:zap: fast dns server, built to block advertisements and malware servers - GitHub - Cottand/leng: :zap: fast dns server, built to block advertisements and malware servers
A few months ago I went on a quest for a DNS server and was dissatisfied with current maintained projects. They were either good at adblocking (Blocky, grimd...) or good at specifying custom DNS (CoreDNS...).
So I forked grimd and embarked on rewriting a good chunk of it for it to address my needs - the result is leng.
it is fast
it is small
it is easy
you can specify blocklists and it will fetch them for you
you can specify custom DNS records with proper zone file syntax (SRV records, etc)
it supports DNS-over-HTTPS so you can stay private
it is well-documented
can be deployed on systemd, docker, or Nix
I have been running it as my nameserver in a Nomad cluster since! I plan to keep maintaining and improving it, so feel free to give it a try if it also fulfils your needs
I am working on adding a feature comparison to the docs. But in the meantime: leng has less features (like no web UI, no DHCP server) which means it is lighter (50MB RAM vs 150MB for adguard, 512MB for pihole), and easier to reproducibly configure because it is stateless (no web UI settings).
I believe blocky and coredns are better comparisons for leng than "tries to achieve it all" solutions like adguard, pihole...
Yes (much simpler) and also allows you to specify custom DNS, which is very useful for more advanced self-hosted deployments - this is something PiHole is just not built to address
If you are having trouble installing or the documentation is not clear, feel free to point it out here or in the issues on github. Personally I think it is simplest to use docker :)
This is awesome. I've been looking into DNS servers with ad blocking and this seems to be a perfect fit. And it is packaged for Nix, so I'll definitely give it a go.
If you mean CNAME flattening I have an issue for it. If you mean recursively resolving CNAME until the end record is found, it does support it.
For example, if you set a custom record mygoogle.lol IN CNAME google.com Leng will return a response with an A record with a google.com IP address when you visit mygoogle.lol
Does this support DNS management with nsupdate? I'm currently automating DNS on pihole by changing a text file and reloading the service, which is just not very convenient not to mention slow.
I have a similar use case where I also need my records to change dynamically.
Leng doesn't support nsupdate (feel free to make an issue!), but it supports changing the config file at runtime and having leng reread it by issuing a SIGUSR1 signal. I have not documented this yet (I'll get to it today), but you can see the code here
Alternatively, you can just reload the service like you do with pihole - I don't know how quick pihole is to start, but leng should be quick enough that you won't notice the interim period when it is restarting. This is what I used to do before I implemented signal reloading.
Edit: my personal recommendation is you use templating to render the config file with your new records, then reload via SIGUSR1 or restart the service. nsupdate would make leng stateful, which is not something I desire (I consider it an advantage that the config file specifies the server's behaviour exactly)
Pihole reloading in my case is probably mostly slow because of the hardware. That signal functionality to reload is pretty neat, though I think I disagree with the config files being the only thing specifying the servers behaviour exactly being a big advantage. In an environment using infrastructure as code it would probably be better to define DNS over the generic nsupdate API (e.g. with ansible or other equivalent tools) than having to write custom code to reload some config files that have to be regenerated every time. But for smaller home setups both options are probably fine anyhow.