feat(dns): add BIND-flavored DNS honeypot service

Python asyncio DNS server on UDP+TCP/53 masquerading as BIND 9.x.
Emits four event_type values: query, fingerprint_probe (version.bind /
hostname.bind / id.server CHAOS), zone_transfer (AXFR/IXFR, always
REFUSED), amp_probe (qtype=ANY or EDNS udp_size>1232), and
tunneling_suspect (long high-entropy labels or rapid TXT burst).

Zone persona is generated per-decky from instance_seed (domain name,
SOA serial, NS, A, MX, TXT SPF); overridable via config_schema.
Three zone modes: auth (default), recursive, open (sinkhole).

This commit is contained in:

anti

2026-05-21 19:07:49 -04:00

parent 72cdeb3270

commit 77a466e615

7 changed files with 1533 additions and 0 deletions

									
										3

decnet/templates/dns/entrypoint.sh
									
										Normal file
									
												View File
												
				@@ -0,0 +1,3 @@

				#!/bin/bash

				set -e

				exec python3 /opt/server.py

feat(dns): add BIND-flavored DNS honeypot service

3 decnet/templates/dns/entrypoint.sh Normal file Unescape Escape View File

3

decnet/templates/dns/entrypoint.sh Normal file

View File