ZKM Python

filterdns

Self-hosted DNS filtering with per-profile configuration — block ads, trackers, and malware via DoH, DoT, and DNS53.

dnssecuritynetworkingdockerprivacy
View on GitHub All Projects

What it does

A self-hosted DNS filtering solution that blocks ads, trackers, and malware domains. Supports DNS-over-HTTPS (DoH), DNS-over-TLS (DoT), and traditional DNS (port 53). Designed for institutional networks where different user groups need different filtering profiles.

Key features

  • Multi-protocol — serves DNS over HTTPS, TLS, and UDP/TCP port 53
  • Per-profile filtering — different blocklists for different network segments or user groups
  • Blocklist management — automatic download and update of community blocklists
  • Allowlist overrides — per-profile allowlists to unblock specific domains
  • Docker deployment — ships as a Docker Compose stack for easy setup

Tech stack

Python DNS server with dnspython for protocol handling. Upstream resolution via encrypted DNS. Configuration via YAML files. Deployed via Docker Compose.

Museum context

Developed for ZKM’s network to provide clean DNS for exhibition devices while allowing different filtering rules for staff, guests, and artwork installations.