Skip to content

v0.1.0 — DNS Threat Gateway MVP

Choose a tag to compare

View all tags
@kakarot-dev kakarot-dev released this 28 Mar 15:15
· 13 commits to main since this release
v0.1.0
4f1db69

dnsink v0.1.0

First release. A high-performance DNS proxy that blocks malware, C2, and phishing domains at the DNS layer using live threat intelligence feeds.

Features

  • DNS proxy — UDP + TCP listener with automatic truncation fallback
  • Threat intelligence feeds — URLhaus (abuse.ch), OpenPhish, PhishTank with per-feed toggles
  • Two-stage blocking engine — Bloom filter (~184ns) pre-screens, radix trie confirms. Sub-microsecond lookups on 100K domains.
  • Wildcard domain blocking — Block a domain and all subdomains via label-reversed radix trie
  • DNS-over-HTTPS (DoH) — Encrypted upstream queries (RFC 8484) to Cloudflare, Google, or custom endpoint
  • Hot-reload — Blocklists refresh on a configurable interval without dropping in-flight queries (lock-free via ArcSwap)
  • Terminal dashboard (TUI) — Live query stream, queries/sec sparkline, stats, top blocked domains. Vim-style scrolling.
  • Structured logging — JSON or text per-query logs with domain, action, latency, protocol, source IP
  • Per-query metrics — Atomic counters for total/blocked/allowed, average latency, query type distribution
  • TOML configuration — Listen address, upstream (UDP/DoH), feed toggles, refresh interval, logging format

Benchmarks (100K domains, release build)

Operation Time
Bloom lookup (miss) 184 ns
Trie lookup (exact hit) 380 ns
Two-stage lookup (hit) 491 ns
Two-stage lookup (miss) 288 ns

Stats

  • 8 source modules
  • 35 tests (30 unit + 5 integration)
  • CI green (cargo fmt + clippy + test)
Assets 2
Loading