Skip to content
A lightweight fast recursive dns server with dnssec support
Go Other
  1. Go 99.1%
  2. Other 0.9%
Branch: master
Clone or download
hstern and semihalev Export config.Duration (#27)
config.Duration needs to be exported so that you can populate a new
config.Config struct outside of the config package.
Latest commit 6567863 Apr 17, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
api move all middleware to single folder Nov 15, 2018
authcache new front cache, restructure folders, edns middleware, internal query… Nov 24, 2018
cache RFC 7873 edns cookie implementation in ratelimit and edns middleware Nov 27, 2018
config Export config.Duration (#27) Apr 17, 2019
ctx RFC 7873 edns cookie implementation in ratelimit and edns middleware Nov 27, 2018
dnsutil clear some functions, remove edns subnet support for privacy Dec 11, 2018
doh new front cache, restructure folders, edns middleware, internal query… Nov 24, 2018
lqueue new front cache, restructure folders, edns middleware, internal query… Nov 24, 2018
middleware clear some functions, remove edns subnet support for privacy Dec 11, 2018
mock RFC 7873 edns cookie implementation in ratelimit and edns middleware Nov 27, 2018
response new front cache, restructure folders, edns middleware, internal query… Nov 24, 2018
server new front cache, restructure folders, edns middleware, internal query… Nov 24, 2018
vendor RFC 7873 edns cookie implementation in ratelimit and edns middleware Nov 27, 2018
.codecov.yml add codecov yaml Oct 29, 2018
.gitignore Bunch of code refactor && middleware support && hostsfile impl. for #13 Nov 9, 2018
.travis.yml hashing changes Oct 26, 2018
Dockerfile Update Dockerfile to build a static binary (#18) Jan 6, 2019
Gopkg.lock RFC 7873 edns cookie implementation in ratelimit and edns middleware Nov 27, 2018
Gopkg.toml update pprof Oct 28, 2018
LICENSE small changes Oct 12, 2018
Makefile Update Dockerfile to build a static binary (#18) Jan 6, 2019
README.md update readme Jan 20, 2019
_config.yml Set theme jekyll-theme-slate Nov 2, 2018
build.sh readme update Oct 29, 2018
doc.go update doc Nov 11, 2018
gen.go new front cache, restructure folders, edns middleware, internal query… Nov 24, 2018
generated.go new front cache, restructure folders, edns middleware, internal query… Nov 24, 2018
go.mod RFC 7873 edns cookie implementation in ratelimit and edns middleware Nov 27, 2018
go.sum RFC 7873 edns cookie implementation in ratelimit and edns middleware Nov 27, 2018
logo.png logo file Oct 12, 2018
sdns.go update root keys Jan 16, 2019
sdns_test.go new front cache, restructure folders, edns middleware, internal query… Nov 24, 2018
updater.go move all middleware to single folder Nov 15, 2018

README.md

SDNS

Travis Go Report Card GoDoc codecov GitHub version

💫 Lightweight, fast recursive dns server with dnssec support

Based on kenshinx/godns, looterz/grimd

Installation

go get github.com/semihalev/sdns

or

download

or run with Docker image

docker run -d --name sdns -p 53:53 -p 53:53/udp -p 853:853 -p 8053:8053 -p 8080:8080 sdns
  • Port 53 DNS server
  • Port 853 DNS-over-TLS server
  • Port 8053 DNS-over-HTTPS server
  • Port 8080 HTTP API

Building

$ go build

Testing

$ make test

Flags

Flag Desc
config Location of the config file, if not found it will be generated

Configs

Key Desc
version Config version
blocklists List of remote blocklists
blocklistdir List of locations to recursively read blocklists from (warning, every file found is assumed to be a hosts-file or domain list)
loglevel What kind of information should be logged, Log verbosity level crit,error,warn,info,debug
bind Address to bind to for the DNS server. Default :53
bindtls Address to bind to for the DNS-over-TLS server. Default :853
binddoh Address to bind to for the DNS-over-HTTPS server. Default :8053
tlscertificate TLS certificate file path
tlsprivatekey TLS private key file path
outboundips Outbound ip addresses, if you set multiple, sdns can use random outbound ip address
rootservers DNS Root servers
root6servers DNS Root IPv6 servers
rootkeys DNS Root keys for dnssec
fallbackservers Fallback servers IP addresses
api Address to bind to for the http API server, leave blank to disable
nullroute IPv4 address to forward blocked queries to
nullroutev6 IPv6 address to forward blocked queries to
accesslist Which clients allowed to make queries
timeout Query timeout for dns lookups in duration Default: 5s
connecttimeout Connect timeout for dns lookups in duration Default: 2s
hostsfile Enables serving zone data from a hosts file, leave blank to disable
expire Default cache TTL in seconds Default: 600
cachesize Cache size (total records in cache) Default: 256000
maxdepth Maximum recursion depth for nameservers. Default: 30
ratelimit Query based ratelimit per second, 0 for disable. Default: 0
clientratelimit Client ip address based ratelimit per minute, 0 for disable. if client support edns cookie no limit. Default: 0
blocklist Manual blocklist entries
whitelist Manual whitelist entries

Server Configuration Checklist

  • Increase file descriptor on your server

Features

  • Linux/BSD/Darwin/Windows supported
  • DNS RFC compatibility
  • DNS lookups within listed servers
  • DNS caching
  • DNSSEC validation
  • DNS over TLS support
  • DNS over HTTPS support
  • Middleware Support
  • RTT priority within listed servers
  • EDNS Cookie Support (client<->server)
  • Basic IPv6 support (client<->server)
  • Query based ratelimit
  • IP based ratelimit
  • Access list
  • Prometheus basic query metrics
  • Black-hole internet advertisements and malware servers
  • HTTP API support
  • Outbound IP selection

TODO

  • More tests
  • Try lookup NS address better way
  • DNS over TLS support
  • DNS over HTTPS support
  • Full DNSSEC support
  • RTT optimization
  • Access list
  • Periodic priming queries described at RFC 8109
  • Automated Updates DNSSEC Trust Anchors described at RFC 5011
  • Full IPv6 support (server<->server communication)
  • Query name minimization to improve privacy described at RFC 7816

Contributing

Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.

Please make sure to update tests as appropriate.

Made With

  • miekg/dns - Alternative (more granular) approach to a DNS library

License

MIT

You can’t perform that action at this time.