Skip to content

Al-Azif/exploit-host-dns

Repository files navigation

Exploit Host DNS

Purpose made DNS Docker file setup for hosting exploits for the web browser for Sony PlayStation devices and the Nintendo Wii/WiiU/Switch.

Features

Stand Alone

  • Blocks telemetry
  • Blocks system updates
  • Blocks PlayStation title updates
    • Blocks metadata domain, but raw PKG links resolve. Third party tools like OrbisPatches will function
  • Pass through for remainder of the internet
    • Obviously Sony/Nintendo domains will not resolve
  • Access control list for Blacklisting IPs completely and/or Whitelisting IPs for recursive queries

With Exploit Host HTTP

When used in conjunction with Exploit Host HTTP the following additional features are added:

  • Enables internet speed tests
  • Enables serving custom system updates
  • Hijacks default browser landing pages

Usage

Command Line

This command will always pull the latest image from Docker Hub, run on the main Docker bridge network, redirect hijacked domains to 192.0.2.2, IPv6 is disabled (As it's not explicitly enabled), and it will restart if it's not running until you explicitly tell it to stop.

docker run -d --network bridge -p 53:53/tcp -p 53:53/udp -e REDIRECT_IPV4=192.0.2.2 --restart unless-stopped --pull always alazif/exploit-host-dns:latest

Composer

This composer file will do the same as the command above.

---
version: "3.8"

services:
  exploit-host-dns:
    image: alazif/exploit-host-dns:latest
    network_mode: bridge
    ports:
      - 53:53/tcp
      - 53:53/udp
    environment:
      REDIRECT_IPV4: 192.0.2.2
    pull_policy: always
    restart: unless-stopped

Start the compose file by calling docker compose up -d from the same location as the composer file.

Options (Environment Variables)

Option Default Type Info
DEBUG false boolean Show debug output for entrypoint.sh in the Docker log.
AUTOUPDATE_ZONES false boolean Update the zone files automatically if /opt/dns-config-watchdog/zones.json is modified.
SMART_WATCHER false boolean How modifications to /opt/dns-config-watchdog/zones.json are checked. If true uses Python's Watchdog package. If false uses a looped shell command to watch for changes. Ignored if AUTOUPDATE_ZONES is false.
LOGGING false boolean Enable DNS logging. Logged to /var/log/named/.
DNS_RESTART rndc reload string The command issued within /opt/dns-config-watchdog/main.py to restart the DNS server after generating zone files.
REDIRECT_IPV4 none string Must have an IPv4, an IPv6, or both specified. This is the address which hijacked domains will be forwarded to.
REDIRECT_IPV6 none string Must have an IPv4, an IPv6, or both specified. This is the address which hijacked domains will be forwarded to.

TODO

  • Double check/separate IPv4 vs IPv6 support better. Don't assume IPv4 is supported if IPv6 is on, etc.
  • Test Nintendo Wii/WiiU/Switch support.
  • Add/Test Xbox support.