SnitchDNS : Database Driven DNS Server With A Web UI

SnitchDNS is a database driven DNS Server with a Web UI, written in Python and Twisted, that makes DNS administration easier with all configuration changed applied instantly without restarting any system services.

One of its main features is the logging of all DNS queries allowing the discovery of network traffic endpoints, and it can also be used to implement canary tokens as it supports notifications via e-mail, web push, Slack, and Teams. Red teamers can also use SnitchDNS to monitor phishing domains for sandboxes, integrate with SIEM solutions, restrict responses to specific IP ranges, egress data via a DNS tunnel and catch-all domains, and more.

Dependencies

  • Python 3.6+

Installation

Please make sure you install using git rather than by downloading the repo manually.

Documentation

For general documentation see here

Screenshots

For screenshots see here

Basic Features

  • Database Driven.
    • Changes are reflected immediately on each DNS request.
    • Supported DBMS:
      • SQLite
      • MySQL / MariaDB
      • Postgres
  • DNS Server
    • Support for common DNS Records.
      • A, AAAA, AFSDB, CNAME, DNAME, HINFO, MX, NAPTR, NS, PTR, RP, SOA, SPF, SRV, SSHFP, TSIG, TXT.
    • Catch-All Domains.
      • Ability to match any subdomain (no matter the depth) to a specific parent domain, for instance *.hello.example.com.
    • Unmatched Record Forwarding.
      • Functionality to intercept specific queries (ie only A and CNAME) and forward all other records to a third-party DNS server (ie Google).
    • Tags and Aliases.
  • IP Rules
    • Configure Allow/Block rules per domain.
  • Notifications. Receive a notification when a domain is resolved, via:
    • E-mail
    • Web Push
    • Slack
    • Microsoft Teams
  • User Management
    • Multi-User support
      • Each user is given their own subdomain to use.
    • LDAP Support
    • Two Factor Authentication
    • Password Complexity Management
  • Logging
    • All DNS queries are logged, whether they have been matched or not.
    • CSV Logging for SIEM integration.
  • Swagger 2.0 API
  • Deployment
    • Ansible scripts for Ubuntu 18.04 / 20.04
    • Docker
    • CLI support for zone, record, user, and settings management.
    • CSV Export/Import

Use Cases

  • SnitchDNS can be used for:
    • A DNS Forwarding Server – Allowing you to monitor all requests via a Web GUI.
    • Red Teams – Implement IP restrictions to block sandboxes, monitor phishing domain resolutions and e-mails, and restrict access to known IP ranges.
    • DNS Tunnel – Log all DNS requests and egress data.
    • Let’s Encrypt DNS Challenge, using the API or the CLI interface.
    • Ad-blocking.
    • Canary Tokens.
    • Integrate with SIEM solutions.

For more details on scenarios please see the Use Cases Document

Limitations

  • Caching has not been implemented, which means this isn’t suitable for environments with hundreds of DNS requests per
  • minute.
R K

Recent Posts

cp Command: Copy Files and Directories in Linux

The cp command, short for "copy," is the main Linux utility for duplicating files and directories. Whether…

7 days ago

Image OSINT

Introduction In digital investigations, images often hold more information than meets the eye. With the…

7 days ago

cat Command: Read and Combine File Contents in Linux

The cat command short for concatenate, It is a fast and versatile tool for viewing and merging…

7 days ago

Port In Networking

What is a Port? A port in networking acts like a gateway that directs data…

7 days ago

ls Command: List Directory Contents in Linux

The ls command is fundamental for anyone working with Linux. It’s used to display the files and…

1 week ago

pwd Command: Find Your Location in Linux

The pwd (Print Working Directory) command is essential for navigating the Linux filesystem. It instantly shows your…

1 week ago