.png)
4 months ago
7
DNS-collector is a lightweight tool that captures DNS queries and responses from your DNS servers, processes them intelligently, and sends clean data to your monitoring or analytics systems.
What it does:
- Captures DNS data from your DNS servers (BIND, PowerDNS, Unbound, etc.) via DNStap protocol or live network capture
- Filters out noise like health checks, internal queries, or spam before storage
- Enriches data with GeoIP, threat intelligence, or custom metadata
- Outputs clean data to files, databases, SIEM tools, or monitoring dashboards
The missing piece between DNS servers and your data stack.
- DNS-native processing: Understands DNS protocol, EDNS, query types natively
- Process at the edge: Clean, filter and enrich DNS data before storage - not after
- Multiple input sources: DNStap streams, live network capture, log files
- DNS-aware transformations: Filtering noise upstream, user privacy
- Flexible outputs: Files, syslog, databases, monitoring tools and more...
- Production ready: Used in real networks, tested with major DNS servers
- Enhanced DNStap: TLS encryption, compression, and more metadata capabilities
Download the latest release and run with default config: Default setup listens on tcp/6000 for DNStap streams and outputs to stdout. To get started quickly, you can use this default config.yml.
./dnscollector -config config.yml
Contributions are welcome! Check out:
- DNS-tester - DNS testing toolkit
