[Swan] Building tunnel specifically for DNS
Paul Wouters
paul at nohats.ca
Thu Sep 20 20:13:46 UTC 2018
On Thu, 20 Sep 2018, Alex wrote:
> I'm interested in building a tunnel between two Linux boxes
> specifically to send DNS requests.
>
> We've been having some problems with some DNS query responses being
> dropped, and want to rule out the possibility they're being filtered
> along the way. I thought if we could tunnel the DNS queries, perhaps
> they wouldn't be filtered or otherwise dropped.
>
> Is this possible? Do you have an idea of a config you could share?
Yes it is possible. The easiest would be to just do a host-to-host
tunnel that covers everything included DNS, eg:
https://libreswan.org/wiki/Host_to_host_VPN
If you really want to limit it to DNS, then you need to that
that connection and copy it so you have two (using two different
names, eg dns-tcp and dns-ucp) and then add
# assumes left is the DNS client, right the DNS server
leftprotoport=udp/%any
rightprotoport=udp/53
on one connection and add the same but tcp instead of udp on the second
one.
Paul
More information about the Swan
mailing list