Open-Source DNS Security by CZ.NIC

Secure DNS
Intelligence

A comprehensive DNS security solution for organizations. Monitor traffic, block malicious domains, and protect your network — on-premise and remotely — powered by CSIRT.CZ threat intelligence.

Download Explore Features
Live DNS Activity
4 passed 2 blocked 1 flagged
outlook.office365.com A 52.96.87.18 3ms
fonts.googleapis.com CNAME 1ms
x7k2m-login.phish.cc phishing blocked
cdn.cloudflare.com AAAA 1ms
asd8f2k9x.dga-c2.net DGA blocked
tracker.ad-net.io suspicious flagged
api.github.com A 140.82.121.6 2ms
Powered by CZ.NIC CSIRT.CZ Knot Resolver MojeID ADAM ODVR CZ.NIC Labs GNU GPLv3
Powered by CZ.NIC CSIRT.CZ Knot Resolver MojeID ADAM ODVR CZ.NIC Labs GNU GPLv3
Core Capabilities

Everything you need for
DNS security

DNS Patrol enables secure domain resolution, DNS traffic monitoring, and advanced threat detection for your organization.

Traffic Monitoring & Analytics

Clear statistics, logs, and detections for network administrators. Monitor DNS queries with detailed dashboards and connected device inventory.

14k
Queries/min
99.2%
Clean traffic
127
Blocked/hr
23
Flagged

Threat Detection

Automatically detect and block malicious domains using CSIRT.CZ threat intelligence feeds.

Phishing Tunneling DGA Malware

Secure Resolution

Safe domain translation for corporate and remote networks. Client agents ensure protection even outside the organization via DNS-over-HTTPS (DoH).

Open Source (GPLv3)

Fully transparent, community-driven code. Define custom block/allow lists, extend functionality, and audit every line.

5
Repositories
GPLv3
License
3
Platforms
100%
Open source
How It Works

From query to protection

DNS Patrol inspects every DNS query in real time, applying multiple layers of threat intelligence before resolution.

DNS Query Received

A device on your network makes a DNS request. The query is intercepted by DNS Patrol's recursive resolver.

Analyzed & Classified

The domain is checked against CSIRT.CZ threat feeds, custom blocklists, and analyzed for DGA patterns.

Resolved or Blocked

Safe queries resolve normally. Malicious domains are blocked instantly. Suspicious queries are flagged and logged.

Threat Protection

Defend against modern
DNS threats

DNS Patrol detects and neutralizes the most common attack vectors targeting DNS infrastructure.

Phishing

Blocks domains impersonating legitimate services to steal credentials.

DNS Tunneling

Detects data exfiltration hidden within DNS query traffic.

DGA Attacks

Identifies algorithmically generated domains used for C2 communication.

Malware Domains

Blocks connections to known malware distribution and C2 infrastructure.

24/7
Continuous monitoring
<1ms
Query analysis time
0M+
Threat signatures
0%
Detection accuracy
Open Source

Transparent.
Community-driven.

DNS Patrol is fully open source under the GNU GPLv3 license. Every component — resolver, admin portal, and client agents — is available for review, audit, and contribution.

  • Custom block and allow lists tailored to your organization
  • Full audit trail — verify security with complete source access
  • Active community with regular updates and security patches
  • Integrates with CSIRT.CZ threat intelligence database
View on GitLab
hedgehog-webapp
Admin portal UI — dashboard, policies, query viewer
hedgehog-core
Core backend — resolver integration, threat intelligence, API
hedgehog-android
Android client agent — DoH, auto-configuration
hedgehog-ios
iOS client agent — iPhone & iPad support
hedgehog-windows
Windows client agent — laptop protection
FAQ

Frequently asked questions

What is a recursive DNS resolver?
A recursive DNS resolver is a server that receives DNS queries from client devices and resolves them by querying authoritative DNS servers on the client's behalf. It traverses the DNS hierarchy — from root servers to TLD servers to authoritative servers — to find the IP address associated with a domain name.
What is a DGA (Domain Generation Algorithm)?
A Domain Generation Algorithm (DGA) is a technique used by malware to programmatically generate a large number of domain names that serve as potential command-and-control (C2) communication points. DNS Patrol detects these patterns using behavioral analysis.
What is phishing?
Phishing is a type of social engineering attack where adversaries create fraudulent websites that mimic legitimate services to trick users into revealing sensitive information. DNS Patrol blocks access to known phishing domains before users can reach them.
What is DNS tunneling?
DNS tunneling is a technique that encodes data from other protocols within DNS queries and responses. Attackers use this method to exfiltrate sensitive data or establish covert communication channels that bypass traditional firewalls. DNS Patrol detects tunneling by analyzing query patterns, payload sizes, and domain entropy.

Ready to secure your DNS?

Protect your organization with DNS Patrol. Open source, built by CZ.NIC.

Get DNS Patrol View Architecture