DNStuki

DNStuki is an open-source software framework for DNS telemetry and analytics. It collects, processes, and analyzes DNS traffic to support security monitoring, performance analysis, and research. The design emphasizes modularity, scalability, and privacy controls, enabling deployment across multiple sites and diverse data sources, including recursive resolvers and enterprise DNS forwarders.

Developed in the early 2020s by a collaboration of operators and researchers, DNStuki reached stable releases

DNStuki uses a pipeline of catalogued modules: collectors, processors, and sinks. Collectors ingest standard DNS messages

Typical deployments place collectors near resolvers, with centralized processors and sinks in a secured data lake.

DNStuki is used by several operators and research groups for threat hunting and performance monitoring. It