惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

T
The Blog of Author Tim Ferriss
TaoSecurity Blog
TaoSecurity Blog
Apple Machine Learning Research
Apple Machine Learning Research
Hugging Face - Blog
Hugging Face - Blog
IT之家
IT之家
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
小众软件
小众软件
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
S
SegmentFault 最新的问题
T
Troy Hunt's Blog
N
News and Events Feed by Topic
雷峰网
雷峰网
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
PCI Perspectives
PCI Perspectives
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
www.infosecurity-magazine.com
www.infosecurity-magazine.com
博客园 - 三生石上(FineUI控件)
Schneier on Security
Schneier on Security
T
The Exploit Database - CXSecurity.com
L
LINUX DO - 最新话题
V
V2EX
T
Threat Research - Cisco Blogs
人人都是产品经理
人人都是产品经理
C
Cisco Blogs
The GitHub Blog
The GitHub Blog
爱范儿
爱范儿
I
Intezer
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
Recent Announcements
Recent Announcements
月光博客
月光博客
Recent Commits to openclaw:main
Recent Commits to openclaw:main
N
News | PayPal Newsroom
Cyberwarzone
Cyberwarzone
B
Blog
博客园 - 聂微东
P
Palo Alto Networks Blog
A
About on SuperTechFans
The Last Watchdog
The Last Watchdog
Scott Helme
Scott Helme
Google DeepMind News
Google DeepMind News
Webroot Blog
Webroot Blog
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
O
OpenAI News
C
Check Point Blog
Hacker News: Ask HN
Hacker News: Ask HN
W
WeLiveSecurity
V
Vulnerabilities – Threatpost
博客园 - 【当耐特】
有赞技术团队
有赞技术团队
A
Arctic Wolf

warnlist on CoreDNS: DNS and Service Discovery

暂无文章

warnlist
2021-06-03 · via warnlist on CoreDNS: DNS and Service Discovery

Description

The warnlist plugin accepts a list of malicious or otherwise undesirable domains and emits a log entry and Prometheus metrics when a domain (or subdomain) is requested.

Prohibited domains can be loaded from a local file or a URL and can be automatically reloaded after a specified period.

warnlist can be thought of as a non-blocking blacklist/blocklist/denylist/badlist. When used with a curated data source, the plugin can surface simplistic low-noise alerts without the need to ship and inspect DNS logs.

Refer to the project README for more info.

An unofficial coredns image with this plugin already compiled is hosted by Giant Swarm on Quay and Docker Hub, as [quay.io/]giantswarm/coredns-warnlist-plugin.

Syntax

warnlist {
    <source type> <source path> <file format>
    reload <reload period>
    match_subdomains <true | false>
}

The warnlist plugin accepts the following arguments:

  • <source type>: Type of the domain list. Either url or file.
  • <source path>: Where to load the list from. Either a URL or file path.
  • <file format>: Format of the file to expect. Either hostfile or text.
  • <reload period>: (Optional) Go Duration after which the list will be regenerated*.
  • <match subdomains>: (Optional) If true (default), the plugin will also check and match subdomains of those explicitly listed. Either true or false.

* A jitter of +/- 30% is automatically added. When automatically reloading from a URL, please be friendly to the service hosting the file.

Example

Sample Corefile using a URL data source, reloading every ~60 minutes:

. {
    log
    warnlist {
        url https://urlhaus.abuse.ch/downloads/hostfile/ hostfile
        reload 60m
    }
    prometheus
    forward . /etc/resolv.conf
}

Metrics

If the prometheus plugin is also enabled, this plugin emits the following metrics:

  • warnlist_hits_total{server, requestor, domain} - counts the number of warnlisted domains requested. The host and domain are included as labels.
  • warnlist_failed_reloads_count{server} - counts the number of times the plugin has failed to reload.
  • warnlist_cache_check_duration_seconds{server} - summary for determining the average time it takes to check the warnlist.
  • warnlist_warnlisted_items_count{server} - current number of domains stored in the warnlist.