[Swan] Building tunnel specifically for DNS
Tuomo Soini
tis at foobar.fi
Fri Sep 21 12:58:45 UTC 2018
On Thu, 20 Sep 2018 16:13:46 -0400 (EDT)
Paul Wouters <paul at nohats.ca> wrote:
> On Thu, 20 Sep 2018, Alex wrote:
>
> > I'm interested in building a tunnel between two Linux boxes
> > specifically to send DNS requests.
> Yes it is possible. The easiest would be to just do a host-to-host
> tunnel that covers everything included DNS, eg:
>
> https://libreswan.org/wiki/Host_to_host_VPN
>
> If you really want to limit it to DNS, then you need to that
> that connection and copy it so you have two (using two different
> names, eg dns-tcp and dns-ucp) and then add
>
> # assumes left is the DNS client, right the DNS server
> leftprotoport=udp/%any
> rightprotoport=udp/53
Note, this example is not enough, you also need another tunnel for
tcp/53 traffic. So Paul's initial suggestion to tunnel everything
host-host is quite much simpler.
--
Tuomo Soini <tis at foobar.fi>
Foobar Linux services
+358 40 5240030
Foobar Oy <https://foobar.fi/>
More information about the Swan
mailing list