DNS | h4cc

I had the problem that my /etc/hosts wasn’t read by the system.

First: Use ping to test local Hostname lookups, because dig calls the nameservers directly.

There are two files that can configure in which order the lookup system are tried.
The two systems are the local hosts file and the normal DNS system.

/etc/host.conf

order hosts,bind
multi on

1 2	order hosts,bind multi on

“order hosts,bind” tells the system to use the hosts file first, and then try bind == DNS system.

/etc/nsswitch.conf

hosts: files dns

1	hosts: files dns

“hosts: files dns” tells the system to use the hosts files first, and then try DNS system.

Try which file has to be edited, because it is not clear which is used.

There a several ways of tunneling data through other services, like SSH or HTTP Proxys.
But it is also possible to tunnel via DNS, which is sometimes available in very restricted networks like Airport WLAN and such.

It works pretty straight forward:

You need a server and a domain. Setup a nameserver record and install one of the available DNS tunneling daemons.
Setup a client with the DNS tunneling client and tunnel your data through DNS requests.
Instead of sending dns requests like:
-> ‘Hey Server, what ip has www.google.com?’
<- 'Ist has 8.8.8.8 dear client'
the system will send something like this:
-> ‘Hey Server, please send this paket for me: base64[packet(http, get 'www.google.com')].mydomain.com’
<- 'Dear client, base64[Response(first part, '‘)]’
<- 'Dear client, base64[Response(second part, '…’)]’
<- ...
The server has to send multiple packets because DNS responses have a limited size. Also the transferred data is base64 encoded, otherwise it could not be transferred via the DNS protocol.

Check out this pages if you like to know more:

https://wiki.koumbit.net/DnsTunnel

http://dnstunnel.de/

h4cc

just a technical notebook

Tag Archives: DNS

Linux: /etc/hosts gets ignored

Read: Tunneling via DNS