dnsrewriteproxy 0.0.1

A DNS proxy server that conditionally rewrites and filters A record requests

dns-rewrite-proxy

A DNS proxy server that conditionally rewrites and filters A record requests. Written in Python, all code is in a single module, and there is a single dependency, aiodnsresolver.

CNAMEs are followed and resolved by the proxy to IP addresses, and never returned to the client.

Usage

By default the proxy will listen on port 53, and proxy requests to the servers in /etc/resolve.conf. However, by default all requests are blocked without explicit rules, so to proxy requests you must configure at least one rewrite rule.

from dnsrewriteproxy import DnsProxy

# Proxy all incoming A record requests without any rewriting
start = DnsProxy(rules=((r'(^.*$)', r'\1'),))

# Proxy is running, accepting UDP requests on port 53
stop = await start()

# Stopped
await stop()

The rules parameter must be an iterable [e.g. a list or a tuple] of tuples, where each tuple is regex pattern/replacement pair, passed to re.subn under the hood. On each incoming DNS request from downstream for a domain

• this list is iterated over;
• the first rule that matches the incoming domain name is used to rewrite the domain, the upstream DNS server is queries for A records, and these records, or error code, is returned downstream;
• and if no rule matches a REFUSED response is returned downstream.

The response of REFUSED is deliberate for clients to be able to help differentiate between a configuration issue on the proxy, the proxy not working or not being contactable, and a domain actually not existing.

So to rewrite all queries for www.source.com to www.target.com, and to refuse to proxy any others, you can use the following configuration.

start = DnsProxy(rules=(
    (r'^www\.source\.com$', r'www.target.com'),
))

Alternatively, do the same rewriting, but to allow all other requests, you can use the following.

start = DnsProxy(rules=(
    (r'^www\.source\.com$', r'www.target.com'),
    (r'(^.*$)', r'\1'),
))