DNS-collector

NOTE: The code before version 1.x is considered beta quality and is subject to breaking changes.

DNS-collector acts as a passive high speed aggregator, analyzer, transporter and logging for your DNS messages, written in Golang. The DNS traffic can be collected and aggregated from simultaneously sources like DNStap streams, network interface or log files and redirect them to several destinations with some transformations on it (filtering, sampling, privacy, ...). DNS-collector also contains DNS parser with EDNS support.

Supported collectors:

• Listen traffic coming from tcp or unix Protobuf DNStap streams
• Listen for Protobuf PowerDNS streams
• Read and tail on Log file
• Live capture on a network interface via AF_PACKET socket
• Ingest PCAP files by watching a directory

Supported loggers:

• Write DNS logs to stdout or file with Text or JSON format:
  • Stdoutconsole
  • Text file with rotation and compression support
  • Binary Pcap file
• Provide metrics and API:
  • Prometheus metrics and visualize-it with built-in dashboards for Grafana
  • Statsd support
  • REST API with swagger to search DNS domains
• Send to remote host with generic protocol:
  • TCP
  • Syslog
  • DNSTap protobuf messages
• Send to various sinks:
  • Fluentd
  • InfluxDB
  • Loki
  • ElasticSearch

Get Started

Download the latest release binary and start the DNS-collector with the provided configuration file. The default configuration listens on tcp/6000 for a DNSTap stream and DNS logs are printed on standard output.

./go-dnscollector -config config.yml

If you prefer run it from docker, follow this guide.

Configuration

The configuration of DNS-collector is done through a file named config.yml. When the DNS-collector starts, it will look for the config.yml from the current working directory.

See the full configuration guide for more details.

Examples:

You will find below some examples of configuration to manage your DNS logs.

• Capture DNSTap stream and backup-it to text files
• Observe DNS metrics with Prometheus and Grafana
• Transform DNSTap to JSON format
• Follow DNS traffic with Loki and Grafana
• Read from UNIX DNSTap socket and forward it to TLS stream
• Capture DNSTap stream and apply user privacy on it
• Aggregate several DNSTap stream and forward it to the same file
• PowerDNS collector with prometheus metrics
• Filtering incoming traffic with downsample and whitelist of domains
• Transform all domains to lowercase
• Add geographical metadata with GeoIP

Contributing

See the development guide for more information on how to build it yourself.