Dns2tcpd and Dns2tcpc


Dns2tcpd and Dns2tcpc is a network tool designed to relay TCP connections through DNS traffic. Encapsulation is done on the TCP level, thus no specific driver is needed (i.e: TUN/TAP). Dns2tcp client doesn’t need to be run with specific privileges.

Dns2tcpd and Dns2tcpc is composed of two parts : a server-side tool and a client-side tool. The server has a list of resources specified in a configuration file. Each resource is a local or remote service listening for TCP connections. The client listen on a predefined TCP port and relays each incoming connection through DNS to the final service.




dns2tcpd [ -i IP ] [ -F ] [ -d debug_level ] [ -f config-file ] [ -p pidfile ]

                          -F : dns2tcpd will run in foreground


dns2tcpc [options] [server]


Options :

        -c         	: enable compression
	-z <domain>	: domain to use (mandatory)
	-d <1|2|3>	: debug_level (1, 2 or 3)
	-r <resource>	: resource to access
	-k <key>	: pre-shared key
	-f <filename>	: configuration file
	-l <port|->	: local port to bind, '-' is for stdin (mandatory if resource defined without program )
	-e <program>	: program to execute
	-t <delay>	: max DNS server's answer delay in seconds (default is 3)
	-T <TXT|KEY>	: DNS request type (default is TXT)
	server    	: DNS server to use
	If no resources are specified, available resources will be printed


Dns2tcpd and Dns2tcpc assuming that you have a valid subdomain nameserver (as outlined in part 1), you just need to edit the configuration file for the “dns2tcpd” server. There’s an example file “server/Dns2tcpd and Dns2tcpc” in the archive that I’ve modified. Of particular note, make sure to change the “listen” line to or your ethernet interface’s IP address. The default configuration will not work because it listens only on localhost. Also, make sure that the “domain” line matches your subdomain. Finally, you must make sure that the chroot directory exists. This is where Dns2tcpd and Dns2tcpc caches its data.

ressources = [resname]:[ip]:[port], ...

config looks like this, for Squid and SSH:

# config file
listen =
port = 53
chroot = /var/empty/dns2tcp/
domain = dns2tcp.ztrela.com
key = blah
resources = ssh: , 	 smtp:,

Then, run it as follows:

cyborg@cyborg:~$ sudo dns2tcpd -F -f /usr/share/doc/dns2tcp/examples/dns2tcpdrc
Starting Server v0.5.2...

That’s it for the server side.

Now, on the client end, compile and install dns2tcp as well. Configure the “dns2tcprc” file. Unfortunately, it can only be configured with one “ressource” at a time. I am going to use SSH with dynamic proxy again.

 # configuration :
 domain = dns2tcp.ztrela.com
 ressource = ssh
 local_port = 4430
 key = blah
 resources = ssh: , 	 smtp:,

Sometimes up to five minutes. Launch it like this:

cyborg@cyborg:~$ sudo dns2tcpc -f /usr/share/doc/dns2tcp/examples/dns2tcprc
 No DNS given, using (first entry found in resolv.conf)
 debug level 1
 Listening on port : 4430

Where DNS Server is a DNS server you can access, and probably should be the one you were issued by DHCP.
Activate the SSH tunnel from the CLI:

 cyborg@cyborg:~$ ssh -C -p 4430 -D8080 cyborg@localhost

Configure Firefox to use the dynamic port you specified above as the proxy on localhost.

Dns2tcpd and Dns2tcpc


Leave a reply


We're are building as a community and a team. Be a part of it.


©2018 Ztrela Knowledge Solutions Pvt. Ltd

Log in with your credentials

Forgot your details?