Author: projectfong
Copyright (c) 2025 Fong
All Rights Reserved
validns is a self-contained system for validating and documenting network path integrity.
It performs DNS lookups, ICMP latency checks, and traceroute analysis, while recording results in structured, auditable formats.
Each operation produces signed, timestamped evidence suitable for research, reproducibility, and internal validation.
The purpose of validns is to provide a reproducible framework for:
- Observing and validating DNS resolution behavior.
- Measuring network latency and path consistency.
- Capturing immutable, signed logs for independent verification or research analysis.
This repository is made available for personal and research use only.
It is not licensed for redistribution, modification, or commercial use.
| Component | Description |
|---|---|
| dns_agent | Executes nslookup and dig to collect resolver data and authoritative DNS responses. |
| ping_agent | Runs ICMP ping to measure round-trip latency, jitter, and packet loss. |
| traceroute_agent | Performs hop-by-hop path discovery using ICMP or TCP probes. |
| embedding_agent | Generates 1024-dimensional vector embeddings for semantic indexing (via Ollama or OpenAI). |
| summarizer_agent | Creates concise summaries of validated results and upserts to Qdrant. |
| audit_agent | Logs every action to an append-only ledger with timestamps and digital signatures. |
| orchestrator | Coordinates the sequential execution of agents and database updates. |
| Database | Role | Notes |
|---|---|---|
| Postgres + pgvector | Canonical data and raw evidence storage (1024d embeddings). | Persistent |
| Qdrant | Summarized embeddings for quick semantic retrieval. | Persistent |
| FAISS / SQLite | Local session cache for temporary vector context. | Ephemeral |
All database writes are timestamped and reference a trace_id.
Raw evidence and summaries can be correlated across stores for verification or re-analysis.
Each validation run creates a unique evidence set under /evidence/{trace_id}/.
/evidence/{trace_id}/
├── dig.json ← DNS resolution and record capture
├── ping.json ← ICMP latency and packet-loss metrics
├── traceroute.json ← Network path and hop timing analysis
├── summary.json ← AI-generated contextual summary
└── audit.log ← (optional) Local run log from early builds
All evidence files include:
- UTC timestamps in ISO-8601 format
- SHA3-512 hash references
- Optional Ed25519 signatures
- Cross-linked trace identifiers (trace_id) for correlation across DNS, latency, and summarization data
The PostgreSQL audit ledger is the authoritative source of record; local audit.log files are retained only for legacy compatibility.
Docker build images
~/validns$ docker compose build
[+] Building 154.3s (52/52) FINISHED
=> [internal] load local bake definitions 0.0s
=> => reading from stdin 1.76kB 0.0s
=> [postgres internal] load build definition from Dockerfile.pg 0.2s
=> => transferring dockerfile: 1.89kB 0.0s
=> [app internal] load build definition from Dockerfile.app 0.4s
=> => transferring dockerfile: 1.96kB 0.1s
=> [ui internal] load build definition from Dockerfile.ui 0.5s
=> => transferring dockerfile: 1.98kB 0.0s
=> [cli internal] load build definition from Dockerfile.cli 0.4s
=> => transferring dockerfile: 1.44kB 0.0s
=> [postgres internal] load metadata for docker.io/library/postgres:16 0.0s
=> [cli internal] load .dockerignore 0.3s
=> => transferring context: 2B 0.0s
=> [cli internal] load metadata for docker.io/library/python:3.11-slim 2.1s
=> [ui internal] load metadata for docker.io/library/node:20-slim 1.1s
=> [ui internal] load metadata for docker.io/library/nginx:1.27-alpine 1.2s
=> [postgres 1/3] FROM docker.io/library/postgres:16 0.0s
=> [postgres internal] load build context 0.1s
=> => transferring context: 88B 0.0s
=> CACHED [postgres 2/3] RUN apt-get update -q && apt-get install -y --no-install-recommends postgresql-16-pgvector && echo "[INFO] $(date -u +'%Y-%m-%dT%H:%M:%SZ') Installed pgvector 0.0s
