pihole-unbound - Guide to setup Unbound recursive DNS resolver with Pi-Hole

  •        115

Pi-hole includes a caching and forwarding DNS server, now known as FTLDNS. After applying the blocking lists, it forwards requests made by the clients to configured upstream DNS server(s). However, as has been mentioned by several users in the past, this leads to some privacy concerns as it ultimately raises the question: Whom can you trust? Recently, more and more small (and not so small) DNS upstream providers have appeared on the market, advertising free and private DNS service, but how can you know that they keep their promises? Right, you can't. Furthermore, from the point of an attacker, the DNS servers of larger providers are very worthwhile targets, as they only need to poison one DNS server, but millions of users might be affected. Instead of your bank's actual IP address, you could be sent to a phishing site hosted on some island. This scenario has already happened and it isn't unlikely to happen again...




Related Projects

pi-hole - A black hole for Internet advertisements

  •    Shell

The Pi-hole® is a DNS sinkhole that protects your devices from unwanted content, without installing any client-side software. Once the installer has been run, you will need to configure your router to have DHCP clients use Pi-hole as their DNS server which ensures that all devices connecting to your network will have content blocked without any further intervention.

sdns - A lightweight fast recursive dns server with dnssec support

  •    Go

Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change. Please make sure to update tests as appropriate.

tenta-dns - Recursive and authoritative DNS server in go, including DNSSEC and DNS-over-TLS

  •    Go

Tenta DNS provides a DNS server suite comprising an authoritative DNS server, recursive DNS server, and NSnitch, which provides a DNS server capable of recording the IP address of requests made against it and then makes that IP available via a JSON API. Tenta DNS also provides lookups for Tor Node membership, DNS blacklist status and Geo data. Finally, Tenta DNS includes built-in BGP integration, offering single engine convenience for DNS anycasting. We welcome people to use our hosted versions of recursive resolver and NSnitch. Please see Usage, for details on how to set Tenta DNS as your default DNS resolver, or APIs, for NSnitch REST API information. Just want to use our hosted recursive resolver? We offer two options, using either OpenNIC root servers or the normal ICANN root servers.

whitelist - A simple tool to add commonly white listed domains to your Pi-Hole setup.

  •    Shell

Want to report a new domain? Want to report exsisting one? Feel free to file an issue. The repository has 3 different files containing different domains.

docker-pi-hole - pi-hole in a docker container

  •    Python

A Docker project to make a lightweight x86 and ARM container with pi-hole functionality. DockerCloud automatically builds the latest docker-pi-hole changes into images which can easily be pulled and ran with a simple docker run command. Changes and updates under development or testing can be found in the dev tags section.

docker-pi-hole - pi-hole in a docker container

  •    Python

A Docker project to make a lightweight x86 and ARM container with Pi-hole functionality. DockerCloud automatically builds the latest docker-pi-hole changes into images which can easily be pulled and ran with a simple docker run command. Changes and updates under development or testing can be found in the dev tags section.

trust-dns - A Rust based DNS client, server, and resolver

  •    Rust

A Rust based DNS client and server, built to be safe and secure from the ground up. Using the ClientFuture is safe. ClientFuture is a brand new rewrite of the old Client. It has all the same features as the old Client, but is written with the wonderful futures-rs library. Please send feedback! It currently does not cache responses, if this is a feature you'd like earlier rather than later, post a request. The validation of DNSSec is complete including NSEC. As of now NSEC3 is broken, and I may never plan to support it. I have some alternative ideas for private data in the zone. The old Client has been deprecated, so please use the ClientFuture. If this is an inconvenience, I may add a convenience wrapper around ClientFuture that would match the old Client; if this is something you would like to see, please file an issue.

AdGuardHome - Network-wide ads & trackers blocking DNS server

  •    Go

Free and open source, powerful network-wide ads & trackers blocking DNS server. AdGuard Home is a network-wide software for blocking ads & tracking. After you set it up, it'll cover ALL your home devices, and you don't need any client-side software for that.

mailserver - :whale: Simple and full-featured mail server using Docker

  •    Shell

If this command returns any results please remove or stop the application running on that port. I recommend you to use hardware/nsd-dnssec as an authoritative name server with DNSSEC capabilities. NSD is an authoritative only, high performance, simple and open source name server.

