[Swan] Building tunnel specifically for DNS

Paul Wouters paul at nohats.ca
Thu Sep 20 20:13:46 UTC 2018


On Thu, 20 Sep 2018, Alex wrote:

> I'm interested in building a tunnel between two Linux boxes
> specifically to send DNS requests.
>
> We've been having some problems with some DNS query responses being
> dropped, and want to rule out the possibility they're being filtered
> along the way. I thought if we could tunnel the DNS queries, perhaps
> they wouldn't be filtered or otherwise dropped.
>
> Is this possible? Do you have an idea of a config you could share?

Yes it is possible. The easiest would be to just do a host-to-host
tunnel that covers everything included DNS, eg:

https://libreswan.org/wiki/Host_to_host_VPN

If you really want to limit it to DNS, then you need to that
that connection and copy it so you have two (using two different
names, eg dns-tcp and dns-ucp) and then add

 	# assumes left is the DNS client, right the DNS server
 	leftprotoport=udp/%any
 	rightprotoport=udp/53

on one connection and add the same but tcp instead of udp on the second
one.

Paul


More information about the Swan mailing list