What is DNSMasker?

Short version: It's a HTTP wrapper for DNSMasq and its hosts file.

Motivations

• Delegate DNS management while maintaining the smallest footprint ever.
• Do whatever is necessary to keep customized code to a minimum. I wanted to use off-the-shelf components where possible.
• Provide a convenient interface for managing DNS records.
• Do as little as possible as root.

Usage

Visit the Swagger or Redoc documentation at /docs/ or /redoc, respectively. It's a simple path-based HTTP API.

Token File

The token file is a brain-dead access control mechanism. It is a file that contains a single "API Key" per line. You are free to mint and distribute API Keys that users can include in the x-api-token header with their requests.

Hosts File

The hosts file is created and managed by dnsmasker. It follows the standard hosts file convention: IP address <tab> Name

Setup

First-time Setup

$ touch hosts
$ tr -dc A-Za-z0-9 </dev/urandom | head -c 16 > tokens

Python Application

$ python -m venv .venv
$ source .venv/bin/acticate
$ pip install -r requirements.txt

# run the application
$ fastapi run server.py --host 0.0.0.0 --port 8000

Sudoers configuration

# allow 'user' to hup dnsmasq
user ALL=(root) pkill -HUP dnsmasq

dnsmasq.conf

Modify the dnsmasq configuration file to use a custom hosts file and prevent any forwarding loops.

# Use a custom hosts file
no-hosts
addn-hosts=/home/user/pydnsmasker/hosts

# Prevent unnecessary forwarding
domain-needed
bogus-priv
no-resolv
local=/domain/
local=/domain2/