbound, etc.) via DNStap protocol or live network capture
- **Filters out noise** like health checks, internal queries, or spam before storage
- **Enriches data** with GeoIP, threat intelligence, or custom metadata
- **Outputs clean data** to files, databases, SIEM tools, or monitoring dashboards
## Why DNS-collector?
The missing piece between DNS servers and your data stack.
- **DNS-native processing**: Understands DNS protocol, EDNS, query types natively
- **Process at the edge**: Clean, filter and enrich DNS data before storage - not after
- **Multiple input sources**: DNStap streams, live network capture, log files
- **DNS-aware transformations**: Filtering noise upstream, user privacy
- **Flexible outputs**: Files, syslog, databases, monitoring tools and more...
- **Production ready**: Used in real networks, tested with major DNS servers
- **Enhanced DNStap**: TLS encryption, compression, and more metadata capabilities
## 🚀 Quick Start
Download the [latest release](https://github.com/dmachard/DNS-collector/releases) and run with default config:
Default setup listens on tcp/6000 for DNStap streams and outputs to stdout.
To get started quickly, you can use this default [`config.yml`](config.yml).
```bash
./dnscollector -config config.yml
```
## 📚 Documentation
| Topic | Description |
|-------|-------------|
| [🔧 Configuration](docs/configuration.md) | Complete config reference |
| [📤 Workers](docs/workers.md) | Input sources and output destinations setup |
| [🔄 Transformers](docs/transformers.md) | Data enrichment options |
| [🐳 Docker](docs/docker.md) | Container deployment |
| [🔍 Examples](docs/examples.md) | Ready-to-use configs |
| [🔗 Integrations](docs/integrations.md) | Integrationn with popular tools and DNS servers |
| [⭐ Extended DNStap](docs/extended_dnstap.md) | Extended DNSTap |
| [📊 Telemetry](docs/telemetry.md) | REST API and Prometheus metrics |
| [⚡ Performance](docs/performance.md) | Tuning guide |
## 👥 Contributions
Contributions are welcome!
Check out:
- [Contribution Guide](CONTRIBUTING.md)
- [Architecture Guide](docs/architecture.md)
- [Development Guide](docs/development.md)
## 🧰 Related Projects:
- [DNS-tester](https://github.com/dmachard/DNS-tester) - DNS testing toolkit
- [CoreDNS-GSLB](https://github.com/dmachard/coredns-gslb) - Global Server Load Balancing functionality in CoreDNS