dns-relayer
is a program that relays dns packets.
go build .
usage: dns-relayer [bind_addr:bind_port] server_addr:server_port
bind_addr:bind_port
is :53
by default.
-
It can be used to analyze dns packets by relaying dns to a machine for analysis:
dns client <--> dns-relayer <--> dns server
./dns-relayer 192.168.0.10:53 8.8.8.8:53
2022/08/19 17:23:52 Serving on 192.168.0.10:53 2022/08/19 17:23:52 the provided server address is 8.8.8.8:53
-
You can also chain multiple relays:
dns client <--> dns-relayer(1) <--> dns-relayer(2) <--> ... <--> dns server
and this technique can be used to make use of a different port (other than 53) to prevent censorship firewalls from analyzing the dns packet and dropping it.
local remote ./dns-relayer 192.168.0.10:53 x.y.z.n:9090
./dns-relayer x.y.z.n:9090 8.8.8.8:53
now change dns settings to forward dns packets to
192.168.0.10:53
.
-
Serving on all interfaces can conflict with the local resolver that runs on
localhost
on 53:2022/08/19 18:00:49 listen udp :53: bind: address already in use
to prevent this issue use a specific interface addresss (ex
192.168.0.10
). -
Binding to ports below 1024 requires root priviliges.
-
There are other techniques that can be used to bypass censorship firewalls from dropping dns packets:
- DNS over HTTPS (DoH): https://en.wikipedia.org/wiki/DNS_over_HTTPS
- DNSCrypt: https://en.wikipedia.org/wiki/DNSCrypt