=> CACHED [postgres 3/3] COPY src/db/schema.sql /docker-entrypoint-initdb.d/00_schema.sql 0.0s
=> [postgres] exporting to image 0.3s
=> => exporting layers 0.0s
=> => writing image sha256:b4c94a008e98daa2ccccff6f64768635cbb07b501c7c337c93c82629aa10ba9b 0.0s
=> => naming to docker.io/library/validns-postgres 0.1s
=> [postgres] resolving provenance for metadata file 0.1s
=> [ui build 1/6] FROM docker.io/library/node:20-slim@sha256:f679d7699517426eb148a5698c717477fd3f8a48f6c1eaf771e390a9bb8268c8 0.0s
=> [ui stage-1 1/6] FROM docker.io/library/nginx:1.27-alpine@sha256:65645c7bb6a0661892a8b03b89d0743208a18dd2f3f17a54ef4b76fb8e2f2a10 0.0s
=> [ui internal] load build context 0.1s
=> => transferring context: 29.02kB 0.0s
=> CACHED [ui stage-1 2/6] COPY docker/nginx.conf /etc/nginx/nginx.conf 0.0s
=> CACHED [ui build 2/6] WORKDIR /ui 0.0s
=> CACHED [ui build 3/6] COPY ui/package.json ./ 0.0s
=> CACHED [ui build 4/6] RUN npm install --no-audit --no-fund 0.0s
=> CACHED [ui build 5/6] COPY ui/ ./ 0.0s
=> CACHED [ui build 6/6] RUN npm run build 0.0s
=> CACHED [ui stage-1 3/6] COPY --from=build /ui/dist /usr/share/nginx/html 0.0s
=> CACHED [ui stage-1 4/6] RUN mkdir -p /var/cache/nginx /var/run /run /var/log/nginx && chown -R nginx:nginx /var/cache/nginx /var/run /run /var/log/nginx && chmod -R 755 /var/cache/n 0.0s
=> CACHED [ui stage-1 5/6] RUN chmod -R 555 /usr/share/nginx/html && chown -R nginx:nginx /usr/share/nginx/html 0.0s
=> CACHED [ui stage-1 6/6] RUN chmod -R 555 /usr/share/nginx/html && chown -R nginx:nginx /usr/share/nginx/html 0.0s
=> [ui] exporting to image 0.1s
=> => exporting layers 0.0s
=> => writing image sha256:44b2306fcb5840c2729a49fbdf979e43516386102820b11b907bcf4545a98129 0.0s
=> => naming to docker.io/library/validns-ui 0.0s
=> [app internal] load build context 0.6s
=> => transferring context: 3.88kB 0.0s
=> [cli 1/8] FROM docker.io/library/python:3.11-slim@sha256:5e9093a415c674b51e705d42dde4dd6aad8c132dab6ca3e81ecd5cbbe3689bd2 5.7s
=> => resolve docker.io/library/python:3.11-slim@sha256:5e9093a415c674b51e705d42dde4dd6aad8c132dab6ca3e81ecd5cbbe3689bd2 0.3s
=> => sha256:5e9093a415c674b51e705d42dde4dd6aad8c132dab6ca3e81ecd5cbbe3689bd2 10.37kB / 10.37kB 0.0s
=> => sha256:6818dcc897e2708bf24af119860e4d678d9d40a725264beb20d4988deef1ccfe 1.75kB / 1.75kB 0.0s
=> => sha256:7bbe597de5c76e70498898003b3e0402a6f4ef23b0ba30d33acd8d1af863f128 5.38kB / 5.38kB 0.0s
=> => sha256:c72c567266265eaf3c81cecf291e32dc35cb03f44a34cc37c4bb2c3f1ca6741c 4.25MB / 4.25MB 0.8s
=> => sha256:80061c640d6316e0810fd1007261f33680529077a173449bba4b55579c66db45 250B / 250B 0.9s
=> => sha256:76d93c681ade9d7ff7e4e590094f416d05d02ce51cb023dbb97acd48c3073470 14.36MB / 14.36MB 1.3s
=> => extracting sha256:c72c567266265eaf3c81cecf291e32dc35cb03f44a34cc37c4bb2c3f1ca6741c 0.9s
=> => extracting sha256:76d93c681ade9d7ff7e4e590094f416d05d02ce51cb023dbb97acd48c3073470 2.1s
=> => extracting sha256:80061c640d6316e0810fd1007261f33680529077a173449bba4b55579c66db45 0.0s
=> [cli internal] load build context 0.9s
=> => transferring context: 12.53kB 0.0s
=> [ui] resolving provenance for metadata file 0.0s
=> [cli 2/8] WORKDIR /cli 3.7s
=> [app 2/8] WORKDIR /app 3.7s
=> [app 3/8] RUN apt-get update -q && apt-get install -y --no-install-recommends curl build-essential libpq-dev iputils-ping dnsutils trace 99.7s
=> [cli 3/8] RUN apt-get update -q && apt-get install -y --no-install-recommends curl netcat-openbsd dnsutils && rm -rf /var/lib/apt/lists/* 44.5s
=> [cli 4/8] COPY cli/ /cli/ 0.6s
=> [cli 5/8] COPY requirements.txt /cli/ 0.5s
=> [cli 6/8] RUN pip install --no-cache-dir -r requirements.txt 43.7s
=> [cli 7/8] RUN useradd -r -u 1002 validnscli && chown -R validnscli:validnscli /cli 2.4s
=> [cli 8/8] WORKDIR /cli 0.6s
=> [cli] exporting to image 5.0s
=> => exporting layers 4.9s
