Zeek Package for External DNS

Build Status Documentation Status Coverage Status BSD license

Raises a notice when a client is observed querying an external DNS server

Getting Started

These instructions will get you a copy of the package up and running on your Zeek cluster. See development for notes on how to install the package in order to hack on or contribute to it.


This is a package designed to run with the Zeek Network Security Monitor. First, get Zeek. We strive to support both the current feature and LTS releases.

The recommended installation method is via the Zeek package manager, zkg. On any recent system, run pip install zkg. After installation, run zkg autoconfig. For more information, see the zkg documentation.


To install the package, run:

zkg install https://github.com/grigorescu/external_dns

If this is being installed on a cluster, install the package on the manager, then deploy it via:

zeekctl deploy

Running the tests

zkg will run the test suite before installing. To manually run the tests, go into the tests directory, and run make.


Please read `:doc:./docs/CONTRIBUTING.md`_ for details on how to contribute.


We use SemVer for versioning. For the versions available, see the tags on this repository.


See also the list of `:doc:./contributors`_ who participated in this project.


This project is licensed under the BSD license. See the `:doc:./LICENSE`_ file for details.


  • ESnet team for Zeek Package Cookie Cutter