DNSd – Passive-Recursive DNS Daemon

August 1, 2022

1

Passive-Recursive DNS daemon.

Quickstart

nameserver 127.0.0.1 | sudo tee /and many others/resolv.conf dig google.com dig -x $(dig +quick google.com)”>

go get github.com/korc/PR-DNSd
sudo setcap cap_net_bind_service,cap_sys_chroot=ep go/bin/PR-DNSd
go/bin/PR-DNSd -upstream 9.9.9.9:53 -listen 127.0.0.1:53
echo nameserver 127.0.0.1 | sudo tee /and many others/resolv.conf
dig google.com
dig -x $(dig +quick google.com)

If you cannot use setcap, you need to use -chroot "" and -listen :<high_port> choices, or run as root.

Use circumstances

run as native host DNS service, to repair your netstat/tcpview/lsof and many others. output

as enterprise-internal DNS server, to additionally be capable to do significant EDR/IR and log evaluation

as cloud service, to additionally gather Passive DNS knowledge from non-enterprise (dwelling, BYOD and many others.) gadgets
- trace: you most likely wish to configure DDoS safety choices
in cloud as DNS-over-TLS server, to moreover present personal DNS for supporting gadgets (ex: Android 9’s personal DNS setting)
- ex: area sample primarily based firewall/proxy configuration for cellular gadgets

Working as your individual personal server for Android9’s Non-public DNS settings

After acceptable setcap, run:

PR-DNSd -tlslisten :853 -cert YOUR_SERVER_CRT_KEY_PEM -upstream 1.1.1.1:53 -store pr-dnsd

Choices

-cert string
TCP-TLS listener certificates (required for tls listener)
-chroot string
chroot to listing after begin (default "/var/tmp")
-count int
Rely of replies allowed earlier than debounce delay is utilized (default 100)
-ctmout string
Shopper timeout for upstream queries
-debounce string
Required time period between UDP replies to single IP to stop DoS (default "200ms")
-key string
TCP-TLS certificates key (default similar as -cert worth)
-listen string
hear deal with (default ":53")
-silent
Do not report regular knowledge
-store string
Retailer PTR knowledge to specified file
-tlslisten string
TCP-TLS listener deal with (default ":853")
-upstream string
upstream DNS serv   er (tcp-tls:// prefix for DoT) (default "1.1.1.1:53")
(with tls and chroot, guarantee ca-certificates and resolv.conf in chroot are correctly arrange)

Previous articledebug – 3,840 cronjobs with no motion!

Next articlePytest with Marking, Mocking, and Fixtures in 10 Minutes | by Kay Jan Wong | Jul, 2022

DNSd – Passive-Recursive DNS Daemon

Quickstart

Use circumstances

Working as your individual personal server for Android9’s Non-public DNS settings

Choices

A Widespread, Multistage Funding Rip-off

Quietly Enumerate An Energetic Listing Area By way of LDAP Parsing Customers, Admins, Teams, And so forth.

Researcher Discovered XSS Flaws In Google Cloud, Google Play

LEAVE A REPLY Cancel reply

Most Popular

N-channel trench MOSFETs eases thermal administration for wearables

Unity 2D Parabolic character motion between platforms shows sudden behaviour

Exploring CSS Grid’s Implicit Grid and Auto-Placement Powers | CSS-Tips

A information to Agile instruments

Recent Comments

ABOUT US

POPULAR POSTS

N-channel trench MOSFETs eases thermal administration for wearables

Unity 2D Parabolic character motion between platforms shows sudden behaviour

Exploring CSS Grid’s Implicit Grid and Auto-Placement Powers | CSS-Tips

POPULAR CATEGORY