Exploit Host DNS

Purpose made DNS Docker file setup for hosting exploits for the web browser for Sony PlayStation devices and the Nintendo Wii/WiiU/Switch.

Features

Stand Alone

Blocks telemetry
Blocks system updates
Blocks PlayStation title updates
- Blocks metadata domain, but raw PKG links resolve. Third party tools like OrbisPatches will function
Pass through for remainder of the internet
- Obviously Sony/Nintendo domains will not resolve
Access control list for Blacklisting IPs completely and/or Whitelisting IPs for recursive queries

With Exploit Host HTTP

When used in conjunction with Exploit Host HTTP the following additional features are added:

Enables internet speed tests
Enables serving custom system updates
Hijacks default browser landing pages

Usage

Command Line

This command will always pull the latest image from Docker Hub, run on the main Docker bridge network, redirect hijacked domains to 192.0.2.2, IPv6 is disabled (As it's not explicitly enabled), and it will restart if it's not running until you explicitly tell it to stop.

docker run -d --network bridge -p 53:53/tcp -p 53:53/udp -e REDIRECT_IPV4=192.0.2.2 --restart unless-stopped --pull always alazif/exploit-host-dns:latest

Composer

This composer file will do the same as the command above.

---
version: "3.8"

services:
  exploit-host-dns:
    image: alazif/exploit-host-dns:latest
    network_mode: bridge
    ports:
      - 53:53/tcp
      - 53:53/udp
    environment:
      REDIRECT_IPV4: 192.0.2.2
    pull_policy: always
    restart: unless-stopped

Start the compose file by calling docker compose up -d from the same location as the composer file.

Options (Environment Variables)

Option	Default	Type	Info
DEBUG	`false`	boolean	Show debug output for `entrypoint.sh` in the Docker log.
AUTOUPDATE_ZONES	`false`	boolean	Update the zone files automatically if `/opt/dns-config-watchdog/zones.json` is modified.
SMART_WATCHER	`false`	boolean	How modifications to `/opt/dns-config-watchdog/zones.json` are checked. If `true` uses Python's Watchdog package. If `false` uses a looped shell command to watch for changes. Ignored if `AUTOUPDATE_ZONES` is `false`.
LOGGING	`false`	boolean	Enable DNS logging. Logged to `/var/log/named/`.
DNS_RESTART	`rndc reload`	string	The command issued within `/opt/dns-config-watchdog/main.py` to restart the DNS server after generating zone files.
REDIRECT_IPV4	none	string	Must have an IPv4, an IPv6, or both specified. This is the address which hijacked domains will be forwarded to.
REDIRECT_IPV6	none	string	Must have an IPv4, an IPv6, or both specified. This is the address which hijacked domains will be forwarded to.

TODO

Double check/separate IPv4 vs IPv6 support better. Don't assume IPv4 is supported if IPv6 is on, etc.
Test Nintendo Wii/WiiU/Switch support.
Add/Test Xbox support.

xcodeassociated / ps4-exploit-host-dns