dnsink 0.3.0

A high-performance DNS proxy with threat intelligence, Shannon-entropy tunneling detection, and Prometheus metrics
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42

[listen]
address = "127.0.0.1"
port = 5353

[upstream]
address = "8.8.8.8"
port = 53
timeout_ms = 5000
# protocol = "doh"           # "udp" (default) or "doh"
# doh_url = "https://1.1.1.1/dns-query"  # default if omitted

# Optional: local blocklist file (one domain per line)
# [blocklist]
# path = "blocklist.txt"

[feeds]
urlhaus = true
openphish = true
# phishtank_api_key = "your-api-key-here"
# oisd = true                    # ad/tracker blocking (~32K domains, opt-in)
refresh_secs = 3600

[tunneling_detection]
enabled = false
entropy_threshold = 3.5
min_subdomain_length = 20

[tunneling_detection.cdn_whitelist]
enabled = true
providers = ["aws", "akamai", "cloudflare"]

[metrics]
enabled = true
bind_addr = "127.0.0.1:9090"

# Per-source-IP rate limiter. Off by default — enable when exposing the
# resolver beyond a trusted LAN. Denied queries are silently dropped
# (zero amplification) and counted via dnsink_ratelimited_total.
[ratelimit]
enabled = false
requests_per_minute = 60
burst = 30