=> => writing image sha256:65500142c7b3e8dacdfc77d6238ecf8ff8b41367a2bf93f9ab148b5b68e0cff6 0.0s
=> => naming to docker.io/library/validns-cli 0.0s
=> [cli] resolving provenance for metadata file 0.0s
=> [app 4/8] COPY src/ /app/src/ 0.5s
=> [app 5/8] COPY requirements.txt /app/ 0.3s
=> [app 6/8] RUN pip install --no-cache-dir -r requirements.txt 31.1s
=> [app 7/8] RUN mkdir -p /app/evidence && chmod -R 770 /app/evidence 0.8s
=> [app 8/8] RUN useradd -r -u 1001 validns && chown -R validns:validns /app 2.0s
=> [app] exporting to image 7.0s
=> => exporting layers 6.8s
=> => writing image sha256:7aedda782f645885432a6802ded85e384a67e8434975ec962a4e667475f9bc62 0.0s
=> => naming to docker.io/library/validns-app 0.0s
=> [app] resolving provenance for metadata file 0.0s
[+] Building 4/4
✔ validns-cli Built 0.0s
✔ validns-postgres Built 0.0s
✔ validns-ui Built 0.0s
✔ validns-app Built
Create docker container
~/validns$ docker compose up -d
[+] Running 23/23
✔ postgres Pulled 20.1s
✔ 1014e14b3351 Pull complete 5.0s
✔ edd90ab5059f Pull complete 6.0s
✔ f0d70120d9e2 Pull complete 6.4s
✔ dd6d7b9d8ba8 Pull complete 7.8s
✔ 203b16f56a7d Pull complete 8.0s
✔ 751039babae5 Pull complete 8.2s
✔ f5af7533693a Pull complete 8.5s
✔ c9833b31d106 Pull complete 17.5s
✔ 96a1b9bbe664 Pull complete 17.6s
✔ 79bb4f307760 Pull complete 17.8s
✔ 3fd5d8cfa560 Pull complete 18.1s
✔ 1efcf2d60d96 Pull complete 18.2s
✔ de155df97c00 Pull complete 18.5s
✔ qdrant Pulled 15.2s
✔ 8c7716127147 Pull complete 4.7s
✔ 4f4fb700ef54 Pull complete 5.1s
✔ 7d870fd66ece Pull complete 5.7s
✔ 0641a714b018 Pull complete 8.9s
✔ 7c6ccda58d7a Pull complete 9.5s
✔ ab5cf6b93de6 Pull complete 13.0s
✔ 736b7f8a757c Pull complete 13.1s
✔ 6fc04e638788 Pull complete 13.6s
[+] Building 167.4s (25/25) FINISHED
=> [internal] load local bake definitions 0.0s
=> => reading from stdin 1.31kB 0.0s
=> [cli internal] load build definition from Dockerfile.cli 0.3s
=> => transferring dockerfile: 1.44kB 0.0s
=> [app internal] load build definition from Dockerfile.app 0.1s
=> => transferring dockerfile: 1.74kB 0.0s
=> [app internal] load metadata for docker.io/library/python:3.11-slim 1.2s
=> [cli internal] load .dockerignore 0.0s
=> => transferring context: 2B 0.0s
=> [app 1/7] FROM docker.io/library/python:3.11-slim@sha256:9bffe4353b925a1656688797ebc68f9c525e79b1d377a764d232182a519eeec4 4.7s
=> => resolve docker.io/library/python:3.11-slim@sha256:9bffe4353b925a1656688797ebc68f9c525e79b1d377a764d232182a519eeec4 0.1s
=> => sha256:70f7abeaf1577b30229dd1d7784d6c053a29104a56bb353fe23217ad6f0fabc3 1.75kB / 1.75kB 0.0s
=> => sha256:bf02a2b853727373d9065ccd2cc7d40df56d6f1b8256ae5f3612a34caae3c5be 5.38kB / 5.38kB 0.0s
=> => sha256:9bffe4353b925a1656688797ebc68f9c525e79b1d377a764d232182a519eeec4 10.37kB / 10.37kB 0.0s
=> => sha256:44350d10c02e7ab437e3fe5a05e3405115ece5972b2b9f7cd0d68d23c72d5833 1.29MB / 1.29MB 0.4s
=> => sha256:4dc2c3222cdbf7b5e9d5c68653d42c7289ddf2bfaa17b12c961014755b7d04dd 14.64MB / 14.64MB 1.4s
=> => sha256:b25238518c0cca0928b2117b90cee455c3fbdb7d605f92131e5cc92fbfb5b468 249B / 249B 0.2s
=> => extracting sha256:44350d10c02e7ab437e3fe5a05e3405115ece5972b2b9f7cd0d68d23c72d5833 0.4s
=> => extracting sha256:4dc2c3222cdbf7b5e9d5c68653d42c7289ddf2bfaa17b12c961014755b7d04dd 1.9s
=> => extracting sha256:b25238518c0cca0928b2117b90cee455c3fbdb7d605f92131e5cc92fbfb5b468 0.0s
=> [app internal] load build context 0.1s
=> => transferring context: 38.08kB 0.0s
=> [cli internal] load build context 0.3s
=> => transferring context: 10.68kB 0.0s
=> [cli 2/8] WORKDIR /cli 12.7s
=> [app 2/7] WORKDIR /app 12.7s
=> [cli 3/8] RUN apt-get update -q && apt-get install -y --no-install-recommends curl netcat-openbsd dnsutils && rm -rf /var/lib/apt/lists/* 45.1s
=> [app 3/7] RUN apt-get update -q && apt-get install -y --no-install-recommends curl build-essential libpq-dev iputils-ping dnsutils trac 107.3s
=> [cli 4/8] COPY cli/ /cli/ 0.6s
=> [cli 5/8] COPY requirements.txt /cli/ 0.4s
