This is a little program I wrote inspired by passivedns
It logs all DNS packets it sees on a given interface
Sample output on Windows:
INFO[0000] Prometheus endpoint: http://0.0.0.0:8080/metrics
INFO[0000] No flags specified, using defaults interface="\Device\NPF_{2652E425-01C4-4EB5-AE0F-0DE011B69C61}" promiscuous=true snaplen=65536
INFO[0000] Listening on device: \Device\NPF_{2652E425-01C4-4EB5-AE0F-0DE011B69C61}
INFO[0003] QUERY class=IN dst=8.8.8.8 id=19712 name=pulsifer.dev opcode=Query rcode="No Error" src=192.168.2.21 type=A
INFO[0003] QUERY class=IN dst=192.168.2.21 id=19712 name=pulsifer.dev opcode=Query rcode="No Error" src=8.8.8.8 type=A
INFO[0003] ANSWER class=IN dst=192.168.2.21 id=19712 ip=192.30.252.153 name=pulsifer.dev opcode=Query rcode="No Error" src=8.8.8.8 type=A
INFO[0003] ANSWER class=IN dst=192.168.2.21 id=19712 ip=192.30.252.154 name=pulsifer.dev opcode=Query rcode="No Error" src=8.8.8.8 type=A
A dashboard has been included to get you started using docker-compose.
docker-compose up- Navigate to
localhost:3000and log in to Grafana usingadmin:admin - Generate some DNS queries using
docker-compose exec dnsmon-go nslookup example.com - Watch the dashboard go brr