dnsink 0.3.0

A high-performance DNS proxy with threat intelligence, Shannon-entropy tunneling detection, and Prometheus metrics
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60

# fly.toml — dnsink public deployment
# Public DNS proxy: UDP + TCP on :53, Prometheus /metrics on :9090.
# Image is pulled from ghcr.io on each `flyctl deploy`.

app = "dnsink"
primary_region = "bom"

[build]
  dockerfile = "Dockerfile"

# DNS over UDP — fly.io does not rewrite UDP ports, so external must
# equal internal. Using 5353 since distroless:nonroot can't bind :53
# without NET_BIND_SERVICE. Clients use: dig @dnsink.fly.dev -p 5353 …
[[services]]
  protocol = "udp"
  internal_port = 5353

  [[services.ports]]
    port = 5353

# DNS over TCP — fly CAN rewrite TCP ports, so we keep the external
# DNS-standard :53. Internal still 5353 to match the container bind.
[[services]]
  protocol = "tcp"
  internal_port = 5353

  [[services.ports]]
    port = 53

# Prometheus /metrics — reachable at:
#   https://dnsink.fly.dev/metrics    (TLS-terminated by fly-proxy)
#   http://dnsink.fly.dev/metrics     (redirects to HTTPS)
#   http://dnsink.fly.dev:9090/metrics (plain HTTP, scraper-friendly)
[[services]]
  protocol = "tcp"
  internal_port = 9090

  [[services.ports]]
    port = 443
    handlers = ["tls", "http"]

  [[services.ports]]
    port = 80
    handlers = ["http"]
    force_https = true

  [[services.ports]]
    port = 9090
    handlers = ["http"]

  [[services.http_checks]]
    interval = "15s"
    timeout = "2s"
    method = "GET"
    path = "/metrics"

[[vm]]
  cpu_kind = "shared"
  cpus = 1
  memory_mb = 512