=> [cli 6/8] RUN pip install --no-cache-dir -r requirements.txt 45.2s
=> [cli 7/8] RUN useradd -r -u 1002 validnscli && chown -R validnscli:validnscli /cli 2.1s
=> [cli 8/8] WORKDIR /cli 0.6s
=> [cli] exporting to image 5.4s
=> => exporting layers 5.0s
=> => writing image sha256:e23a782a5dc02e9ae3f98d56cb8eac921731503eef731f1004c9732dbb7277a5 0.0s
=> => naming to docker.io/library/validns-cli 0.2s
=> [cli] resolving provenance for metadata file 0.0s
=> [app 4/7] COPY src/ /app/src/ 0.5s
=> [app 5/7] COPY requirements.txt /app/ 0.3s
=> [app 6/7] RUN pip install --no-cache-dir -r requirements.txt 30.9s
=> [app 7/7] RUN useradd -r -u 1001 validns && chown -R validns:validns /app 1.7s
=> [app] exporting to image 6.8s
=> => exporting layers 6.5s
=> => writing image sha256:414dba509f4d6997f87b856157626d0489b0cefc5205998016fe90ebad543ae8 0.0s
=> => naming to docker.io/library/validns-app 0.0s
=> [app] resolving provenance for metadata file 0.0s
[+] Running 8/8
✔ validns-cli Built 0.0s
✔ validns-app Built 0.0s
✔ Network validns_default Created 0.1s
✔ Container validns-postgres Started 2.1s
✔ Container validns-qdrant Started 2.2s
✔ Container validns-app Started 2.3s
✔ Container validns-ui Started 2.9s
✔ Container validns-cli Started
verifying domains
validns$ docker compose run --rm cli verify google.com
[+] Creating 3/3
✔ Container validns-postgres Running 0.0s
✔ Container validns-qdrant Running 0.0s
✔ Container validns-app Running 0.0s
2025-10-08T21:02:43Z [INFO] Submitting verification for google.com -> http://validns-app:5000/api/verify_dns
2025-10-08T21:02:51Z [OK] Trace created: 4fabb7f1-55ec-43df-b1f3-a848a4d3e6e6
validns result snapshot: google.com
┏━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓
┃ Key ┃ Value ┃
┡━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┩
│ trace_id │ 4fabb7f1-55ec-43df-b1f3-a848a4d3e6e6 │
│ target │ google.com │
│ avg_rtt_ms │ 4.538 │
│ hops_mode │ icmp │
└────────────┴──────────────────────────────────────┘
Logs from validns-app
INFO: 127.0.0.1:43222 - "GET /healthz HTTP/1.1" 200 OK
{"ts":"2025-10-08T21:02:44Z","level":"INFO","msg":"artifact_written","trace_id":"4fabb7f1-55ec-43df-b1f3-a848a4d3e6e6","file":"dig.json","sha3":"c62307bd4f7866464202ca9bbf3c84249dc4cf2f8b18b646710f375ec5476fa384732dd31e5879a5ba819a6fd87f8706f644aea901b8fdb2532e61268d1df11e"}
INFO: 127.0.0.1:41534 - "GET /healthz HTTP/1.1" 200 OK
{"ts":"2025-10-08T21:02:47Z","level":"INFO","msg":"artifact_written","trace_id":"4fabb7f1-55ec-43df-b1f3-a848a4d3e6e6","file":"ping.json","sha3":"098ce427f0ca5ecbd88684237b4d5147610a88e11952dc10180d9197be3df08ea430dfec7cb062848627f5ad7089409b57050cab25f7123f9b56b81a47cd1f7a"}
{"ts":"2025-10-08T21:02:47Z","level":"INFO","msg":"artifact_written","trace_id":"4fabb7f1-55ec-43df-b1f3-a848a4d3e6e6","file":"traceroute.json","sha3":"15fbe9e5d6286c4fb9c33a15c6154398abff6e57f2c21cd9717a839133695e96b82a405f4b3ae6ebbcd09a6af156a14114d8aa455451042cc9d2b6091ce1369e"}
[2025-10-08T21:02:47.740435+00:00] embedding_agent: using Ollama provider (snowflake-arctic-embed2:568m)
[2025-10-08T21:02:47.740435+00:00] embedding_agent: Ollama embedding complete (1024 dims)
[2025-10-08T21:02:48.026912+00:00] summarizer_agent: using Ollama provider (phi4-mini:3.8b)
[2025-10-08T21:02:51.632320+00:00] embedding_agent: using Ollama provider (snowflake-arctic-embed2:568m)
[2025-10-08T21:02:51.632320+00:00] embedding_agent: Ollama embedding complete (1024 dims)
[2025-10-08T21:02:51.723868+00:00] qdrant_client: upsert_summary OK trace_id=4fabb7f1-55ec-43df-b1f3-a848a4d3e6e6
{"ts":"2025-10-08T21:02:51Z","level":"INFO","msg":"artifact_written","trace_id":"4fabb7f1-55ec-43df-b1f3-a848a4d3e6e6","file":"summary.json","sha3":"7e65dca5f9163f48bc9b3ebe93ad00556cc79f69844e6a1e16806424bf0aad2ab8c2a1de00dad902a7fe33704759ed9f1ac2f58d043c35320e922641d122c12b"}
{"ts":"2025-10-08T21:02:43.368517+00:00","level":"INFO","msg":"verify_dns_completed","target":"google.com","trace_id":"4fabb7f1-55ec-43df-b1f3-a848a4d3e6e6","remote":"172.19.0.5"}
