DNSMonster is a Passive DNS monitoring framework written in Golang. It can accept traffic from a pcap file, a network interface (802.1q, Ethernet, IP Packet, VXLAN) or a dnstap socket, and can be used to index and store hundreds of thousands of DNS queries per second. It aims to be scalable, simple and easy to use, and to help security and operation teams to gain visibility over DNS.
dnsmonster does not look to follow DNS conversations, rather it aims to index DNS packets as soon as they come in. It also does not aim to breach the privacy of the end-users, with the ability to mask Layer 3 IPs (IPv4 and IPv6), enabling teams to perform trend analysis on aggregated data without being able to trace back the queries to an individual.
Join the discussion
For announcement of latest features, discussions around the project’s roadmap and showcase your setup, discussions is the best place to start.