PR-DNSd: Passive-Recursive DNS daemon

by do son · Published · Updated

Recursive DNS

PR-DNSd

Passive-Recursive DNS daemon.

What does it do?

 

Use cases

  • run as localhost DNS service, to fix your netstat/tcpview/lsof, etc. output
  • as enterprise-internal DNS server, to also be able to do meaningful EDR/IR and log analysis
  • as cloud service, to also collect Passive DNS data from non-enterprise (home, BYOD, etc.) devices
    • hint: you probably want to configure DDoS protection options
  • in the cloud as DNS-over-TLS server, to additionally provide private DNS for supporting devices (ex: Android 9’s private DNS setting)
    • ex: domain pattern-based firewall/proxy configuration for mobile devices

Running as your own private server for Android9’s Private DNS settings

After appropriate setcap, run:

PR-DNSd -tlslisten :853 -cert YOUR_SERVER_CRT_KEY_PEM -upstream 1.1.1.1:53 -store pr-dnsd

Install

go get github.com/korc/PR-DNSd

sudo setcap cap_net_bind_service,cap_sys_chroot=ep go/bin/PR-DNSd

go/bin/PR-DNSd -upstream 9.9.9.9:53 -listen 127.0.0.1:53

echo nameserver 127.0.0.1 | sudo tee /etc/resolv.conf

dig google.com

dig -x $(dig +short google.com)

 

 

Use

Copyright (c) 2019 Lauri Korts-Pärn

Source: https://github.com/korc/

Tags: PR-DNSdRecursive DNS