INFO: 172.19.0.5:51730 - "POST /api/verify_dns HTTP/1.1" 200 OK
INFO: 127.0.0.1:33078 - "GET /healthz HTTP/1.1" 200 OK
logs from validns-postgres
docker logs -f validns-postgres
PostgreSQL Database directory appears to contain a database; Skipping initialization
2025-10-08 20:36:04.194 UTC [1] LOG: starting PostgreSQL 16.10 (Debian 16.10-1.pgdg13+1) on x86_64-pc-linux-gnu, compiled by gcc (Debian 14.2.0-19) 14.2.0, 64-bit
2025-10-08 20:36:04.195 UTC [1] LOG: listening on IPv4 address "0.0.0.0", port 5432
2025-10-08 20:36:04.195 UTC [1] LOG: listening on IPv6 address "::", port 5432
2025-10-08 20:36:04.349 UTC [1] LOG: listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432"
2025-10-08 20:36:04.468 UTC [29] LOG: database system was shut down at 2025-10-08 20:35:59 UTC
2025-10-08 20:36:04.622 UTC [1] LOG: database system is ready to accept connections
2025-10-08 20:41:04.567 UTC [27] LOG: checkpoint starting: time
2025-10-08 20:41:06.292 UTC [27] LOG: checkpoint complete: wrote 19 buffers (0.1%); 0 WAL file(s) added, 0 removed, 0 recycled; write=1.621 s, sync=0.053 s, total=1.726 s; sync files=13, longest=0.052 s, average=0.005 s; distance=88 kB, estimate=88 kB; lsn=0/1B8B410, redo lsn=0/1B8B3A0
2025-10-08 20:46:04.378 UTC [27] LOG: checkpoint starting: time
2025-10-08 20:46:05.479 UTC [27] LOG: checkpoint complete: wrote 11 buffers (0.1%); 0 WAL file(s) added, 0 removed, 0 recycled; write=1.012 s, sync=0.029 s, total=1.102 s; sync files=9, longest=0.025 s, average=0.004 s; distance=47 kB, estimate=84 kB; lsn=0/1B971C8, redo lsn=0/1B97190
2025-10-08 20:51:04.567 UTC [27] LOG: checkpoint starting: time
2025-10-08 20:51:05.723 UTC [27] LOG: checkpoint complete: wrote 11 buffers (0.1%); 0 WAL file(s) added, 0 removed, 0 recycled; write=1.019 s, sync=0.076 s, total=1.157 s; sync files=9, longest=0.056 s, average=0.009 s; distance=48 kB, estimate=81 kB; lsn=0/1BA3468, redo lsn=0/1BA3430
2025-10-08 20:56:04.768 UTC [27] LOG: checkpoint starting: time
2025-10-08 20:56:07.599 UTC [27] LOG: checkpoint complete: wrote 28 buffers (0.2%); 0 WAL file(s) added, 0 removed, 0 recycled; write=2.757 s, sync=0.016 s, total=2.832 s; sync files=25, longest=0.010 s, average=0.001 s; distance=85 kB, estimate=85 kB; lsn=0/1BB8998, redo lsn=0/1BB8960
logs from validns-qdrant
docker logs -f validns-qdrant
_ _
__ _ __| |_ __ __ _ _ __ | |_
/ _` |/ _` | '__/ _` | '_ \| __|
| (_| | (_| | | | (_| | | | | |_
\__, |\__,_|_| \__,_|_| |_|\__|
|_|
Version: 1.15.5, build: 48203e41
Access web UI at http://localhost:6333/dashboard
2025-10-08T20:36:03.668740Z INFO storage::content_manager::consensus::persistent: Loading raft state from ./storage/raft_state.json
2025-10-08T20:36:03.674055Z INFO storage::content_manager::toc: Loading collection: validns_summaries
2025-10-08T20:36:04.804785Z INFO collection::shards::local_shard: Recovering shard ./storage/collections/validns_summaries/0: 0/0 (0%)
2025-10-08T20:36:04.804919Z INFO collection::shards::local_shard: Recovered collection validns_summaries: 0/0 (100%)
2025-10-08T20:36:04.846089Z INFO qdrant: Distributed mode disabled
2025-10-08T20:36:04.846195Z INFO qdrant: Telemetry reporting enabled, id: 71f58203-0270-4ad2-9f45-1a0227c7a82e
2025-10-08T20:36:04.885986Z INFO qdrant::tonic: Qdrant gRPC listening on 6334
2025-10-08T20:36:04.886039Z INFO qdrant::tonic: TLS disabled for gRPC API
2025-10-08T20:36:04.888542Z INFO qdrant::actix: TLS disabled for REST API
2025-10-08T20:36:04.888678Z INFO qdrant::actix: Qdrant HTTP listening on 6333
2025-10-08T20:36:04.888701Z INFO actix_server::builder: starting 5 workers
2025-10-08T20:36:04.888723Z INFO actix_server::server: Actix runtime found; starting in Actix runtime
2025-10-08T20:36:04.888751Z INFO actix_server::server: starting service: "actix-web-service-0.0.0.0:6333", workers: 5, listening on: 0.0.0.0:6333
.....
