README
¶
SDNS
Lightweight, fast recursive dns server with dnssec support
Based on kenshinx/godns, looterz/grimd
Installation
$ go get github.com/semihalev/sdns
or
Building
$ go build
Testing
$ go test -v
Flags
| Flag | Desc |
|---|---|
| config | Location of the config file, if not found it will be generated |
Configs
| Key | Desc |
|---|---|
| version | Config version |
| blocklists | List of remote blocklists |
| blocklistdir | List of locations to recursively read blocklists from (warning, every file found is assumed to be a hosts-file or domain list) |
| loglevel | What kind of information should be logged, Log verbosity level crit,error,warn,info,debug |
| bind | Address to bind to for the DNS server. Default :53 |
| bindtls | Address to bind to for the DNS-over-TLS server. Default :853 |
| binddoh | Address to bind to for the DNS-over-HTTPS server. Default :8053 |
| tlscertificate | TLS certificate file path |
| tlsprivatekey | TLS private key file path |
| outboundips | Outbound ip addresses, if you set multiple, sdns can use random outbound ip address |
| rootservers | DNS Root servers |
| root6servers | DNS Root IPv6 servers |
| rootkeys | DNS Root keys for dnssec |
| fallbackservers | Fallback servers IP addresses |
| api | Address to bind to for the http API server disable for left blank |
| nullroute | IPv4 address to forward blocked queries to |
| nullroutev6 | IPv6 address to forward blocked queries to |
| accesslist | Which clients allowed to make queries |
| timeout | Query timeout for dns lookups in duration Default: 5s |
| connecttimeout | Connect timeout for dns lookups in duration Default: 2s |
| expire | Default cache TTL in seconds Default: 600 |
| cachesize | Cache size Default: 256000 |
| maxdepth | Maximum recursion depth for nameservers. Default: 30 |
| ratelimit | Query based ratelimit per second, 0 for disable. Default: 30 |
| blocklist | Manual blocklist entries |
| whitelist | Manual whitelist entries |
Server Configuration Checklist
- Increase file descriptor on your server
Features
- Linux/BSD/Darwin/Windows supported
- DNS RFC compatibility
- DNS lookups within listed servers
- DNS caching
- DNSSEC validation
- DNS over TLS support
- DNS over HTTPS support
- RTT priority within listed servers
- Basic IPv6 support (client<->server)
- Query based ratelimit
- Access list
- Black-hole internet advertisements and malware servers
- HTTP API support
- Outbound IP selection
TODO
- More tests
- Try lookup NS address better way
- DNS over TLS support
- DNS over HTTPS support
- Full DNSSEC support
- RTT optimization
- Access list
- Periodic priming queries described at RFC 8109
- Full IPv6 support (server<->server communication)
-
Client based ratelimit
Made With
- miekg/dns - Alternative (more granular) approach to a DNS library
Documentation
¶
There is no documentation for this package.
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.