IP over DNS encapsulates IP traffic inside of DNS requests, allowing access to the Internet from behind captive portals. (coffee shops, airports, restrictive corporate network, etc.) Captive portals usually block all traffic but they allow DNS requests to flow through so that you can look up host names, If you can look up host names via DNS, you can create a IP tunnel over DNS.
For this to work you need a couple of things,
Choose a sub-domain for you domain. you will need to create two DNS records on the DNS server. One “NS” record and one “A” record.
dtun.example.com. NS ns-dtun.example.com.
ns-dtun.example.com. A 192.0.2.3
The purpose of this is that all requests to a certain sub-domain will be delegated to another name server which is running the fake DNS server.
To install the fake DNS server software, you need to set up Perl and install some modules if they are not already installed.
perl -MCPAN -e 'install MIME::Base32' perl -MCPAN -e 'install Net::DNS' perl -MCPAN -e 'install Digest::CRC'
Download and extract ozymandns_src_0.1.tgz
Start the software:
sudo ./nomde.pl -i 0.0.0.0 dtun.example.com
Make sure that the firewall on the server running the Fake DNS service allows port 53 inbound for TCP and UDP. The Perl script tends to crash frequently so I wrap it in a script that will re-run it in case of a crash:
#!/bin/sh while [ 1 ]; do ps -ef | grep -v grep | grep nomde if [ \$? -eq 1 ] then ./nomde.pl -i 0.0.0.0 dtun.example.com else echo .eq 0 - daemon found - do nothing. fi done
Save this file as ozymandns.sh and run it like
'( (./ozymandns.sh & ) & )' so that the script will keep running after you log out from your machine.
On the client side, install Perl and the same Perl modules as the server. You will also need SSH. For Windows machines, Cygwin provides all of the necessary software… Using SSH's ProxyCommand, all communication will be sent using droute.pl through the DNS tunnel to the server.
ssh -o ProxyCommand="./droute.pl dtun.example.com" -N -D 9999 -C user@localhost -v
This command will create a SOCKS proxy between the client and the server. To use it, you'll need to configure your software to communicate through SOCKS. Both FireFox and ThunderBird can do this. The connection is slow, but good enough for checking your email or surfing.
Circumventing a captive portal or restrictive corporate firewall may be illegal or get you fired from your job. Use at your own risk.