2025-10-08T21:01:44.032426Z INFO actix_web::middleware::logger: 172.19.0.4 "GET /collections HTTP/1.1" 200 97 "-" "python-httpx/0.28.1" 0.000644
2025-10-08T21:02:03.950367Z INFO actix_web::middleware::logger: 172.19.0.4 "PUT /collections/validns_summaries/points?wait=true HTTP/1.1" 200 92 "-" "python-httpx/0.28.1" 0.448155
2025-10-08T21:02:51.777297Z INFO actix_web::middleware::logger: 172.19.0.4 "PUT /collections/validns_summaries/points?wait=true HTTP/1.1" 200 91 "-" "python-httpx/0.28.1" 0.047998
2025-10-08T21:03:40.912907Z INFO actix_web::middleware::logger: redacted "GET /dashboard HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:140.0) Gecko/20100101 Firefox/140.0" 0.001206
2025-10-08T21:03:41.363501Z INFO actix_web::middleware::logger: redacted "GET /collections HTTP/1.1" 200 96 "http://redacted:6333/dashboard" "qdrant-js/1.15.1" 0.000568
2025-10-08T21:03:41.365587Z INFO actix_web::middleware::logger: redacted "GET /collections HTTP/1.1" 200 98 "http://redacted:6333/dashboard" "qdrant-js/1.15.1" 0.000300
2025-10-08T21:03:41.378861Z INFO actix_web::middleware::logger: redacted "GET /issues HTTP/1.1" 200 80 "http://redacted:6333/dashboard" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:140.0) Gecko/20100101 Firefox/140.0" 0.018996
2025-10-08T21:03:41.411765Z INFO actix_web::middleware::logger: redacted "GET /aliases HTTP/1.1" 200 81 "http://redacted:6333/dashboard" "qdrant-js/1.15.1" 0.039096
2025-10-08T21:03:41.412028Z INFO actix_web::middleware::logger: redacted "GET /aliases HTTP/1.1" 200 81 "http://redacted:6333/dashboard" "qdrant-js/1.15.1" 0.034364
2025-10-08T21:03:41.445297Z INFO actix_web::middleware::logger: redacted "GET /dashboard/logo192.png HTTP/1.1" 200 6177 "http://redacted:6333/dashboard" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:140.0) Gecko/20100101 Firefox/140.0" 0.029270
2025-10-08T21:03:41.445323Z INFO actix_web::middleware::logger: redacted "GET /dashboard/favicon.ico HTTP/1.1" 200 15086 "http://redacted:6333/dashboard" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:140.0) Gecko/20100101 Firefox/140.0" 0.029244
2025-10-08T21:03:41.461025Z INFO actix_web::middleware::logger: redacted "GET /collections/validns_summaries HTTP/1.1" 200 450 "http://redacted:6333/dashboard" "qdrant-js/1.15.1" 0.042832
2025-10-08T21:03:41.461099Z INFO actix_web::middleware::logger: redacted "GET /collections/validns_summaries HTTP/1.1" 200 452 "http://redacted:6333/dashboard" "qdrant-js/1.15.1" 0.042384
2025-10-08T21:03:42.982408Z INFO actix_web::middleware::logger: redacted "GET /collections/validns_summaries HTTP/1.1" 200 451 "http://redacted:6333/dashboard" "qdrant-js/1.15.1" 0.001003
2025-10-08T21:03:43.173351Z INFO actix_web::middleware::logger: redacted "POST /collections/validns_summaries/points/scroll HTTP/1.1" 200 12923 "http://redacted:6333/dashboard" "qdrant-js/1.15.1" 0.189670
2025-10-08T21:03:58.986675Z INFO actix_web::middleware::logger: redacted "GET /collections/validns_summaries/aliases HTTP/1.1" 200 81 "http://redacted:6333/dashboard" "qdrant-js/1.15.1" 0.000578
2025-10-08T21:03:58.987789Z INFO actix_web::middleware::logger: redacted "GET /collections/validns_summaries HTTP/1.1" 200 452 "http://redacted:6333/dashboard" "qdrant-js/1.15.1" 0.001770
2025-10-08T21:03:59.010598Z INFO actix_web::middleware::logger: redacted "GET /collections/validns_summaries/cluster HTTP/1.1" 200 161 "http://redacted:6333/dashboard" "qdrant-js/1.15.1" 0.023739
2025-10-08T21:04:00.050401Z INFO actix_web::middleware::logger: redacted "GET /cluster HTTP/1.1" 200 80 "http://redacted:6333/dashboard" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:140.0) Gecko/20100101 Firefox/140.0" 0.000535
