dns
A "public suffix" is one under which Internet users can (or historically could) directly register names. Some examples of public suffixes are com, co.uk and pvt.k12.ma.us. The Public Suffix List is a list of all known public suffixes.
The Public Suffix List is an initiative of Mozilla, but is maintained as a community resource. It is available for use in any software, but was originally created to meet the needs of browser manufacturers.
As the Regional Internet Registry for Europe, Middle East and Central Asia, we serve over 20,000 members in 76 countries. We register IP addresses and ASNs, and act as the secretariat to the RIPE community.
The new firewall for the modern Internet.
NextDNS protects you from all kinds of security threats, blocks ads and trackers on websites and in apps and provides a safe and supervised Internet for kids — on all devices and on all networks.
Related contents:
Tool for complex approach to domain OSINT.
DPULSE is a software solution for conducting OSINT research in relation to a certain domain.
DNS + Firewall App for Android 6+.
Rethink DNS + Firewall is the easiest way to monitor app activity, circumvent Internet censorship, block ads and trackers on your Android device.
Related contents:
A Rust based DNS client, server, and resolver, built to be safe and secure from the ground up.
🦀 Pi-Hole clone written in rust using hickory-dns/trust-dns.
Crab-hole is a cross platform Pi-hole clone written in Rust using hickory-dns/trust-dns. It can be used as a network wide Ad and spy blocker or run on your local pc.
For a secure and private communication, crab-hole has builtin support for doh(https), doq(quic) and dot(tls) for down- and upstreams and dnssec for upstreams. It also comes with privacy friendly default logging settings.
Related contents:
Phishing & Scam Domain Blacklist.
An up-to-date blacklist of phishing and scam domains, automatically updated by the PhishDestroy system. A reliable threat intelligence source for integration into security systems.
Web-powered SSL certificate manager with DNS integration, auto-renewals, and cert tracking. It's like if Certbot and ZeroSSL had a baby. Certbot but more friendly, smarter, and with a dashboard.
A fast and secure DoH (DNS-over-HTTPS) and ODoH (Oblivious DoH) server.
Fast, mature, secure DoH and ODoH server proxy written in Rust. Previously known as doh-proxy and rust-doh.
doh-proxy is written in Rust, and has been battle-tested in production since February 2018. It doesn't do DNS resolution on its own, but can sit in front of any DNS resolver in order to augment it with DoH support.
Related contents:
Supported by the European Union Agency for Cybersecurity (ENISA), the European Union's DNS4EU secure-infrastructure project provides a protective, privacy-compliant, and resilient DNS service to strengthen digital sovereignty and security for EU citizens, governments, and critical infrastructure.
Related contents:
Domain Name Threat Intelligence.
The openSquat is a tool for identifying domain look-alikes by searching for newly registered domains that might be impersonating legit domains and brands.
Automatically manage Cloudflare DNS from Docker container labels. Simplifies DNS for Docker/Compose. Inspired by External-DNS but built specifically for docker environments and homelabs.
Sherpa-DNS is a python application designed to create and manage DNS records for services defined in docker compose stacks or stand-alone docker containers via labels. It draws inspiration from the Kubernetes External-DNS project but is specifically tailored for docker environments.
DNS server, in Erlang. Serve DNS authoritative responses... with Erlang.
Related contents:
DNS Measurement, Troubleshooting and Security Auditing Toolset.
Ever been wondering if your ISP is hijacking your DNS traffic? Ever observed any misbehavior with your DNS responses? Ever been redirected to wrong address and suspected something is wrong with your DNS? Here we have a set of tools to perform basic audits on your DNS requests and responses to make sure your DNS is working as you expect.
Related contents:
Synchronize configuration of multiple Pi-hole v6.x instances.
Related contents:
The GoAdBlock project is written entirely in Go and is designed for network level DNS ad-blocking functionality. The project is public, under the MIT License.
GoAdBlock is a lightweight, high-performance DNS-based ad blocker written in Go. It intercepts DNS queries for known advertising and tracking domains and prevents them from resolving, effectively blocking ads at the network level before they're downloaded.
ExternalDNS synchronizes exposed Kubernetes Services and Ingresses with DNS providers.
Configure external DNS servers (AWS Route53, Google CloudDNS and others) for Kubernetes Ingresses and Services.
