Skip to content
/ tykdnscheck Public

Simple authorative DNS server designed to return info on the recursive server that asked it, rather than normal DNS data. Written in Python.

4 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

tykling/tykdnscheck

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

30 Commits
HOWTO.md
HOWTO.md
 
 
README.md
README.md
 
 
tykdnscheck.py
tykdnscheck.py
 
 
tykdnscheck.sh
tykdnscheck.sh
 
 

Repository files navigation

tykdnscheck

Simple authorative DNS server designed to return the IP of the client that asked it (usually the configured recursive DNS server). This script does not serve actual DNS data.

The script replies with SERVFAIL for all querytypes other than TXT, and it replies with REFUSED for all domains other than the configured one.

tykdnscheck is written in Python, authored by Thomas Steen Rasmussen thomas@gibfest.dk.

Latest version can always be found at https://github.com/tykling/tykdnscheck

Usage

$ ./tykdnscheck.py -h
usage: tykdnscheck.py [-h] -p {4,6} -d DOMAIN [-i [IP [IP ...]]]
                      [-g GOODREPLY] [-b BADREPLY] [-l LOGFILE] [-U USER]
                      [-G GROUP]

optional arguments:
  -h, --help            show this help message and exit
  -p {4,6}, --protocol {4,6}
                        Choose Ipv4 or IPv6 (required)
  -d DOMAIN, --domain DOMAIN
                    The domain name to serve (remember trailing .) (required)
  -i [IP [IP ...]], --ip [IP [IP ...]]
                        One or more "good" IP addresses to trigger the message in --goodreply, leave out to disable check
  -g GOODREPLY, --goodreply GOODREPLY
                        The message to return if the client IP matches --ip
  -b BADREPLY, --badreply BADREPLY
                        The message to return if the client IP doesn't match --ip
  -l LOGFILE, --logfile LOGFILE
                        The logfile to write output to
  -U USER, --user USER  Which user to drop privileges to after logfile open & port bind
  -G GROUP, --group GROUP
                        Which group to drop privileges to after logfile open & port bind

Running the script

sudo ./tykdnscheck.py -p 4 -d check.censurfridns.dk. -i 89.233.43.71 89.233.43.72 89.233.43.73 89.104.194.142 -g "Congratulations. You are using censurfridns / uncensoreddns" -b "You are NOT using censurfridns / uncensoreddns :("

The above example will start an IPv4 instance of the script, which will check client IP and return an extra message depending on whether the client IP matches one of the ones given in -i:

$ dig +short check.censurfridns.dk txt
"Your DNS server IP is 89.233.43.72"
"Congratulations. You are using censurfridns / uncensoreddns"
$

If the script was started without -i the reply would only contain a single TXT record with the DNS server IP.

Querying the script

See HOWTO

About

Simple authorative DNS server designed to return info on the recursive server that asked it, rather than normal DNS data. Written in Python.

Resources

Readme
Activity

Stars

4 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

 
 
 

Languages