Skip to content

High speed passive DNS collector with dnstap support, dns traffic sniffer and more

License

Notifications You must be signed in to change notification settings

pieterlexis-tomtom/go-dnscollector

 
 

Repository files navigation

DNS Collector

Overview

This dns collector acts as a high speed passive analyser for DNS traffic, written in Golang. Which give you the possibility to control dns servers, get statistics and more. It supports several methods to collect dns traffic (dnstap, sniffer, logs, etc.) and can redirect them to multiple destinations with protocol and format (json, text) transformation. This collector can also be used to logs dns answers.

overview

NOTE: The code before version 1.x is considered beta quality and is subject to breaking changes.

Features

End to end testing

Tested with success with the following dns servers

unbound 1.15.x

powerdns dnsdist 1.6.x powerdns dnsdist 1.7.x

coredns 1.8.7 coredns 1.9.0

Installation

Run-it from binary

Download the binary from release page. If you want to integrate this tool with systemd, please to follow this guide.

./go-dnscollector -config config.yml

Run-it from dockerhub

Use the default config (dnstap -> stdout + rest api):

docker run -d --name=dnscollector01 dmachard/go-dnscollector

Override the default configuration (/etc/dnscollector/config.yml) with a config file on the host:

-v $(pwd)/config.yml:/etc/dnscollector/config.yml

Configuration

See the full Configuration guide for more details.

Use-cases

As prerequisites, we assume you have a DNS server which supports DNSTap (unbound, bind, powerdns, etc)

For more informations about dnstap, please to read the following page Dnstap: How to enable it on main dns servers

Benchmark

Tested on the following machine: 8 vCPUs, 32 GB memory

packet per sec received DnsCollector
50k OK - 0% lost
100k OK - 0% lost
150k OK (0.07% lost)

For developers

Run from source

go run .

Execute testunits

go test -timeout 10s ./collectors/ -cover -v
go test -timeout 10s ./loggers/ -cover -v
go test -timeout 10s ./subprocessors/ -cover -v

Execute a test for one specific testcase in a package

go test -timeout 10s -cover -v ./loggers -run TestSyslogRunJsonMode

Building from source. Use the latest golang available on your target system

CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o go-dnscollector *.go

About

High speed passive DNS collector with dnstap support, dns traffic sniffer and more

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Go 93.1%
  • Python 6.7%
  • Dockerfile 0.2%