Kapiti DNS

A Filtering DNS Cache

Status

Kapiti is generally functional and is seeing regular day-to-day use. However, the author is not interested in debugging everyone's DNS problems, especially not for free.

As such, the Kapiti project should be considered to have a perpetual alpha status for the forseeable future.

Usage

Installation

Get Rust, then build and run the latest release as follows:

$ cargo install kapiti $ ~/.cargo/bin/kapiti --help

Kapiti expects a TOML config file. Here's a basic example with two upstream servers and some filters:

upstreams = [ # DoH servers are supported! "https://mozilla.cloudflare-dns.com/dns-query", # DoT servers are supported! "tls://8.8.8.8", # Fallback for bootstrap query of DoH "mozilla.cloudflare-dns.com" "1.1.1.1:53", ] overrides = [ # Honor any configured hosts in /etc/hosts "/etc/hosts", ] blocks = [ # URLs will be downloaded and periodically refreshed. # Listed domains return NXDOMAIN. "http://sysctl.org/cameleon/hosts", "https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt", "https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt", ]

Other config options include things like grouped filters where different clients can have different filters applied to their queries, and optional Redis support for the DNS cache. For now, the best config reference is to just read the comments in config.rs.

Goals

Easy Installation

Kapiti is a DNS filter that blocks the spammers, scammers, and advertisers of the world.

However, unlike more mature projects it does not need a dedicated environment with several services to run. Kapiti comes as a standalone binary that will just run a single process on your machine like any other service.

Low Overhead

Kapiti intends to be fast and efficient, with a reasonable and predictable resource footprint.

Its low resource requirements ensure that Kapiti can be run on a wide variety of systems - any Rust compilation target should work fine.

Technical Details

How It Works

Kapiti acts as a caching proxy for upstream DNS, working as a filter against the requests that are sent to it. By default Kapiti has its own internal cache, but it can also be configured to store cached records in an external Redis server. The filter itself is driven by list files which can override or block domains.

Kapiti supports the /etc/hosts format, allowing defining custom domains directly. This ensures that Kapiti can be a full drop-in replacement for your system's default DNS service.

Record Support

Many DNS implementations only support A (IPv4) records and sometimes AAAA (IPv6) records. Kapiti meanwhile targets support for all current DNS record types, even the really obscure ones. This ensures that it can function as a drop-in proxy for existing DNS, without the need for compromises or fallbacks.

License/Credits

Kapiti is licensed under the FAFOL. This is intended to restrict use of the project for purposes that would be considered unethical by its authors.

Site design: Element CSS