A fast and configurable attacker-in-the-middle DNS proxy for penetration testers, reverse engineers, and malware analysts inspired by DNSChef. It allows the selective replacement of specific DNS records for arbitrary domains with custom values, and can be used to direct traffic to a different host. GodNS can spoof A, AAAA, CNAME, PTR, MX, NS, SRV, SOA, and TXT records. It can also be used to block DNS requests for specific domains.

Download the latest release for your platform.

Basic rules can be passed via the command line and use glob matching for the domain name spoof the response using the provided value. For example, to spoof A records for various domains:

godns --rule-a "microsoft.com|127.0.0.1" --rule-a "google.com|127.0.0.1"

You can leverage the glob matching to replace all A records for all domains:

godns --rule-a "*|127.0.0.1"

Replace a domain and all subdomain A records:

godns --rule-a "example.com|127.0.0.1" --rule-a "*.example.com|127.0.0.1"

For more advanced usage, a config file can be provided. The config file is a JSON or YAML file that contains a list of rules. Configuration file entries support regular expression matching in addition to glob matching. See the example configuration file in this repository for more details. Note that CLI flags override values in the config file if both are provided. Additionally, certain record types such as SOA and SRV can only be spoofed using a configuration file.

GodNS is a standalone statically compiled binary, and runs on nearly every operating system and CPU architecture:

• Linux (386, amd64, arm64, mips, mips64, mips64le, mipsle, ppc64, ppc64le, riscv64)
• macOS (amd64, arm64)
• Windows (386, amd64, arm64)
• FreeBSD (amd64, arm64)
• OpenBSD (amd64, arm64)
• NetBSD (amd64, arm64)
• DragonFlyBSD (amd64)
• Plan 9 (amd64)
• Solaris (amd64)
• iOS (arm64)
• Android (arm64)