https://github.com/korc/PR-DNSd

Passive-Recursive DNS daemon
https://github.com/korc/PR-DNSd

Last synced: 5 months ago
JSON representation

Passive-Recursive DNS daemon

• Host: GitHub
• URL: https://github.com/korc/PR-DNSd
• Owner: korc
• License: mit
• Created: 2019-05-29T05:23:59.000Z (almost 7 years ago)
• Default Branch: master
• Last Pushed: 2023-05-15T16:04:02.000Z (almost 3 years ago)
• Last Synced: 2024-06-20T03:43:41.876Z (almost 2 years ago)
• Language: Go
• Size: 177 KB
• Stars: 25
• Watchers: 2
• Forks: 1
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE.txt

Awesome Lists containing this project

• awesome-systools - PR-DNSd - Recursive DNS daemon (Network / DNS)

README

          
# PR-DNSd

Passive-Recursive DNS daemon.

## What does it do

![This](solved-netstat.jpg)

## Quickstart

```sh

go get github.com/korc/PR-DNSd

sudo setcap cap_net_bind_service,cap_sys_chroot=ep go/bin/PR-DNSd

go/bin/PR-DNSd -upstream 9.9.9.9:53 -listen 127.0.0.1:53

echo nameserver 127.0.0.1 | sudo tee /etc/resolv.conf

dig google.com

dig -x $(dig +short google.com)

```

_If you can't use `setcap`, you have to use `-chroot ""` and `-listen :` options, or run as `root`._

## Use cases

- run as local host DNS service, to fix your `netstat`/`tcpview`/`lsof` etc. output

- as enterprise-internal DNS server, to also be able to do meaningful EDR/IR and log analysis

- as cloud service, to also collect Passive DNS data from non-enterprise (home, BYOD etc.) devices

  - _hint: you probably want to configure DDoS protection options_

- in cloud as DNS-over-TLS server, to additionally provide private DNS for supporting devices (ex: Android 9's private DNS setting)

  - ex: domain pattern based firewall/proxy configuration for mobile devices

### Running as your own private server for Android9's Private DNS settings

After appropriate `setcap`, run:

```sh

PR-DNSd -tlslisten :853 -cert YOUR_SERVER_CRT_KEY_PEM -upstream 1.1.1.1:53 -store pr-dnsd

```

## Options

```txt

-cert string

    TCP-TLS listener certificate (required for tls listener)

-chroot string

    chroot to directory after start (default "/var/tmp")

-count int

    Count of replies allowed before debounce delay is applied (default 100)

-ctmout string

    Client timeout for upstream queries

-debounce string

    Required time duration between UDP replies to single IP to prevent DoS (default "200ms")

-key string

    TCP-TLS certificate key (default same as -cert value)

-listen string

    listen address (default ":53")

-silent

    Don't report normal data

-store string

    Store PTR data to specified file

-tlslisten string

    TCP-TLS listener address (default ":853")

-upstream string

    upstream DNS server (tcp-tls:// prefix for DoT) (default "1.1.1.1:53")

    (with tls and chroot, ensure ca-certificates and resolv.conf in chroot are properly set up)

```