====== IPv4 Over DNS ======

IP over DNS encapsulates IP traffic inside of DNS requests, allowing access to the Internet from behind captive portals. (coffee shops, airports, restrictive corporate network, etc.) Captive portals usually block all traffic but they allow DNS requests to flow through so that you can look up host names, If you can look up host names via DNS, you can create a IP tunnel over DNS.

For this to work you need a couple of things,

    * A registered domain name;
    * A DNS server or access to a DNS Server that you can configure to resolve DNS queries for the registered domain name;
    * A machine on the Internet that can run a fake DNS server.

==== Domain Setup ====

Choose a sub-domain for you domain. you will need to create two DNS records on the DNS server. One "NS" record and one "A" record.

=== NS (Name Servers) ===
<code>
dtun.example.com.  NS    ns-dtun.example.com.
</code>

=== A (Host)=== 
<code>
ns-dtun.example.com.          A     192.0.2.3
</code>

The purpose of this is that all requests to a certain sub-domain will be delegated to another name server which is running the fake DNS server.

=== Fake DNS Server ===
To install the fake DNS server software, you need to set up Perl and install some modules if they are not already installed.

<code>
perl -MCPAN -e 'install MIME::Base32'
perl -MCPAN -e 'install Net::DNS'
perl -MCPAN -e 'install Digest::CRC'
</code>

Download and extract [[https://s3.amazonaws.com/dmk/ozymandns_src_0.1.tgz|ozymandns_src_0.1.tgz]]

Start the software:
<code>
sudo ./nomde.pl -i 0.0.0.0 dtun.example.com
</code>

Make sure that the firewall on the server running the Fake DNS service allows port 53 inbound for TCP and UDP. The Perl script tends to crash frequently so I wrap it in a script that will re-run it in case of a crash:
<code>
#!/bin/sh

while [ 1 ]; do
 ps -ef | grep -v grep | grep nomde
 if [ \$? -eq 1 ]
  then
   ./nomde.pl -i 0.0.0.0 dtun.example.com
 else
  echo .eq 0 - daemon found - do nothing.
 fi 
done
</code>

Save this file as ozymandns.sh and run it like '''( (./ozymandns.sh & ) & )''' so that the script will keep running after you log out from your machine.

=== Client Setup ===

On the client side, install Perl and the same Perl modules as the server. You will also need SSH. For Windows machines, Cygwin provides all of the necessary software... Using SSH's ProxyCommand, all communication will be sent using droute.pl through the DNS tunnel to the server.

<code>
ssh -o ProxyCommand="./droute.pl dtun.example.com" -N -D 9999 -C user@localhost -v
</code>
This command will create a SOCKS proxy between the client and the server. To use it, you'll need to configure your software to communicate through SOCKS. Both FireFox and ThunderBird can do this. //**The connection is slow, but good enough for checking your email or surfing.**//

=== Legal Notice ===

Circumventing a captive portal or restrictive corporate firewall may be illegal or get you fired from your job. Use at your own risk.

=== Further Reading ===

  * [[http://www.slideshare.net/dakami/bh-eu-05kaminsky-5939200|Dan Kaminsky - Black Ops of DNS]]
  * http://dnstunnel.de/