Prometheus exporter for DNSTT client/session metrics.

Find a file

Abel Luck 8318f9fe70 initial working version		2026-05-05 13:43:02 +02:00
cmd/dnstt_exporter	initial working version	2026-05-05 13:43:02 +02:00
internal/dnstt	initial working version	2026-05-05 13:43:02 +02:00
.envrc	init devshell	2026-05-05 13:28:32 +02:00
.gitignore	initial working version	2026-05-05 13:43:02 +02:00
flake.lock	init devshell	2026-05-05 13:28:32 +02:00
flake.nix	initial working version	2026-05-05 13:43:02 +02:00
go.mod	initial working version	2026-05-05 13:43:02 +02:00
go.sum	initial working version	2026-05-05 13:43:02 +02:00
README.md	initial working version	2026-05-05 13:43:02 +02:00

README.md

dnstt_exporter

Prometheus exporter for DNSTT client/session metrics.

dnstt_exporter observes DNSTT DNS traffic on a local Linux host and exports aggregate Prometheus metrics. It does not proxy, terminate, or configure DNSTT; it passively decodes DNSTT session IDs from DNS query names.

Usage

sudo dnstt_exporter \
  -dnstt.domain tunnel.example.com \
  -dnstt.port 53 \
  -web.listen-address :9713

The exporter needs permission to open an AF_PACKET raw socket. Run it as root or grant the binary CAP_NET_RAW.

Metrics are served at http://127.0.0.1:9713/metrics by default.

Metrics

All DNSTT metrics use a domain label:

dnstt_active_clients
dnstt_peak_clients
dnstt_queries_total
dnstt_bytes_in_total
dnstt_bytes_out_total
dnstt_sessions_total

Development

go test ./...
go build ./cmd/dnstt_exporter