PR-DNSd - Passive-Recursive DNS Daemon
Passive-Recursive DNS daemon.
Quickstart
nameserver 127.0.0.1 | sudo tee /etc/resolv.conf dig google.com dig -x $(dig +short google.com)">
go get github.com/korc/PR-DNSdsudo setcap cap_net_bind_service,cap_sys_chroot=ep go/bin/PR-DNSdgo/bin/PR-DNSd -upstream 9.9.9.9:53 -listen 127.0.0.1:53echo nameserver 127.0.0.1 | sudo tee /etc/resolv.confdig google.comdig -x $(dig +short google.com)
If you can't use setcap
, you have to use -chroot ""
and -listen :<high_port>
options, or run as root
.
Use cases
- run as local host DNS service, to fix your
netstat
/tcpview
/lsof
etc. output - as enterprise-internal DNS server, to also be able to do meaningful EDR/IR and log analysis
- as cloud service, to also collect Passive DNS data from non-enterprise (home, BYOD etc.) devices
- hint: you probably want to configure DDoS protection options
- in cloud as DNS-over-TLS server, to additionally provide private DNS for supporting devices (ex: Android 9's private DNS setting)
- ex: domain pattern based firewall/proxy configuration for mobile devices
Running as your own private server for Android9's Private DNS settings
After appropriate setcap
, run:
PR-DNSd -tlslisten :853 -cert YOUR_SERVER_CRT_KEY_PEM -upstream 1.1.1.1:53 -store pr-dnsd
Options
-cert string TCP-TLS listener certificate (required for tls listener)-chroot string chroot to directory after start (default "/var/tmp")-count int Count of replies allowed before debounce delay is applied (default 100)-ctmout string Client timeout for upstream queries-debounce string Required time duration between UDP replies to single IP to prevent DoS (default "200ms")-key string TCP-TLS certificate key (default same as -cert value)-listen string listen address (default ":53")-silent Don't report normal data-store string Store PTR data to specified file-tlslisten string TCP-TLS listener address (default ":853")-upstream string upstream DNS serv er (tcp-tls:// prefix for DoT) (default "1.1.1.1:53") (with tls and chroot, ensure ca-certificates and resolv.conf in chroot are properly set up)
Via: www.kitploit.com
PR-DNSd - Passive-Recursive DNS Daemon
Reviewed by Zion3R
on
23:12
Rating: