https://github.com/federicoceratto/dns-firewall

A proxy to inspect and mangle locally generated DNS queries with a Gtk interface.
https://github.com/federicoceratto/dns-firewall

Last synced: 19 days ago
JSON representation

A proxy to inspect and mangle locally generated DNS queries with a Gtk interface.

Host: GitHub
URL: https://github.com/federicoceratto/dns-firewall
Owner: FedericoCeratto
Created: 2014-12-22T14:06:26.000Z (over 10 years ago)
Default Branch: master
Last Pushed: 2016-05-27T22:59:36.000Z (almost 9 years ago)
Last Synced: 2025-04-12T07:45:48.056Z (19 days ago)
Language: Python
Size: 20.5 KB
Stars: 3
Watchers: 2
Forks: 2
Open Issues: 0
Metadata Files:
- Readme: README.adoc

Awesome Lists containing this project

README

        ## DNS firewall

A proxy to inspect and mingle locally generated DNS queries.

Optional tray icon an Gtk interface.

Rationale 

--------- 

 

Inspecting and filtering DNS traffic generated by desktop applications can be tricky. 

Tools like tcpdump have no way to tell which running process generated a DNS query. 

Also, Netfilter cannot filter traffic by domain name and many domains resolve to IP addresses that change frequently. 

  

A typical use case is to monitor browser, browsers plugins and extensions for suspicious home-calling or malicious/tracking javascript, or other application leaking data through DNS queries. 

 

dns-firewall acts as a forwarding DNS resolver. It listens locally on port 53 and forwards only the allowed queries to external resolvers. 

It detects the name of the process trying to resolve a domain name and applies filtering rules based on that. 

Features

--------

* Block DNS queries by application and domain, or return configurable IP addresses

* Tray icon with activity indicators

* Log window to inspect recent activity

* Optionally resolve names using the Tor network

Usage

-----

Create ~/.config/dns-firewall/conf.yaml from conf.yaml.example

Binding to UDP port 53 is required. You can run the process as root or install and configure authbind:

[source,bash]

.conf.yaml.example

----

sudo apt-get install authbind

sudo touch /etc/authbind/byport/53

authbind --depth 2 dns-firewall

# or

sudo dns-firewall

----

Add --tray to enable the tray icon and Gtk interface. Left-click on the tray icon to display the log window.

Update your /etc/resolv.conf with "nameserver 127.0.0.1"

Configuration example

---------------------

[source,python]

.conf.yaml.example

----

# Cache DNS replies

enable_lru_cache: true

lru_cache_size: 100

# Listen on the following IP address and port

host: 127.0.0.1

port: 53

socket_timeout: 20

# DNS resolvers to forward queries to

resolvers: ['208.67.222.222:53', '208.67.220.220:53']

# Use Tor to perform DNS resolution

tor_socks_ipaddr: '127.0.0.1'

tor_socks_port: 9050

# Filtering rules

#

# Like in netfilter, the rules are processed in sequence until a match is found.

# The default values are:

#

#   action: drop        # Can be accept, nxdomain, return, drop

#   dnscrypt: false     # Use DNSCrypt

#   processname: *      # Match process name

#   tcp: false          # Use TCP instead of UDP

#   tor: false          # Resolve over Tor

#   username: *         # Match username

#   warn: false         # Log match

#   zone: *             # Match zone

filtering:

  # drop all queries to drop.net

  - zone: drop.net

    action: drop

  # resolve a domain using custom resolvers

  - zone: custom_resolvers.net

    action: accept

    resolvers: ['208.67.222.222:53', '208.67.220.220:53']

  # return nxdomain for nxdomain.net

  - zone: nxdomain.net

    action: nxdomain

  # return nxdomain to netcat

  - processname: nc

    action: nxdomain

  # return nxdomain to an user

  - username: foo

    action: nxdomain

  # return 127.0.0.1 for return1.net

  - zone: return1.net

    action: return 127.0.0.1

  # resolve in TCP

  - zone: tcp.net

    action: accept

    tcp: true

  # resolve using dnscrypt

  - zone: dnscrypt.net

    dnscrypt: true

    action: accept

  # resolve using dnscrypt over Tor

  - zone: dnscrypt_tor.net

    dnscrypt: true

    tor: true

    action: accept

  # resolve using Tor

  - zone: tor.net

    tor: true

    action: accept

  # forward every other request to the DNS resolvers, but warn

  - action: accept

    warn: true

  # forward every other request to the DNS resolvers

  - action: accept

----

Development status

------------------

In development. Testing and contributions are welcome!

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Awesome

https://github.com/federicoceratto/dns-firewall

Awesome Lists containing this project

README