2025-10-08T21:04:00.056910Z INFO actix_web::middleware::logger: redacted "GET /collections/validns_summaries/cluster HTTP/1.1" 200 161 "http://redacted:6333/dashboard" "qdrant-js/1.15.1" 0.000744
2025-10-08T21:04:01.495499Z INFO actix_web::middleware::logger: redacted "GET /collections/validns_summaries HTTP/1.1" 200 452 "http://redacted:6333/dashboard" "qdrant-js/1.15.1" 0.001116
2025-10-08T21:04:01.595016Z INFO actix_web::middleware::logger: redacted "GET /dashboard/assets/editor.worker-CDU2Z2yo.js HTTP/1.1" 200 10 "http://redacted:6333/dashboard" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:140.0) Gecko/20100101 Firefox/140.0" 0.052446
2025-10-08T21:04:02.819229Z INFO actix_web::middleware::logger: redacted "GET /collections/validns_summaries HTTP/1.1" 200 451 "http://redacted:6333/dashboard" "qdrant-js/1.15.1" 0.001372
2025-10-08T21:04:02.825441Z INFO actix_web::middleware::logger: redacted "POST /collections/validns_summaries/points/scroll HTTP/1.1" 200 12922 "http://redacted:6333/dashboard" "qdrant-js/1.15.1" 0.004981
The external CLI communicates with the backend API to trigger and inspect validation runs.
Example:
$ docker compose run --rm cli verify example.com
$ docker compose run --rm cli search --trace example.com
$ docker compose run --rm cli export --trace <trace_id>CLI commands include:
- verify — run full DNS, ping, and traceroute workflow.
- search — query logs or embeddings for historical context.
- export — create a signed archive of a specific trace.
- audit — display audit trail records.
A lightweight, read-only React/TypeScript interface visualizes DNS results, latency metrics, and path topology.
Views include:
- DNS resolution table
- ICMP latency chart
- Traceroute hop timeline
- Evidence integrity overview
- Audit ledger browser
The dashboard does not allow write or management actions.
Dashboard UI Screenshot
Logs UI Screenshot
Logs from validns-ui
re.da.ct.ed - - [10/Oct/2025:05:36:14 +0000] "POST /api/verify_dns HTTP/2.0" 200 110 "https://re.da.ct.ed/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:140.0) Gecko/20100101 Firefox/140.0"
re.da.ct.ed - - [10/Oct/2025:05:39:01 +0000] "GET /api/audit/24c3b37c-d96d-49d7-a713-0346c8e7f6e7?limit=100 HTTP/2.0" 200 812 "https://re.da.ct.ed/logs" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:140.0) Gecko/20100101 Firefox/140.0"
Logs from validns-app
INFO: 127.0.0.1:38110 - "GET /healthz HTTP/1.1" 200 OK
{"ts":"2025-10-10T05:36:05Z","level":"INFO","msg":"artifact_written","trace_id":"24c3b37c-d96d-49d7-a713-0346c8e7f6e7","file":"dig.json","sha3":"35803ec51842e2e25936948fe70b8395fea7350a59750583ffbd696a67aa0c8b201b4fe502c3d939cbe3ed51648f30017e7da7f269a27d6775376a45b0a74840"}
{"ts":"2025-10-10T05:36:08Z","level":"INFO","msg":"artifact_written","trace_id":"24c3b37c-d96d-49d7-a713-0346c8e7f6e7","file":"ping.json","sha3":"2fdb3fa285f1c63c99f0eb150a5c46db23c647b7b0a889083e24a2923a7b6d0c24f01d7cd6f778525baa46dd3ca6bbdcc037d3adeece0ad57eef06181de56ef5"}
{"ts":"2025-10-10T05:36:09Z","level":"INFO","msg":"artifact_written","trace_id":"24c3b37c-d96d-49d7-a713-0346c8e7f6e7","file":"traceroute.json","sha3":"e88697a5bb31c8147bada8f53cd84def5c1c397b14c8d5abf1c2727f081cf7f0045a9a890ed16dbf153dfe7e21fd61d363939826ac728e289125a78467ca744b"}
[2025-10-10T05:36:09.306890+00:00] embedding_agent: using Ollama provider (snowflake-arctic-embed2:568m)
[2025-10-10T05:36:09.306890+00:00] embedding_agent: Ollama embedding complete (1024 dims)
[2025-10-10T05:36:09.608586+00:00] summarizer_agent: using Ollama provider (phi4-mini:3.8b)
[2025-10-10T05:36:14.493430+00:00] embedding_agent: using Ollama provider (snowflake-arctic-embed2:568m)
