Debind ------------ Debind is a tool to efficently tunnel, through a secure transport layer, every UDP DNS query your Linux machine makes. It redirect every UDP DNS queries (system wide) to debind, forge them into DNS TCP queries and forward them to a secure tunnel using SSH or other possible secure TCP tunnel you can come up with. Other very cool features come with it. Please use it, play with it and feel free to communicate with the authors for any questions/comments/contributions/ and beers to offer :). WHY: DNS is one of the most important service for Internet usage. As a matter of fact, this is also the most filtered and logged services accross ISPs in the world and thus being filtered, controlled and use for user profiling. With *debind*, you'll be able to reroute every DNS queries through a secure channel to a, hopefully, regular DNS server with less ISP "invasion". Using Tor, SSH, Web SOCKS, OTR chat, SSL IRC, etc... in any case, the DNS is the forgotten service which leaks to your ISP. Solution, use debind :). Cheers! REQUIREMENTS: - iptables Needed for DNAT option and NFQUEUE option. - libnetfilter_queue >= 1.0.0 It is a userspace library providing an API to packets that have been queued by the kernel packet filter. http://www.netfilter.org/projects/libnetfilter_queue/index.html Requires NFQUEUE option from the Netfilter project in your kernel. - libssh2 >= 1.30 It is a client-side C library implementing the SSH2 protocol. http://www.libssh2.org/ - libpopt Library for parsing command line parameters * Debian/Ubuntu package: libpopt-dev COMPILE: Download sources then: $ make and use "debind" binary. NOTE: At this point, there is no standard known build system (cmake or autoconf) so no installation mechanism. To install this on your system, simply copy it to /usr/bin/ and use it from there. Since there is a SSH tunnel to create, this makes it difficult to start it at boot. USAGE: Basic use case: In order to redirect *all* UDP DNS traffic, which is basically all DNS traffic of a standard Linux box, do the following: $ sudo ./debind --ssh USER@HOST[:PORT] --dnat --ssh : Will create the SSH tunnel using libssh2. --dnat: Will use iptables to DNAT every DNS request to the local port which is 1337. Note that you can use your own SSH tunnel created with the ssh client like so: $ ssh -L 1337:<forward-dns-ip>:53 ... and run debind: $ sudo ./debind --dnat -p 1337 Other options are available. Use --help for a complete listing.