A blocklist for QAnon, conspiracy, fake news, nazi websites for multiple applications, including web browser adblockers, DNSes, and even /etc/hosts. It looks like the lists (which are substantially identical in content) could be used to compile a database of known-bad domains. IPv4 and IPv6 supported.
doggo is a modern command-line DNS client (like dig) written in Golang. It outputs information in a neat concise manner and supports protocols like DoH, DoT and DNSCrypt as well. It's totally inspired from dog which is written in Rust. I wanted to add some features to it but since I don't know Rust, I found it as a nice opportunity to experiment with writing a DNS Client from scratch. Human-readable output, optional JSON output. Multiple transport protocols. Supports multiple resolvers at once, IPv4 and IPv6 simultaneously.
In the AUR.
Technitium DNS Server is an open source authoritative as well as recursive DNS server that can be used for self hosting a DNS server for privacy & security. It works out-of-the-box with no or minimal configuration and provides a user friendly web console accessible using any modern web browser. Implements not only ad- and malware blocking but DNS-over-TLS and DNS-over-HTTPS. Authoritative server as well as recursive resolver. Implements HTTP and SOCKS5 proxy support for tunneling resolution requests through Tor as well as proxy servers.
Written in Csharp. :(
When performing passive recon on a target, there are dozens of tools we can use to gather various pieces of intel on our target. This tool will allow us to parse these utilities easily.
Transparent domain information, from AAAA records to WHOIS. Free DNS record, IP address hostname, and WHOIS lookups.
Reproducibly verify assumptions about your network: DNS, available hosts, open ports, TLS configuration; nmap, testssl, and dig/kdig in an Ansible-shaped trench coat.
Rysiek calls it a poor being's personal SHODAN.
Blocky is a DNS proxy for the local network written in Go with following features:
Blocking of DNS queries with external lists (Ad-block) with whitelisting
Definition of black and white lists per client group (Kids, Smart home devices etc) -> for example: you can block some domains for you Kids and allow your network camera only domains from a whitelist
periodical reload of external black and white lists
blocking of request domain, response CNAME (deep CNAME inspection) and response IP addresses (against IP lists)
Caching of DNS answers for queries -> improves DNS resolution speed and reduces amount of external DNS queries
Custom DNS resolution for certain domain names
Serves DNS over UDP, TCP and HTTPS (DNS over HTTPS, aka DoH)
Supports UDP, TCP and TCP over TLS DNS resolvers with DNSSEC support
Supports DNS over HTTPS (DoH) resolvers
...
An organization of hobbyists who run an alternative DNS network, also provides access to domains not administered by ICANN.
Free service that gives wildcard DNS for anybody for free. Including RFC-1918 IP's. Pretty cool how they did it. Software is an add-on for PowerDNS.
An OSINT collection utility which gathers information about domains. Hunts for subdomains, searches SHODAN for hits, grabs banners and headers, web UI. Don't know if there's an API yet.
Bot that can be joined to the Mastodon network. Listens for people to send DNS resolution requests to it, sends back the canonical replies.
A website that can extract many different sorts of information pertaining to IP addresses and networks, least of all querying several dozen blacklists to see if an address has been flagged as a spammer's.
A utility that digs through DNS domain records to find things that aren't obvious, such as subdomains, hostnames with more than one kind of record associated with them, and IP address range calculation. It even Google scrapes to gather intelligence.
Enter an IP address, get a four little words-compatible hostname. Does the reverse, also.
An opensource recursive DNS resolver that is also DNSSEC capable. Used for resolving DNS requests rather than serving authoritative DNS zones. Modular architecture. IPv6 compliant. Cross-platform: runs on Linux, all of the BSDs, and Windows.
How to configure dnsmasq to return the same IP address for any A record a client might request. This feature was added for people constructing public access points.
How to configure dnsmasq to return the same IP address for any A record a client might request. This feature was added for people constructing public access points. The difference between this one and the other one is that this one is how to do it from the command line and not the configuration file.
An open source ebook about DNS in general and BIND 9 in particular. If you want to know how DNS works in practice and how BIND acts under different circumstances, this is a good way to start without the trial by fire.