Related contents:
A Dumb WhoIs.
A simple web application for looking up WHOIS, IP, and ASN information using free APIs. The application automatically detects the type of query and provides formatted results with a clean, modern UI that supports both light and dark modes.
The best and most versatile OSINT utility for retrieving geolocation, DNS, WHOIS, phone, email, data breach information and much more (20 features). Perfect for investigators, pentesters, or anyone looking for an effective reconnaissance / OSINT tool.
CF-Hero is a reconnaissance tool that uses multiple data sources to discover the origin IP addresses of Cloudflare-protected web applications
Fast and lightweight DNS proxy as ad-blocker for local network with many features.
Blocky is a DNS proxy and ad-blocker for the local network written in Go.
Related contents:
Check if an IP address or domain is malicious.
isMalicious is a cybersecurity API that helps protect your web applications from malicious or suspicious actors.
Just like nip.io or xip.io, traefik.me is a magic domain name that provides wildcard DNS for any IP address.
Twistr is a Domain name permutation and enumeration library powered by Rust. It aims to directly port the well-known dnstwist tool allowing for fast and flexible interfacing capabilities with the core libraries based on client's requirements.
dog is an open-source DNS client for the command-line. It has colorful output, supports the DoT and DoH protocols, and can emit JSON.
🐶 Command-line DNS Client for Humans. Written in Golang.
doggo is a modern command-line DNS client (like dig) written in Golang. It outputs information in a neat concise manner and supports protocols like DoH, DoT, DoQ, and DNSCrypt as well.
Limited DNS server with RESTful HTTP API to handle ACME DNS challenges easily and securely.
Many DNS servers do not provide an API to enable automation for the ACME DNS challenges. Those which do, give the keys way too much power. Leaving the keys laying around your random boxes is too often a requirement to have a meaningful process automation.
Acme-dns provides a simple API exclusively for TXT record updates and should be used with ACME magic "_acme-challenge" - subdomain CNAME records. This way, in the unfortunate exposure of API keys, the effects are limited to the subdomain TXT record in question.
An Open Source DNS Server For Privacy & Security. Block ads & malware at DNS level for your entire network!
Technitium DNS Server is an open source authoritative as well as recursive DNS server that can be used for self hosting a DNS server for privacy & security. It works out-of-the-box with no or minimal configuration and provides a user friendly web console accessible using any modern web browser.
Related contents:
An app that uses RDAP to collect publicly available info about domains, track their history, and purchase them
Domain Public Data Collection Service.
DPULSE is a software solution for conducting OSINT research in relation to a certain domain.
Send emails with Ferdinand. An open-source email delivery service.
Open-source email delivery service for developers.
The next generation Web development environment
Install your PHP/Node.js Web development environment in just 3 minutes, with no dependencies and non-intrusive. It includes web server, databases, email, DNS & common tools — everything you need for development.
Tools for managing DNS across multiple providers.
In the vein of infrastructure as code octoDNS provides a set of tools & patterns that make it easy to manage your DNS records across multiple providers. The resulting config can live in a repository and be deployed just like the rest of your code, maintaining a clear history and using your existing review & workflow.
Related contents:
Open Source Domain Management Software.
DomainMOD is an open source application written in PHP used to manage your domains and other internet assets in a central location. DomainMOD also includes a Data Warehouse framework that allows you to import your web server data so that you can view, export, and report on your live data. Currently the Data Warehouse only supports servers running WHM/cPanel.
🔒 Consolidating and extending hosts files from several well-curated sources. Optionally pick extensions for porn, social media, and other categories.
phishing domain scanner.
Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation. See what sort of trouble users can get in trying to type your domain name. Find lookalike domains that adversaries can use to attack you. Can detect typosquatters, phishing attacks, fraud, and brand impersonation. Useful as an additional source of targeted threat intelligence.
Related contents:
PolarDNS is a specialized authoritative DNS server suitable for penetration testing and vulnerability research.
PolarDNS is a specialized authoritative DNS server written in Python 3.x, which allows the operator to produce fully custom DNS responses, suitable for DNS protocol testing purposes.
All of your MX record, DNS, blacklist and SMTP diagnostics in one integrated tool. Input a domain name or IP Address or Host Name. Links in the results will guide you to other relevant tools and information. And you'll have a chronological history of your results.
