Skip to content
/ ipset-dns-rs Public

Lightweight DNS forwarding server that adds all resolved IPs to a given netfilter ipset

License

GPL-2.0 license
4 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

mschorsch/ipset-dns-rs

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
src
src
 
 
.gitignore
.gitignore
 
 
Cargo.lock
Cargo.lock
 
 
Cargo.toml
Cargo.toml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
ipset_dns_config.toml
ipset_dns_config.toml
 
 

Repository files navigation

ipset-dns-rs

Lightweight DNS forwarding server that adds all resolved IPs to a given netfilter ipset.

This tool is intended to work in conjunction with ipset and iptables.

Inspired by ipset-dns.

Build

Minimal Rust Version 1.31 (edition = "2018")

  1. Install Rust curl https://sh.rustup.rs -sSf | sh (rustup.rs)
  2. Clone the repository
  3. Build cargo build --release

Usage

Must be started in privileged mode!

# create new ipset's for all setnames
sudo ipset -N youtube iphash
sudo ipset -N microsoft iphash
sudo ipset -N google iphash

# run
sudo ./ipset-dns-rs

INFO: IPv4: 3 setnames and 3 patterns found.
INFO: IPv6: 3 setnames and 3 patterns found.
INFO: Using DNS Server '8.8.8.8:53' ...
INFO: Listening on '127.0.0.1:1919' ...

Test:

dig @127.0.0.1 -p1919 youtube.com

ipset setname configuration

All patterns are configured via a configuration file (default: ipset_dns_config.toml). The configuration file must be written in TOML format. The following patterns are allowed:

  • Exact (e.g youtube.com)
  • Glob (e.g. g:*example.com)
    • Note: A glob pattern always starts with the sequence g:
  • Regex (e.g r:^.*google\.(com|uk|de)$)
    • Note: A regular expression always starts with the sequence r:

Example

[ipv4]
youtube = ['youtube.com', '*.youtube.com']
microsoft = ['g:*microsoft.com']
google = ['google.com', 'r:^.*google\.(com|uk|de)$']

[ipv6]
youtube = ['youtube.com', '*.youtube.com']
microsoft = ['g:*microsoft.com']
google = ['google.com', 'r:^.*google\.(com|uk|de)$']

Logging

Can be configured via environment variable IPSET_DNS_RS_LOG (see env_logger).

export IPSET_DNS_RS_LOG=debug

Command Line

./ipset-dns-rs --help

ipset-dns-rs 0.1.0
Matthias S. <matthias.schorsch@gmx.de>
Lightweight DNS forwarding server that adds all resolved IPs to a given netfilter ipset

USAGE:
    ipset-dns-rs [FLAGS] [OPTIONS] <CONFIG_FILE>

FLAGS:
    -d, --daemon     Enable deamon mode
    -h, --help       Prints help information
    -r, --reuse      Enable port reuse
    -V, --version    Prints version information

OPTIONS:
        --dns <IP>       Sets a custom (upstream) DNS server [default: 8.8.8.8]
    -p, --port <port>    Sets a listen port [default: 1919]

ARGS:
    <CONFIG_FILE>    Sets a netfilter ipset-dns config file [default: ipset_dns_config.toml]

TODO

  • Performance
    • Reuse socket
    • Tokio-UDP (?)
  • Documentation

License

GPL v2

About

Lightweight DNS forwarding server that adds all resolved IPs to a given netfilter ipset

Topics

linux dns rust iptables dnsmasq forwarding netfilter ipset ipset-dns

Resources

Readme

License

GPL-2.0 license
Activity

Stars

4 stars

Watchers

2 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages