command module
v0.2.1 Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Oct 28, 2018 License: MIT Imports: 34 Imported by: 0



Travis Go Report Card GoDoc codecov

Lightweight, fast recursive dns server with dnssec support

Based on kenshinx/godns, looterz/grimd


$ go get




$ go build


$ go test -v


Flag Desc
config Location of the config file, if not found it will be generated


Key Desc
version Config version
blocklists List of remote blocklists
blocklistdir List of locations to recursively read blocklists from (warning, every file found is assumed to be a hosts-file or domain list)
loglevel What kind of information should be logged, Log verbosity level crit,error,warn,info,debug
bind Address to bind to for the DNS server. Default :53
bindtls Address to bind to for the DNS-over-TLS server. Default :853
binddoh Address to bind to for the DNS-over-HTTPS server. Default :8053
tlscertificate TLS certificate file path
tlsprivatekey TLS private key file path
outboundips Outbound ip addresses, if you set multiple, sdns can use random outbound ip address
rootservers DNS Root servers
root6servers DNS Root IPv6 servers
rootkeys DNS Root keys for dnssec
fallbackservers Fallback servers IP addresses
api Address to bind to for the http API server disable for left blank
nullroute IPv4 address to forward blocked queries to
nullroutev6 IPv6 address to forward blocked queries to
accesslist Which clients allowed to make queries
timeout Query timeout for dns lookups in duration Default: 5s
connecttimeout Connect timeout for dns lookups in duration Default: 2s
expire Default cache TTL in seconds Default: 600
cachesize Cache size Default: 256000
maxdepth Maximum recursion depth for nameservers. Default: 30
ratelimit Query based ratelimit per second, 0 for disable. Default: 30
blocklist Manual blocklist entries
whitelist Manual whitelist entries

Server Configuration Checklist

  • Increase file descriptor on your server


  • Linux/BSD/Darwin/Windows supported
  • DNS RFC compatibility
  • DNS lookups within listed servers
  • DNS caching
  • DNSSEC validation
  • DNS over TLS support
  • DNS over HTTPS support
  • RTT priority within listed servers
  • Basic IPv6 support (client<->server)
  • Query based ratelimit
  • Access list
  • Black-hole internet advertisements and malware servers
  • HTTP API support
  • Outbound IP selection


  • More tests
  • Try lookup NS address better way
  • DNS over TLS support
  • DNS over HTTPS support
  • Full DNSSEC support
  • RTT optimization
  • Access list
  • Periodic priming queries described at RFC 8109
  • Full IPv6 support (server<->server communication)
  • Client based ratelimit

Made With

  • miekg/dns - Alternative (more granular) approach to a DNS library


The Go Gopher

There is no documentation for this package.


Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL