DNS-collector is a lightweight tool that captures DNS queries and responses from your DNS servers, processes them intelligently, and sends clean data to your monitoring or analytics systems.
What it does:
- Captures DNS data from your DNS servers (BIND, PowerDNS, Unbound, etc.) via DNStap protocol or live network capture
- Filters out noise like health checks, internal queries, or spam before storage
- Enriches data with GeoIP, threat intelligence, or custom metadata
- Outputs clean data to files, databases, SIEM tools, or monitoring dashboards
The missing piece between DNS servers and your data stack.
- DNS-native processing: Understands DNS protocol, EDNS, query types natively
- Process at the edge: Clean, filter and enrich DNS data before storage - not after
- Multiple input sources: DNStap streams, live network capture, log files
- DNS-aware transformations: Filtering noise upstream, user privacy
- Flexible outputs: Files, syslog, databases, monitoring tools and more...
- Production ready: Used in real networks, tested with major DNS servers
- Enhanced DNStap: TLS encryption, compression, and more metadata capabilities
Download the latest release and run with default config:
Default setup listens on tcp/6000 for DNStap streams and outputs to stdout.
To get started quickly, you can use this default config.yml.
./dnscollector -config config.yml| Topic | Description |
|---|---|
| π§ Configuration | Complete config reference |
| π€ Workers | Input sources and output destinations setup |
| π Transformers | Data enrichment options |
| π³ Docker | Container deployment |
| π Examples | Ready-to-use configs |
| π Integrations | Integrationn with popular tools and DNS servers |
| β Extended DNStap | Extended DNSTap |
| π Telemetry | REST API and Prometheus metrics |
| β‘ Performance | Tuning guide |
Contributions are welcome! Check out:
- DNS-tester - DNS testing toolkit