Skip to content

Bind Sinkhole from MISP - Docker Image (dnstap enabled)

Notifications You must be signed in to change notification settings

LDO-CERT/BIND_Sinkhole

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

49 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

BIND_Sinkhole

Bind Sinkhole from MISP - Docker Image (bind with dnstap enabled)

-- Luca Memini [email protected]

Based on idea from two docker https://github.com/sameersbn/docker-bind and https://github.com/Benster900/ThunderLemon/ and sinkhole domain list from MISP https://github.com/MISP/MISP

:: For build

git clone https://github.com/LDO-CERT/bind_sinkhole
cd bind_sinkhole
docker build -t bind_sinkhole .

:: For run

docker run --name bind_sinkhole -d --restart=always \
  --publish 53:53/tcp --publish 53:53/udp \
  --volume /opt/bind_sinkhole:/data \
  bind_sinkhole

:: Persistence

For the BIND to preserve its state across container shutdown and startup you should mount a volume at /data. SELinux users should update the security context of the host mountpoint so that it plays nicely with Docker:

mkdir -p /opt/bind_sinkhole
chcon -Rt svirt_sandbox_file_t /opt/bins_sinkhole

:: Sinkhole from MISP data

Edit conf/sinkhole/misp.config.dist before building docker images OR edit /opt/bind_sinkhole/bind/etc/misp.config with your auth_key (from misp) and misp FQDN.

:: DNStap Reader

https://github.com/LDO-CERT/dnstap_reader

About

Bind Sinkhole from MISP - Docker Image (dnstap enabled)

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published