DNS-collector

What is DNS-collector?

DNS-collector is a lightweight tool that captures DNS queries and responses from your DNS servers, processes them intelligently, and sends clean data to your monitoring or analytics systems.

What it does:

• Captures DNS data from your DNS servers (BIND, PowerDNS, Unbound, etc.) via DNStap protocol or live network capture
• Filters out noise like health checks, internal queries, or spam before storage
• Enriches data with GeoIP, threat intelligence, or custom metadata
• Outputs clean data to files, databases, SIEM tools, or monitoring dashboards

Why DNS-collector?

The missing piece between DNS servers and your data stack.

• DNS-native processing: Understands DNS protocol, EDNS, query types natively
• Process at the edge: Clean, filter and enrich DNS data before storage - not after
• Multiple input sources: DNStap streams, live network capture, log files
• DNS-aware transformations: Filtering noise upstream, user privacy
• Flexible outputs: Files, syslog, databases, monitoring tools and more...
• Production ready: Used in real networks, tested with major DNS servers
• Enhanced DNStap: TLS encryption, compression, and more metadata capabilities

🚀 Quick Start

Download the latest release and run with default config: Default setup listens on tcp/6000 for DNStap streams and outputs to stdout. To get started quickly, you can use this default config.yml.

./dnscollector -config config.yml

📚 Documentation

👥 Contributions

Contributions are welcome! Check out:

• Contribution Guide
• Architecture Guide
• Development Guide

🧰 Related Projects:

• DNS-tester - DNS testing toolkit
• CoreDNS-GSLB - Global Server Load Balancing functionality in CoreDNS