Skip to content
/ chkdomain Public

πŸ” Discover if a domain is resolvable or blocked by secure DNS and Ad-blocking services, and experience the innovative idea of DaaS - DNS as an Intelligence Service.

License

GPL-3.0 license
79 stars 18 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

PeterDaveHello/chkdomain

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

75 Commits
.github
.github
Β 
Β 
.editorconfig
.editorconfig
Β 
Β 
.gitignore
.gitignore
Β 
Β 
.travis.yml
.travis.yml
Β 
Β 
AGENTS.md
AGENTS.md
Β 
Β 
LICENSE
LICENSE
Β 
Β 
Makefile
Makefile
Β 
Β 
README.md
README.md
Β 
Β 
chkdm
chkdm
Β 
Β 
chkdomain.png
chkdomain.png
Β 
Β 

Repository files navigation

chkdomain

Build Status

chkdomain checks if a domain can be resolved by no-filter DNS, or has been blocked by secure/protective DNS, and advertisement/tracker-blocking DNS services. It sends queries to well-known DNS servers and checks the resolution success as a basis for determining if the domain is blocked. The tool also provides links to OSINT, domain threat intelligence, and security services for the domain in question.

The DNS services currently used for sending queries are listed below:

No-filter DNS Secure DNS Ad/Tracker-blocking DNS
AdGuard (94.140.14.140) CleanBrowsing (185.228.168.9) AdGuard (94.140.14.14)
Cloudflare (1.1.1.1) Cloudflare (1.1.1.2) CONTROL D (76.76.2.2)
dns0.eu (193.110.81.254) Comodo (8.26.56.26) dnsforge.de (176.9.93.198)
Gcore (95.85.95.85) CONTROL D (76.76.2.1) OVPN (192.165.9.157)
Google (8.8.8.8) dns0.eu (193.110.81.0) Tiarap (188.166.206.224)
Hinet (168.95.1.1) UltraDNS (156.154.70.2)
UltraDNS (64.6.64.6) OpenDNS (208.67.222.222)
OpenDNS (208.67.222.2) Quad101 (101.101.101.101)
Quad9 (9.9.9.10) Quad9 (9.9.9.9)
Yandex (77.88.8.1) SafeDNS (195.46.39.39)
Yandex (77.88.8.2)

After checking the domain, chkdomain provides direct links to the following intelligence services for more information:

The Palo Alto Networks URL Filtering link deep-links to the undocumented single_cr change request endpoint so the queried domain is prefilled when the url query parameter is provided (e.g., .../single_cr/?url=example.com). Palo Alto Networks may modify that flow or introduce additional verification without notice; fall back to the manual form listed under Additional Resources if the shortcut stops working.

If you'd like to build up your own secure DNS, check out the threat-hostlist repository. It contains many different threat-blocking blocklists to help you create a secure DNS service for your home, office, or elsewhere.

Usage

Download the chkdm script and make it executable:

$ wget https://github.com/PeterDaveHello/chkdomain/raw/master/chkdm
$ chmod +x chkdm

Check domain by running chkdm:

$ ./chkdm <domain name>

Additionally, you can put the script in your $PATH, such as /usr/local/bin, to make it executable from anywhere.

Using Custom DNS

For custom DNS checks, create CustomDNS.txt in the script's directory, listing your DNS server IPs. Use # for comments:

127.0.0.1
192.168.1.1       # Local DNS
168.95.192.1      # Hinet DNS

If you wish to use a custom file location, you can specify a custom file using CustomDNSFile variable before executing:

CustomDNSFile="/path/to/your/dnsfile.txt" ./chkdm ipinfo.tw

The script will then include these servers in its checks and provide results.

Screenshot

Screenshot

Demo

asciicast

Dependency

Only a few command-line tools are needed:

  • awk
  • bash
  • dig
  • dirname
  • head
  • nslookup
  • readlink
  • sed
  • sort

Most of the commands (awk, bash, dirname, head, readlink, sed, and sort) come pre-installed on common Linux distributions. To install dig and nslookup, use your package manager (e.g., apt, yum, pacman) to install the dnsutils (Debian/Ubuntu) or bind-utils (RHEL/CentOS, Arch/Manjaro) package.

Notice

Please be aware that domain names with records such as 0.0.0.0 or 127.0.0.1 (e.g., 0.ipinfo.tw or 1.ipinfo.tw) may yield incorrect results when checked with secure DNS and ad-blocking DNS services. The current detection method for blocked domains is relatively simple. We plan to improve this feature in future updates.

Additional Resources

There are also some malicious domains blocking services that don't directly provide DNS services and can't be queried via the HTTP GET method. As a result, we are unable to integrate them or list their corresponding query URLs in the check results. However, since they are provided by leading security companies and offer a web interface that allows you to manually submit a domain to retrieve the related intelligence, they are worth mentioning. The Palo Alto Networks entry also serves as the manual fallback when the deep link cannot prefill the domain. The services are listed below:

License

GPL-3.0 (GNU GENERAL PUBLIC LICENSE Version 3)

About

πŸ” Discover if a domain is resolvable or blocked by secure DNS and Ad-blocking services, and experience the innovative idea of DaaS - DNS as an Intelligence Service.

Topics

dns security osint filter malware domain phishing cybersecurity adblock infosec hacktoberfest threat-intelligence

Resources

Readme

License

GPL-3.0 license
Activity

Stars

79 stars

Watchers

4 watching

Forks

18 forks
Report repository

Sponsor this project

  •  
Learn more about GitHub Sponsors

Contributors 4

  •  
  •  
  •  
  •  

Languages