The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.
The OWASP Amass Project has developed a framework to help information security professionals perform network mapping of attack surfaces and external asset discovery using open source intelligence gathering and reconnaissance techniques.
PowerDNS is a leading provider of secure open-source and commercial DNS software. PowerDNS solutions are focused on large-scale DNS service providers, including mobile and fixed-line broadband operators, and hosting and cloud service providers. PowerDNS also underpins scalable security solutions from market-leading vendors.
Related contents:
PDNS Manager is a simple yet powerful administration tool for the Powerdns authoritative nameserver. It supports master, native and slave zones.
All-in-one website OSINT tool for analysing any website. Comprehensive, on-demand open source intelligence for any website.
Get an insight into the inner-workings of a given website: uncover potential attack vectors, analyse server architecture, view security configurations, and learn what technologies a site is using.
Currently the dashboard will show: IP info, SSL chain, DNS records, cookies, headers, domain info, search crawl rules, page map, server location, redirect ledger, open ports, traceroute, DNS security extensions, site performance, trackers, associated hostnames, carbon footprint. Stay tuned, as I'll add more soon!
FreeIPA is an integrated security information management solution combining Linux (Fedora), 389 Directory Server, MIT Kerberos, NTP, DNS, Dogtag (Certificate System). It consists of a web interface and command-line administration tools.
FreeIPA is an integrated Identity and Authentication solution for Linux/UNIX networked environments. A FreeIPA server provides centralized authentication, authorization and account information by storing data about user, groups, hosts and other objects necessary to manage the security aspects of a network of computers.
DNSControl is an opinionated platform for seamlessly managing your DNS configuration across any number of DNS hosts, both in the cloud or in your own infrastructure. It manages all of the domains for the Stack Overflow network, and can do the same for you!
DNSControl is a system for maintaining DNS zones. It has two parts: a domain specific language (DSL) for describing DNS zones plus software that processes the DSL and pushes the resulting zones to DNS providers such as Route53, Cloudflare, and Gandi. It can send the same DNS records to multiple providers. It even generates the most beautiful BIND zone files ever. It runs anywhere Go runs (Linux, macOS, Windows). The provider model is extensible, so more providers can be added.
DNS and Service Discovery.
CoreDNS is a DNS server. It is written in Go. It can be used in a multitude of environments because of its flexibility.
CoreDNS is a DNS server/forwarder, written in Go, that chains plugins. Each plugin performs a (DNS) function.
CoreDNS can listen for DNS requests coming in over UDP/TCP (go'old DNS), TLS (RFC 7858), also called DoT, DNS over HTTP/2 - DoH - (RFC 8484) and gRPC (not a standard).
Related contents:
Blocky is a DNS proxy and ad-blocker for the local network written in Go.
dns recon and research, find and lookup dns records.
DNSdumpster.com is a FREE domain research tool that can discover hosts related to a domain. Finding visible hosts from the attackers perspective is an important part of the security assessment process.
Resolve DNS names like it’s 2023. The Knot Resolver is a caching DNS resolver scalable from huge resolver farms down to home network routers. Knot Resolver is a caching full resolver implementation written in C and LuaJIT, both a resolver library and a daemon. The core architecture is tiny and efficient, and provides a foundation and a state-machine like API for extensions. There are three modules built-in - iterator, validator, cache, and a few more are loaded by default. Most of the rich features are written in Lua(JIT) and C. Batteries are included, but optional.
WebOSINT is a Python script to gather (passive) domain intelligence.
Dead simple wildcard DNS for any IP Address Stop editing your etc/hosts file with custom hostname and IP address mappings. nip.io allows you to do that by mapping any IP Address to a hostname.
Robtex is used for various kinds of research of IP numbers, Domain names, etc. Robtex uses various sources to gather public information about IP numbers, domain names, host names, Autonomous systems, routes etc. It then indexes the data in a big database and provide free access to the data. We aim to make the fastest and most comprehensive free DNS lookup tool on the Internet. Our database now contains billions of documents of internet data collected over more than a decade.
RandomDNS aims to improve the security, privacy and anonymity of DNSCrypt. It can randomize the server choice at runtime, rotate it frequently and much more.
Domain name permutation engine for detecting typo squatting, phishing and corporate espionage