https://nsupdate.info is a free dynamic DNS service. nsupdate.info is also the name of the software used to implement it. If you like, you can use it to host the service on your own server.
Webapp-y front-end that supports the dyndns2 protocol. Uses RFC 2136 (Dynamic DNS UPDATE protocol) to interface with DNSes that support it (BIND, PowerDNS, etc).
This is a DNS-based host blocker for Android. In the default configuration, several widely-respected host files are used to block ads, malware, and other weird stuff. Seems like an alternative to Blokada, which is no longer supported.
Found in both the Google Play Store and F-Droid.
FBI Watchdog is a threat intelligence tool that monitors domain DNS changes in real-time, specifically detecting law enforcement seizures (ns1.fbi.seized.gov and ns2.fbi.seized.gov). It alerts users via Telegram and Discord and captures screenshots of seized domains.
Only alerts over Telegram or Discord, though.
This project is about delivering a ready-to-use IT infrastructure suitable for bootstrapping a small company, all self-hosted and supported by Open Source. The initial target platform is for a NetBSD/EdgeBSD NVMM hypervisor and a collection of guest VMs, with the software deployed with pkgsrc.
Stands up an OpenLDAP server, BIND for DNS, e-mail infrastructure (including webmail), Nextcloud, Gitea, Jitsi Meet, and a public website by running a handful of commands on a blank machine.
Intercepting and interfering with DNS traffic from your OpenWRT firewall.
Rate-limiting can easily be disabled by setting RATE_LIMIT=0/0 in /etc/pihole/pihole-FTL.conf. If I want, say, to set a rate limit of 1 query per hour, the option should look like RATE_LIMIT=1/3600.
Subdomain Finder is a scanner that scans an entire domain to find as many subdomains as possible.
Sh_d_n is a free, lightweight website for IP and domain enrichment offered by Shodan. It's optimized for performance and size to focus on just doing one thing: fast lookups for specific resources (IPs and domains). The website is powered by Rust, Axum and the SQLite datasets provided by Shodan Enterprise. We're excited to have reduced the size for most of the pages on this website to less than 10kb, including the CSS stylesheet. If you have the stylesheet cached on the browser then most pages are less than 1 kb!
Sh_d_n is available for free with the caveat that the data isn't as fresh as the regular Shodan API/ website and doesn't include all the banner data that the crawlers collect. The underlying SQLite datasets are normally updated daily but Sh_d_n is only updated once a month. If you want fresher data, an API or access to the underlying datasets for extremely fast IP/ domain enrichment then consider checking out the various Shodan offerings.
This is not your typical DNS hosting.
We’re making DNS easy and fun! Whether you’re a hardcore protocol geek or someone who gets anxious around a CNAME, there’s something here for you.
What you get
- "All you can eat" (cal)zones and resource records
- BIND zone file management
- An API that’s chef’s kiss
- Support from a real person
What it costs: $5 annually!
Well, probably. Not sure yet! It’s gonna be super cheap no matter what, though.
- 80.80.80.80
- 80.80.81.81
A free web tool which checks your domain's servers for common DNS and mail errors and generates a report with explanations how to fix them.
Has an RSS feed.
DNS Reaper is yet another sub-domain takeover tool, but with an emphasis on accuracy, speed and the number of signatures in our arsenal!
We can scan around 50 subdomains per second, testing each one with over 50 takeover signatures. This means most organisations can scan their entire DNS estate in less than 10 seconds.
Currently only supports Route53, Cloudflare, and Azure.
A simple-to-use network-wide ad- and tracking blocking system. Set up something like a single-board computer (a spare RasPi or old laptop is fine), run the script, and it converts it into a DNS-level adblocking system. Then configure your local router to use it as its upstream DNS instead of your ISP. Has an easy to use and interpret dashboard. Also has a REST API but I haven't experimented with it yet.
A blocklist for QAnon, conspiracy, fake news, nazi websites for multiple applications, including web browser adblockers, DNSes, and even /etc/hosts. It looks like the lists (which are substantially identical in content) could be used to compile a database of known-bad domains. IPv4 and IPv6 supported.
doggo is a modern command-line DNS client (like dig) written in Golang. It outputs information in a neat concise manner and supports protocols like DoH, DoT and DNSCrypt as well. It's totally inspired from dog which is written in Rust. I wanted to add some features to it but since I don't know Rust, I found it as a nice opportunity to experiment with writing a DNS Client from scratch. Human-readable output, optional JSON output. Multiple transport protocols. Supports multiple resolvers at once, IPv4 and IPv6 simultaneously.
In the AUR.
Technitium DNS Server is an open source authoritative as well as recursive DNS server that can be used for self hosting a DNS server for privacy & security. It works out-of-the-box with no or minimal configuration and provides a user friendly web console accessible using any modern web browser. Implements not only ad- and malware blocking but DNS-over-TLS and DNS-over-HTTPS. Authoritative server as well as recursive resolver. Implements HTTP and SOCKS5 proxy support for tunneling resolution requests through Tor as well as proxy servers.
Written in Csharp. :(
When performing passive recon on a target, there are dozens of tools we can use to gather various pieces of intel on our target. This tool will allow us to parse these utilities easily.
Transparent domain information, from AAAA records to WHOIS. Free DNS record, IP address hostname, and WHOIS lookups.
Reproducibly verify assumptions about your network: DNS, available hosts, open ports, TLS configuration; nmap, testssl, and dig/kdig in an Ansible-shaped trench coat.
Rysiek calls it a poor being's personal SHODAN.