anti
77a466e615
Python asyncio DNS server on UDP+TCP/53 masquerading as BIND 9.x. Emits four event_type values: query, fingerprint_probe (version.bind / hostname.bind / id.server CHAOS), zone_transfer (AXFR/IXFR, always REFUSED), amp_probe (qtype=ANY or EDNS udp_size>1232), and tunneling_suspect (long high-entropy labels or rapid TXT burst). Zone persona is generated per-decky from instance_seed (domain name, SOA serial, NS, A, MX, TXT SPF); overridable via config_schema. Three zone modes: auth (default), recursive, open (sinkhole).
27 lines
897 B
Docker
27 lines
897 B
Docker
ARG BASE_IMAGE=debian:bookworm-slim@sha256:f9c6a2fd2ddbc23e336b6257a5245e31f996953ef06cd13a59fa0a1df2d5c252
|
|
FROM ${BASE_IMAGE}
|
|
|
|
RUN apt-get update && apt-get install -y --no-install-recommends \
|
|
python3 \
|
|
&& rm -rf /var/lib/apt/lists/*
|
|
|
|
COPY syslog_bridge.py /opt/syslog_bridge.py
|
|
COPY instance_seed.py /opt/instance_seed.py
|
|
COPY server.py /opt/server.py
|
|
COPY entrypoint.sh /entrypoint.sh
|
|
RUN chmod +x /entrypoint.sh
|
|
|
|
EXPOSE 53/udp
|
|
EXPOSE 53/tcp
|
|
RUN useradd -r -s /bin/false -d /opt logrelay \
|
|
&& apt-get update && apt-get install -y --no-install-recommends libcap2-bin \
|
|
&& rm -rf /var/lib/apt/lists/* \
|
|
&& (find /usr/bin/ -maxdepth 1 -name 'python3*' -type f -exec setcap 'cap_net_bind_service+eip' {} \; 2>/dev/null || true)
|
|
|
|
HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \
|
|
CMD kill -0 1 || exit 1
|
|
|
|
USER logrelay
|
|
WORKDIR /opt
|
|
ENTRYPOINT ["/entrypoint.sh"]
|