Jump to content

DNS Tunnel - Episode 5x04 need help :)


Recommended Posts

Im trying to get this working.

I tried multiple tutorials in the web, the one from mubix aswell.

And like that tutorial: LINK

When i do this:

/droute.pl -r DNS-Server-IP sshdns.passwort.tunnel.nobaq.net[/code]

The client gives me signs that look like i have the wrong charset sellected.

When i do:

ssh -o ProxyCommand="./droute.pl sshdns.dtun.example.org" -N -D 9999 -C jdoe@localhost

The client does nothing. Until i press ctrl C

In both cases the server displayes:

UDP connection from to

query 11433: (2176-56640.id-13401.down.dns.tunnel.domain.co.cc, IN, TXT) -

2176-56640.id-13401.down.dns.tunnel.domain.co.cc. 0 IN TXT "Hi: Wed Jan 13 05:09:23 UTC 2010"


;; id = 11433

;; qr = 1 opcode = QUERY aa = 1 tc = 0 rd = 0

;; ra = 0 ad = 0 cd = 0 rcode = NOERROR

;; qdcount = 1 ancount = 1 nscount = 0 arcount = 0

Maximum reply length as advertosed in EDNS from 512

Writing response - done

Waiting for connections...

UDP connection from to

query 42994: (2193-15449.id-13401.down.dns.tunnel.domain.co.cc, IN, TXT) -

2193-15449.id-13401.down.dns.tunnel.domain.co.cc. 0 IN TXT "Hi: Wed Jan 13 05:09:23 UTC 2010"


;; id = 42994

;; qr = 1 opcode = QUERY aa = 1 tc = 0 rd = 0

;; ra = 0 ad = 0 cd = 0 rcode = NOERROR

;; qdcount = 1 ancount = 1 nscount = 0 arcount = 0

Maximum reply length as advertosed in EDNS from 512

And the red Parts keep changing until i press ctrl C on my client.

The IP: is the DNS Server from my ISP.

Ayone an idea??

Would be realy great!

Sorry for my bad english!

Edited by carloss
Link to comment
Share on other sites

  • 3 weeks later...
  • 3 weeks later...

I've had the ozyman-mod working but it is SLOOOWW (like 0.5k/sec).

I know that ppl have said it would be slow but is that normal? I get timeouts with it all the time , esp with sites containing dynamic content.

Tried from a couple of hotels and my own links which are quite fast so it's not line speed.

Because it's a cname I suppose the parent dns (godaddy) could be rate limiting queries I suppose.


Link to comment
Share on other sites

  • 1 month later...

I've been having a lot of trouble with this and I can't see why it wont work, save for some outside intervention.\\

Ive setup on my external Nameserver running box: subethanet.mydomain.com NS -> mydomain.dyndns.org

Now, I can see this is working fine as I run wireshark on mydomain.dyndns.org and I can see all the DNS requests arriving on port 53 for subethanet.mydomain.com. So you'd think that'd be it?

Sadly, I cant seem to do anything with these requests. I've tried both Ozymandns and the dnstunneld script (the updated Ozymandns) and I have little luck. Neither seem to do anything with the packets. I did try dnsspoof and that at least heard the requests (it printed the A requests I was sending from the 'host' lookup i was doing) but it wouldnt send replies either.

So im a little stumped. I can see that port 53 is open as i've nmap'd from another server outside my home network and that seems good too. Totally stumped :S

Link to comment
Share on other sites

Ok, so heres the setup I have that doesn't quite seem to work

DNS Setup on mydomain.com

Name Server Subdomain

myserver.dyndns.com dnstunnel.mydomain.com

on my box at home:

myserver.dyndns.com settings

DNSHOST="dnstunnel.mydomain.com" # change this to your DNS name

REPLYIP="" # what to answer on real DNS requests

OPTIONS="" # give additional options here

DNSTUNNELD="/opt/dnstunnel/dnstunneld" # the server script

/etc/init.d/dnstunneld start

On the client box

ssh -C -o ProxyCommand="dnstunnelc -v sshdns.dnstunnel.mydomain.com" root@localhost

Resolving through:



ssh -D 8000 -N -C -o ProxyCommand="dnstunnelc sshdns.dnstunnel.mydomain.com" root@localhost

(this command just sits there... probably doing it's proxy thing)

I then setup firefox to do its test thing

I should point out my server is behind my NAT which has 53 open on the access box

Back on the Server


So the packets are arriving but they simply arent being forwarded properly and there is no return.

Im following the instructions given at http://www.splitbrain.org/blog/2008-11/02-...ing_made_simple

Edited by Oni
Link to comment
Share on other sites

Should point out that it appears that dnstunneld is bound to *.*:53 according to netstat on my little server box so clearly the resolution is working.

host mytunnel.mydomain.com doesnt return anything and times out but the packets still arrive so dnstunneld isn't doing basic DNS replies either. Something must be wrong with the way i've setup dnstunneld

Link to comment
Share on other sites

How's your experience been with Iodine? I've found Ozyman a bit more stable, but ya, definitely Iodine is easier.

I run Iodine on my WRT54g and have successfully tunnelled from netbook and N900. I had to set a lower mtu to get an ssh connection.

Not had any trouble yet but I don't use it all that frequently with HSPDA access being much faster.

Link to comment
Share on other sites

  • 3 weeks later...

I think I might have cracked it.... moblock!

I was running moblock and never released it was blocking my linode as it tends to be silent or at least, silentish.

I really REALLY need to get a cool app to do logging. With moblock off I can at least get DNS to reply and play nice.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...