Purpose made DNS Docker file setup for hosting exploits for the web browser for Sony PlayStation devices and the Nintendo Wii/WiiU/Switch.
- Blocks telemetry
- Blocks system updates
- Blocks PlayStation title updates
- Blocks metadata domain, but raw PKG links resolve. Third party tools like OrbisPatches will function
- Pass through for remainder of the internet
- Obviously Sony/Nintendo domains will not resolve
- Access control list for Blacklisting IPs completely and/or Whitelisting IPs for recursive queries
When used in conjunction with Exploit Host HTTP the following additional features are added:
- Enables internet speed tests
- Enables serving custom system updates
- Hijacks default browser landing pages
This command will always pull the latest image from Docker Hub, run on the main Docker bridge network, redirect hijacked domains to 192.0.2.2, IPv6 is disabled (As it's not explicitly enabled), and it will restart if it's not running until you explicitly tell it to stop.
docker run -d --network bridge -p 53:53/tcp -p 53:53/udp -e REDIRECT_IPV4=192.0.2.2 --restart unless-stopped --pull always alazif/exploit-host-dns:latest
This composer file will do the same as the command above.
---
version: "3.8"
services:
exploit-host-dns:
image: alazif/exploit-host-dns:latest
network_mode: bridge
ports:
- 53:53/tcp
- 53:53/udp
environment:
REDIRECT_IPV4: 192.0.2.2
pull_policy: always
restart: unless-stoppedStart the compose file by calling docker compose up -d from the same location as the composer file.
| Option | Default | Type | Info |
|---|---|---|---|
| DEBUG | false |
boolean | Show debug output for entrypoint.sh in the Docker log. |
| AUTOUPDATE_ZONES | false |
boolean | Update the zone files automatically if /opt/dns-config-watchdog/zones.json is modified. |
| SMART_WATCHER | false |
boolean | How modifications to /opt/dns-config-watchdog/zones.json are checked. If true uses Python's Watchdog package. If false uses a looped shell command to watch for changes. Ignored if AUTOUPDATE_ZONES is false. |
| LOGGING | false |
boolean | Enable DNS logging. Logged to /var/log/named/. |
| DNS_RESTART | rndc reload |
string | The command issued the /opt/dns-config-watchdog/main.py to restart the DNS server after generating zone files. |
| REDIRECT_IPV4 | none | string | Must have an IPv4, an IPv6, or both specified. This is the address which hijacked domains will be forwarded to. |
| REDIRECT_IPV6 | none | string | Must have an IPv4, an IPv6, or both specified. This is the address which hijacked domains will be forwarded to. |
- Double check/separate IPv4 vs IPv6 support better. Don't assume IPv4 is supported if IPv6 is on, etc.
- Test Nintendo Wii/WiiU/Switch support
- Add/Test Xbox support