PR-DNSd: Passive-Recursive DNS daemon

by do son · Published November 19, 2019 · Updated November 19, 2019

PR-DNSd

Passive-Recursive DNS daemon.

What does it do?

Use cases

run as localhost DNS service, to fix your netstat/tcpview/lsof, etc. output
as enterprise-internal DNS server, to also be able to do meaningful EDR/IR and log analysis
as cloud service, to also collect Passive DNS data from non-enterprise (home, BYOD, etc.) devices
- hint: you probably want to configure DDoS protection options
in the cloud as DNS-over-TLS server, to additionally provide private DNS for supporting devices (ex: Android 9’s private DNS setting)
- ex: domain pattern-based firewall/proxy configuration for mobile devices

Running as your own private server for Android9’s Private DNS settings

After appropriate setcap, run:

PR-DNSd -tlslisten :853 -cert YOUR_SERVER_CRT_KEY_PEM -upstream 1.1.1.1:53 -store pr-dnsd

Install

go get github.com/korc/PR-DNSd

sudo setcap cap_net_bind_service,cap_sys_chroot=ep go/bin/PR-DNSd

go/bin/PR-DNSd -upstream 9.9.9.9:53 -listen 127.0.0.1:53

echo nameserver 127.0.0.1 | sudo tee /etc/resolv.conf

dig google.com

dig -x $(dig +short google.com)

Use

Source: https://github.com/korc/

PR-DNSd: Passive-Recursive DNS daemon

Search

Brilliantly

Content & Links