powerful_dns

README

powerful_dns

This is (going to be) powerful dns server.
The concept is taken from PiHole: you can block specific domain, and you can edit blocked domain list from web interface.
The biggest goal of this project is to let machine learning model detect ads domain automatically

Todo

• Implement really basic dns feature
• Employ blacklist based blocking
• Caching
• Query Log
• Web Interface: under dev
  • Domain clustering (Session based query log)
• Employ unsupervised machine learning model to detect ads

Installation

For raspi user

Just copy&paste 3 command:)

1. sudo su
2. apt update && apt install docker.io -y
3. docker run -d --name pdns -p 53:53/udp -p 80:80/tcp iamsuk/powerful_dns After that redis-server & powerful_dns will immediately start.
   check application log using docker exec pdns tail -f /etc/powerful_dns/powerful_dns.log
   Or check err log only using docker exec pdns cat /etc/powerful_dns/err.log

For non-raspi user / raspi user who don't like to use docker

NOTE: I assume you have golang install

1. Clone repo git clone https://github.com/iamsuk/powerful_dns.git or
   git clone git@github.com:iamsuk/powerful_dns.git for ssh.
2. Install bash install.sh
   it's going to go build and place default db/config file in /etc/powerful_dns directory
   When you prompt Username/Groupname, type user/group name you want to be owner of /etc/powerful_dns directory
3. Daemonize bash daemon.sh
   This will start install powerful_dns previously built and AND, start/daemonize powerful_dns.service (so that server will immediately start even after machine rebooted)
   NOTE: default/powerful_dns.service is written for user "pi". If you are not user "pi", you have to modify default/powerful_dns.service BEFORE bash daemon.sh, because what daemon.sh does is to copy default/powerful_dns.service to /lib/systemd/system/powerful_dns.service which is going to be referenced by systemd.

Check /var/log/powerful_dns.log to confirm server running
3. Or run manually if you don't want it to be daemonized type sudo ./powerful_dns in directory you cloned.

Usage

• Start DNS: check Installation
• Add domain to blacklist: under development
• Add domain to whitelist: udner development

Tested on

Installation for raspi user

• Linux pi 5.10.60-v7+ #1449 SMP Wed Aug 25 15:00:01 BST 2021 armv7l GNU/Linux (Raspbian/3b+) Installation for non-raspi user
• Kali linux 2020

ChangeLog

• 2021/09/10: domain blocking feature
• 2021/09/10: caching feature
• 2021/09/11: query log feature
• 2021/09/12: support docker installation

Configuration

There's a few things you can configure yourself (you don't have to though)

NOTE:everything should be "written in double quote".

• Upperstream DNS
  • IP: the ip of upperstream dns for when local dns (powerful_dns) could not resolve domain
  • Port: the port of upperstream. Basically 53
• Local DNS
  • Port: the dns port to be listened to by powerful_dns
• Web Server (not implemented yet)
  • Port: the http port tobe listened to by powerful_dns

Explanation

What it does

powerful_dns act as dns server.
It can (for now)

• block specific domain listed in gravity.db - blacklist table
• block domain knows as harmful listed in gravity.db - gravity (taken from pihole's default blacklist)

What it is going to be

powerful_dns is going to be provide such a powerful feature listed below

• Web interface to block specific domain easily
  • every domain is displayed being clustered. When you visit a single site, it is so often that the site request multiple domains additionally. Web interface is going to cluster domains that are requested sequentially, to make sure you figure out which domain is requested by which, and to block some of them that seems to be ads in no time
• Machine learning ads blocking using naive bayes
  • using clustered domains, and by assessing readability of domains, duration from previous domain was requested, and characteristic relation to domains known to be ads, it might be possible to detect which domains are malicious.