[2025-10-10T05:36:14.493430+00:00] embedding_agent: Ollama embedding complete (1024 dims)
[2025-10-10T05:36:14.578430+00:00] qdrant_client: upsert_summary OK trace_id=24c3b37c-d96d-49d7-a713-0346c8e7f6e7
{"ts":"2025-10-10T05:36:14Z","level":"INFO","msg":"artifact_written","trace_id":"24c3b37c-d96d-49d7-a713-0346c8e7f6e7","file":"summary.json","sha3":"153c82786891a9055b045b064422d9400a6a1fccc7444b3e0680552dea9394fcd5d62e6c18cb7ba0177ea23369ed247dec2218c429e2b88ac8165ecb99e01e59"}
{"ts":"2025-10-10T05:36:04.198034+00:00","level":"INFO","msg":"verify_dns_completed","target":"ebay.com","trace_id":"24c3b37c-d96d-49d7-a713-0346c8e7f6e7","remote":"172.19.0.5"}
INFO: 172.19.0.5:55852 - "POST /api/verify_dns HTTP/1.1" 200 OK
INFO: 127.0.0.1:54620 - "GET /healthz HTTP/1.1" 200 OK
INFO: 127.0.0.1:35734 - "GET /healthz HTTP/1.1" 200 OK
INFO: 127.0.0.1:49156 - "GET /healthz HTTP/1.1" 200 OK
INFO: 127.0.0.1:47850 - "GET /healthz HTTP/1.1" 200 OK
INFO: 127.0.0.1:33868 - "GET /healthz HTTP/1.1" 200 OK
INFO: 127.0.0.1:59442 - "GET /healthz HTTP/1.1" 200 OK
INFO: 172.19.0.5:52670 - "GET /api/audit/24c3b37c-d96d-49d7-a713-0346c8e7f6e7?limit=100 HTTP/1.1" 200 OK
INFO: 127.0.0.1:57050 - "GET /healthz HTTP/1.1" 200 OK
Logs from validns-postgres
2025-10-10 05:39:25.267 UTC [28] LOG: checkpoint starting: time
2025-10-10 05:39:27.173 UTC [28] LOG: checkpoint complete: wrote 19 buffers (0.1%); 0 WAL file(s) added, 0 removed, 0 recycled; write=1.815 s, sync=0.018 s, total=1.907 s; sync files=18, longest=0.013 s, average=0.001 s; distance=44 kB, estimate=158 kB; lsn=0/1CB2198, redo lsn=0/1CB2160
Logs from validns-qdrant
2025-10-10T05:33:43.585156Z INFO actix_web::middleware::logger: re.da.ct.ed "GET /collections/validns_summaries HTTP/1.1" 200 452 "http://re.da.ct.ed:6333/dashboard" "qdrant-js/1.15.1" 0.000898
2025-10-10T05:33:43.589265Z INFO actix_web::middleware::logger: re.da.ct.ed "GET /collections/validns_summaries HTTP/1.1" 200 452 "http://re.da.ct.ed:6333/dashboard" "qdrant-js/1.15.1" 0.000718
2025-10-10T05:33:44.801499Z INFO actix_web::middleware::logger: re.da.ct.ed "GET /collections/validns_summaries HTTP/1.1" 200 450 "http://re.da.ct.ed:6333/dashboard" "qdrant-js/1.15.1" 0.001164
2025-10-10T05:33:44.810712Z INFO actix_web::middleware::logger: re.da.ct.ed "POST /collections/validns_summaries/points/scroll HTTP/1.1" 200 62689 "http://re.da.ct.ed:6333/dashboard" "qdrant-js/1.15.1" 0.007995
2025-10-10T05:36:14.602998Z INFO actix_web::middleware::logger: 172.19.0.4 "PUT /collections/validns_summaries/points?wait=true HTTP/1.1" 200 92 "-" "python-httpx/0.28.1" 0.018890
Qdrant Dashboard Screenshot
Summary
Graph + Summary
- Designed for use in isolated, non-production environments.
- Containers should run as non-root users with restricted network access.
- ICMP and traceroute operations may require elevated privileges (
CAP_NET_RAW) during execution. - No assumptions are made about external system or network security.
- The system does not implement or guarantee real-time protection, threat detection, or enforcement.
This repository is licensed under All Rights Reserved — Fong. It is provided for demonstration and research purposes only. No redistribution, modification, or commercial usage is permitted without explicit written permission. See LICENSE.md for details.
| Version | Date | Summary | Author |
|---|---|---|---|
| 1.0.0 | 2025-10-06 | Initial publication of README.md |
projectfong |
| 1.0.1 | 2025-10-10 | Verified full UI → API → DB → UI loop operational; fixed audit_read config bug, updated NGINX proxy path, corrected evidence structure and documentation |
projectfong |