NSD - NLnet Labs Name Server Daemon (NSD) is an authoritative DNS name server

  •    C

The NLnet Labs Name Server Daemon (NSD) is an authoritative DNS name server. It has been developed for operations in environments where speed, reliability, stability and security are of high importance.

dns - DNS library in Go

  •    Go

Complete and usable DNS library. All widely used Resource Records are supported, including the DNSSEC types. It follows a lean and mean philosophy. If there is stuff you should know as a DNS programmer there isn't a convenience function for it. Server side and client side programming is supported, i.e. you can build servers and resolvers with it.

poisontap - Exploits locked/password protected computers over USB, drops persistent WebSocket-based backdoor, exposes internal router, and siphons cookies using Raspberry Pi Zero & Node

  •    Javascript

PoisonTap is built for the $5 Raspberry Pi Zero without any additional components other than a micro-USB cable & microSD card, or can work on any Raspberry Pi (1/2/3) with an Ethernet-to-USB/Thunderbolt dongle, or can work on other devices that can emulate USB gadgets such as USB Armory and LAN Turtle. PoisonTap produces a cascading effect by exploiting the existing trust in various mechanisms of a machine and network, including USB/Thunderbolt, DHCP, DNS, and HTTP, to produce a snowball effect of information exfiltration, network access and installation of semi-permanent backdoors.

pi-timolo - Raspberry PI-TIMOLO ( PI-TImelapse, MOtion, LOwLight ) uses RPI picamera and python for Remote Headless Security Monitoring & Auto Sync files with rclone remote storage services

  •    Python

Requires a Raspberry Pi computer and a RPI camera module installed. Make sure hardware is tested and works. Most RPI models will work OK. A quad core RPI will greatly improve performance due to threading. A recent version of Raspbian operating system is Recommended. Step 1 With mouse left button highlight curl command in code box below. Right click mouse in highlighted area and Copy. Step 2 On RPI putty SSH or terminal session right click, select paste then Enter to download and run script.

pivpn - Simple OpenVPN installer, designed for raspberry pi.

  •    Shell

Visit the PiVPN site for more information. This is a set of shell scripts that serve to easily turn your Raspberry Pi (TM) into a VPN server using the free, open-source OpenVPN software. Have you been looking for a good guide or tutorial for installing openvpn on a raspberry pi or ubuntu based server? Run this script and you don't need a guide or tutorial, this will do it all for you, in a fraction of the time and with hardened security settings in place by default.

dnsjava - DNS implementation in Java

  •    Java

dnsjava is an implementation of DNS in Java. It supports all defined record types (including the DNSSEC types), and unknown types. It can be used for queries, zone transfers, and dynamic updates. A cache is used to reduce the number of DNS queries sent. A simple tool for doing DNS lookups, a 'dig' clone and a dynamic update client are included, as well as a simple authoritative-only server.

raspchat - A chat server that can run on Raspberry Pi

  •    Javascript

Basic demo is available Here. Once you have installed dependencies above just do npm install && gulp (creates a dist folder that you can upload to your machine). Project can run on almost any machine that nodejs supports. I have successfully tested it on Raspberry Pi, Orange Pi etc.

serial-port-json-server - A serial port JSON websocket server for Windows, Mac, Linux, Raspberry Pi, or BeagleBone Black that lets you communicate with your serial port from a web application

  •    Go

A serial port JSON websocket & web server that runs from the command line on Windows, Mac, Linux, Raspberry Pi, or Beagle Bone that lets you communicate with your serial port from a web application. This enables web apps to be written that can communicate with your local serial device such as an Arduino, CNC controller, or any device that communicates over the serial port. Since version 1.82 you can now also program your Arduino by uploading a hex file. The app is written in Go. It has an embedded web server and websocket server. The server runs on the standard port of localhost:8989. You can connect to it locally with your browser to interact by visiting http://localhost:8989. The websocket is technically running at ws://localhost/ws. You can of course connect to your websocket from any other computer to bind in remotely. For example, just connect to ws:// if you are on a remote host where is your devices actual IP address.

Raspberry-Pi - Raspberry Pi A to Z List


Raspberry Pi A to Z List Basics Raspberry Pi The Raspberry Pi was originally designed for educational purposes to use in schools and universities, and to make class and study more interesting. Unfortunately, the practical use of the Raspberry Pi or a comparable single-board computer in Germany, Austria and Switzerland is still in its infancy. Listening to the topic, you will find only a few examples showing the use of the Raspberry Pi in school, in education or in study. The following tasks and exercises should help a little here. They are suitable for self-study or as a source for teachers and faculty to build their own Raspberry Pi workshop. The tasks also include exemplary ready-made solutions. 1. Getting Started: Tasks and Exercises with Raspberry Pi The following tasks and exercises are suitable for beginners who have not yet come into contact with the Raspberry Pi. The solutions are also interesting for those who already know the Raspberry Pi and have worked with it. The solutions are part of standard tasks that have to be done around the Raspberry Pi every now and then.

seafile-rpi - Seafile server package for Raspberry Pi.


Seafile server package for Raspberry Pi. Maintained by seafile community. If you have any problems or suggestions when using the seafile rpi server package, please report it on seafile server forum.

whonow - A "malicious" DNS server for executing DNS Rebinding attacks on the fly (public instance running on rebind

  •    Javascript

A malicious DNS server for executing DNS Rebinding attacks on the fly. whonow lets you specify DNS responses and rebind rules dynamically using domain requests themselves. What's great about dynamic DNS Rebinding rules is that you don't have to spin up your own malicious DNS server to start exploiting the browser's Same-origin policy. Instead, everyone can share the same public whonow server running on port 53 of rebind.network.