https://github.com/ziozzang/pydnsproxy
DNS Proxy + SNI/HTTP Proxy + Very Basic Authenticate + Very Simple Configuration with Python
https://github.com/ziozzang/pydnsproxy
dns dns-proxy-sni docker http-proxy python sniproxy
Last synced: 11 months ago
JSON representation
DNS Proxy + SNI/HTTP Proxy + Very Basic Authenticate + Very Simple Configuration with Python
- Host: GitHub
- URL: https://github.com/ziozzang/pydnsproxy
- Owner: ziozzang
- License: bsd-2-clause
- Created: 2014-11-05T02:35:50.000Z (over 11 years ago)
- Default Branch: master
- Last Pushed: 2021-09-04T16:50:20.000Z (over 4 years ago)
- Last Synced: 2025-04-04T11:47:02.386Z (about 1 year ago)
- Topics: dns, dns-proxy-sni, docker, http-proxy, python, sniproxy
- Language: Python
- Homepage:
- Size: 19.5 KB
- Stars: 3
- Watchers: 4
- Forks: 2
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
PyDNSProxy
==========
PyDNSProxy Configuration.
Author
======
Jioh L. Jung (ziozzang@gmail.com)
License
=======
This code is under License of BSD.
Functions
=========
DNS Proxy + SNI/HTTP Proxy + Very Basic Authenticate
Running
===========
This source is working with Python 3.x + AsyncIO. you have to run in \*NIX include Linux as root permission.
* Use Docker Hub's pre-built version
```
docker run -it --rm \
-p 53:53/udp -p 443:443 -p 80:80 \
-v `pwd`/dns.conf:/opt/dns.conf \
-e "AUTH_LIST=10.2.3.4,10.9.8.7" \
-e "AUTH_BLOCK=10.3.4.0/24,192.4.5.0/24" \
-e "PASSPHASE=open.sesami" \
-e "EXT_IP=1.2.3.4" -e "SELF_IP=5.6.7.8" \
ziozzang/pydnsproxy
```
* Use own build
if you want to run with Docker, build and launch.
```
docker build -t pydnsproxy .
docker run -it --rm \
-p 53:53/udp -p 443:443 -p 80:80 \
-v `pwd`/dns.conf:/opt/dns.conf \
-e "AUTH_LIST=10.2.3.4,10.9.8.7" \
-e "AUTH_BLOCK=10.3.4.0/24,192.4.5.0/24" \
-e "PASSPHASE=open.sesami" \
-e "EXT_IP=1.2.3.4" -e "SELF_IP=5.6.7.8" \
pydnsproxy
#Volume mount and Port Binding.
# you can set upstream DNS server on specific docker, use "--dns=" option.
```
Configuration
=============
on source code, there's 3 kind of configuration.
1. Authentication is on source code as IP list. if IP is in list or block, DNS and SNI proxy working. else, ith doesn't reply.
```
auth_list = ["10.2.3.4", "10.3.4.5"] # per IP Auth.
auth_block = ["10.1.0.0/16", "10.98.76.0/24"] # Block by
```
2. or Passphase for SNIProxy Open. dns query of this Record, the gate will be open!
```
passphase = "open.the.gate.sesami"
```
3. Check the domain is really exist.
```
filter_exist_dns = True
```
4. if you want to allow any IP, set environment parameter "ALLOW_ANY"
5. if you want to run only DNS server (no sniproxy), set environment parameter "ONLY_DNS_SERVER"
* you can use go version SNIProxy: https://github.com/ziozzang/SimpleSNIProxy
on dns.conf file, you can control dns record what to reply fake one. see dns.conf file.
Matching Rules
==============
1. Matchings are sequancial.
* Block(No Result Returned) -> Exactly Match(Exactly Same Domain only) -> Forward Match(Ask upper DNS) -> Zone Match -> RegEx Match/Allow -> RegEx Match/Block
2. if one rule matched, ignored remains.
3. There's 3 kinds of match type. partial match(match zone), exact match and regular expression match.
* Block : Partial Match
* Exact Match: Exact Match
* Forward : Partial Match
* Zone : Partial Match
* RegEx/Allow : RegEx.
* RegEx/Block : RegEx.
Special Thanks
==============
* Basic SNI Proxy code from Phus Lu https://github.com/phuslu/sniproxy/
* DNSProxy code from Crypt0s's FakeDNS. https://github.com/Crypt0s/FakeDns