Moved to #15213.

Brainstorming and planning for a DNS-based pluggable transport.

Encode data in recursive DNS queries and responses. Your local recursive resolver sends your packets to the right place. A dns bridge would be an authoritative name server for a particular domain; users would configure a domain rather than an IP address in their Bridge lines. Tools already exist to do DNS tunneling, for example iodine and dnscat2. Probably requires a reliability layer and periodic polling by the client.

Survey of DNS tunnel encodings

Brainstorming options for a reliability layer:

  • dnscat2 protocol: uses SYN, FIN, SEQ, ACK. Independent of DNS. (dnscat2 also has a separate procedure for encoding data as DNS requests/responses.)
  • KCP
  • libsctp or other user-space SCTP

Demo of encoding/decoding DNS with Scapy:

>>> from scapy.all import *
>>> str(DNS(rd=True, qd=DNSQR(qtype="A", qname=""))).encode("base64")
$ echo -n AAABAAABAAAAAAAAB2V4YW1wbGUDY29tAAABAAE= | base64 -d | curl -H 'Content-Type: application/dns-udpwireformat' --data-binary @- -o - | base64
<DNS  id=16705 qr=0L opcode=8L aa=0L tc=1L rd=1L ra=0L z=1L ad=0L cd=0L rcode=server-failure qdcount=26433 ancount=16706 nscount=16705 arcount=17729 qd='' an='' ns='' ar='' |<Raw  load='AAAAB2V4YW1wbGUDY29tAAABAAHADAABAAEAAAiRAARduNgi' |>>

Mailing list discussions

Last modified 6 months ago Last modified on Apr 25, 2020, 9:59:21 PM