CoreDNS-MLBridge
This repository contains the plugin for connecting the CoreDNS server to a
Machine Learning Environment for DNS request and response analysis, monitoring
and alerting.
This can be modified to work for any other platform as well as language which
does not have machine learning capabilities.
Installation
Clone the repository:
git clone https://github.com/mlbridge/coredns-mlbridge.git
Install Elasticsearch by following the instructions from this
link. Start the
Elasticsearch server.
To install and start CoreDNS please take a look at the CoreDNS
repository. Add the mlbridge
plugin to
CoreDNS. To add external plugins, please take a look at the
example plugin.
To add the plugin to a particular port say 1053, please make the changes to the
Corefile as shown below:
.:1053 {
mlplugin
}
MLBridge Plugin
The mlbridge plugin is a CoreDNS plugin that forwards requests to the
mlbridge-middleware app via HTTP POST requests. Once the mlbridge-middleware app
processes the request,it sends the prediction, whether the domain name is
malicious or benign, back to the plugin. Depending on the nature of the domain
name, the plugin can be configured to allow the request to fall through to the
other plugins or send the request to a honeypot or a blackhole.