Dns2tcpd and Dns2tcpc is a network tool designed to relay TCP connections through DNS traffic. Encapsulation is done on the TCP level, thus no specific driver is needed (i.e: TUN/TAP). Dns2tcp client doesn’t need to be run with specific privileges.
Dns2tcpd and Dns2tcpc is composed of two parts : a server-side tool and a client-side tool. The server has a list of resources specified in a configuration file. Each resource is a local or remote service listening for TCP connections. The client listen on a predefined TCP port and relays each incoming connection through DNS to the final service.
dns2tcpd [ -i IP ] [ -F ] [ -d debug_level ] [ -f config-file ] [ -p pidfile ]
-F : dns2tcpd will run in foreground
dns2tcpc [options] [server]
-c : enable compression -z <domain> : domain to use (mandatory) -d <1|2|3> : debug_level (1, 2 or 3) -r <resource> : resource to access -k <key> : pre-shared key -f <filename> : configuration file -l <port|-> : local port to bind, '-' is for stdin (mandatory if resource defined without program ) -e <program> : program to execute -t <delay> : max DNS server's answer delay in seconds (default is 3) -T <TXT|KEY> : DNS request type (default is TXT) server : DNS server to use If no resources are specified, available resources will be printed
Dns2tcpd and Dns2tcpc assuming that you have a valid subdomain nameserver (as outlined in part 1), you just need to edit the configuration file for the “dns2tcpd” server. There’s an example file “server/Dns2tcpd and Dns2tcpc” in the archive that I’ve modified. Of particular note, make sure to change the “listen” line to 0.0.0.0 or your ethernet interface’s IP address. The default configuration will not work because it listens only on localhost. Also, make sure that the “domain” line matches your subdomain. Finally, you must make sure that the chroot directory exists. This is where Dns2tcpd and Dns2tcpc caches its data.
ressources = [resname]:[ip]:[port], ...
config looks like this, for Squid and SSH:
# config file listen = 0.0.0.0 port = 53 user=nobody chroot = /var/empty/dns2tcp/ domain = dns2tcp.ztrela.com key = blah resources = ssh:127.0.0.1:22 , smtp:127.0.0.1:25, pop3:10.0.0.1:110
Then, run it as follows:
cyborg@cyborg:~$ sudo dns2tcpd -F -f /usr/share/doc/dns2tcp/examples/dns2tcpdrc Starting Server v0.5.2...
That’s it for the server side.
Now, on the client end, compile and install dns2tcp as well. Configure the “dns2tcprc” file. Unfortunately, it can only be configured with one “ressource” at a time. I am going to use SSH with dynamic proxy again.
# # configuration : # domain = dns2tcp.ztrela.com ressource = ssh local_port = 4430 debug_level=1 key = blah resources = ssh:127.0.0.1:22 , smtp:127.0.0.1:25, pop3:10.0.0.1:110
Sometimes up to five minutes. Launch it like this:
cyborg@cyborg:~$ sudo dns2tcpc -f /usr/share/doc/dns2tcp/examples/dns2tcprc No DNS given, using 127.0.1.1 (first entry found in resolv.conf) debug level 1 Listening on port : 4430
Where DNS Server is a DNS server you can access, and probably should be the one you were issued by DHCP.
Activate the SSH tunnel from the CLI:
cyborg@cyborg:~$ ssh -C -p 4430 -D8080 cyborg@localhost