Skip to content
master
Switch branches/tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 

Dennis the DNS Menace

Tailored DNS responses

Dennis is a DNS server which can serve customized DNS responses on a per user basis.

On its own Dennis isn't very useful but by adding a DNS recursor and a HTTP(S) proxy, Dennis can bypass geo-blocking for thousands of users.

How it works

Users are identified by their IP address, and each user can setup an unlimited number of custom DNS responses.

Setup

Requirements:

  • Redis instance
  • DNS recursor like PowerDNS (for test purposes you can use your ISPs or Google's DNS server)
  • HTTP proxy like Nginx (To proxy HTTPS support for Server Name Indication, rfc6066, is required)

Build, configure and run Dennis.

  1. Build Dennis, make sure you install the dependancies first:

     $ go build dennis.go
    
  2. Run Denis with a config file:

     $ cat > dennis.conf
     [main]
         bind-addr = 127.0.0.1:8054
         redis-addr = 127.0.0.1:6379
         dnsfwd-addr = 127.0.0.1:8053
         portal-addr = 127.0.0.1
         logfile = /tmp/dennis.log
    
     $ ./dennis -config dennis.conf
     	Running on 127.0.0.1:8054
    

    bind-addr: bind Dennis to this address
    redis-addr: address of the Redis instance
    dnsfwd-addr: DNS server address for forwarding requests
    portal-addr: this is the address unregistered users will get, works like a WiFi Portal

  3. Create a test user identified by IP 127.0.0.1 and load it into Redis:

     $ cat > data.txt
         SET gateway:90d1ed58-399e-5ce9-93d8-28f0c86c80e0 53e48371-0bda-4f45-8d03-b0943c89c4ea
         SET user:53e48371-0bda-4f45-8d03-b0943c89c4ea:domain:example.com. 1.0.0.1
         SET user:53e48371-0bda-4f45-8d03-b0943c89c4ea:domain:example.org. 1.0.0.2
    
     $ cat data |redis-cli --pipe
    

    Format gateway:<uuid5.NAMESPACE_OID:ip> <str:user_id>
    Format user:<str:user_id>:domain:<root_domain> <ip>
    192.168.10.2 is the IP address of your HTTP proxy 1
    192.168.10.3 is the IP address of your HTTP proxy 2

  4. Test the setup and fire off some DNS queries with Dig:

     $ dig @127.0.0.1 -p 8054 example.com
     	...
     	example.org.    0   IN  A   1.0.0.1
    
     $ dig @127.0.0.1 -p 8054 foo.example.org
     	...
     	foo.example.org.    0   IN  A   1.0.0.2
    

Configuring Redis, Nginx and PowerDNS Recursor is out of scope for this document.

Security

Don't run Dennis on a privileged port, use firewall rules instead to make Dennis available on TCP & UDP port 53:

Redirect TCP/UDP traffic from external:53 to internal:8054

$ iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 53 -j REDIRECT --to-port 8054
$ iptables -A PREROUTING -t nat -i eth0 -p udp --dport 53 -j REDIRECT --to-port 8054

Query Process

Logic

License

Dennis is licensed under the terms of the MIT license, see attached LICENSE file for more details.

About

Dennis the DNS Menace

Resources

License

Releases

No releases published

Packages

No packages published

Languages