Kali Linux

PR-DNSd : Passive-Recursive DNS Daemon

PR-DNSd is a Passive-Recursive DNS daemon.

Quickstart

go get github.com/korc/PR-DNSd
sudo setcap cap_net_bind_service,cap_sys_chroot=ep go/bin/PR-DNSd
go/bin/PR-DNSd -upstream 9.9.9.9:53 -listen 127.0.0.1:53
echo nameserver 127.0.0.1 | sudo tee /etc/resolv.conf
dig google.com
dig -x $(dig +short google.com)

Use cases

  • run as local host DNS service, to fix your netstat/tcpview/lsof etc. output
  • as enterprise-internal DNS server, to also be able to do meaningful EDR/IR and log analysis
  • as cloud service, to also collect Passive DNS data from non-enterprise (home, BYOD etc.) devices
    • hint: you probably want to configure DDoS protection options
  • in cloud as DNS-over-TLS server, to additionally provide private DNS for supporting devices (ex: Android 9’s private DNS setting)
    • ex: domain pattern based firewall/proxy configuration for mobile devices

Running as your own private server for Android9’s Private DNS settings

After appropriate setcap, run:

PR-DNSd -tlslisten :853 -cert YOUR_SERVER_CRT_KEY_PEM -upstream 1.1.1.1:53 -store pr-dnsd

Options

cert string
TCP-TLS listener certificate (required for tls listener)
-chroot string
chroot to directory after start (default “/var/tmp”)
-count int
Count of replies allowed before debounce delay is applied (default 100)
-ctmout string
Client timeout for upstream queries
-debounce string
Required time duration between UDP replies to single IP to prevent DoS (default “200ms”)
-key string
TCP-TLS certificate key (default same as -cert value)
-listen string
listen address (default “:53”)
-silent
Don’t report normal data
-store string
Store PTR data to specified file
-tlslisten string
TCP-TLS listener address (default “:853”)
-upstream string
upstream DNS server (tcp-tls:// prefix for DoT) (default “1.1.1.1:53”)
(with tls and chroot, ensure ca-certificates and resolv.conf in chroot are properly set up)

R K

Recent Posts

Command-Line Techniques for Listing Linux Users

Linux offers powerful command-line tools for system administrators to view and manage user accounts. Knowing…

6 hours ago

Exploring User Management in Linux Systems

User management is a critical aspect of Linux administration. Each user in a Linux system…

7 hours ago

How to List Users in Linux

Managing users is an essential part of Linux system administration. Knowing how to list all…

7 hours ago

Nmap cheat sheet for beginners

Nmap (Network Mapper) is a free tool that helps you find devices on a network,…

2 days ago

Understanding the Model Context Protocol (MCP) and How It Works

Introduction to the Model Context Protocol (MCP) The Model Context Protocol (MCP) is an open…

1 week ago

The file Command – Quickly Identify File Contents in Linux

While file extensions in Linux are optional and often misleading, the file command helps decode what a…

1 week ago