Bash script that acts as a DNS proxy, except it queries several DNS servers
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
Bash script that acts as a DNS proxy, except it queries several DNS servers
If every DNS request is not sent to one DNS server but 2 or 3 such servers, then the results can be compared and if they disagree, you get an alert for suspicion of DNS poisoning or interception etc.
Can this be done with a bash script without any messing with C/C++ sources?
What's the bash command to listen to a port for DNS requests?
You can have netcat listen on port 53 for udp data.
Code:
nc -ul 53
You *might* be able to pull something together to do what you are asking with dnsmasq and its cache-list. But as far as a "DNS proxy" sort of thing that goes out to other DNS servers, compares the results, then reports back the consensus,.. that doesn't exist AFAIK.
Maybe a script could run 3 dig commands in parallel like this:
dig microsoft.com 4.2.2.4
dig microsoft.com <another dns server>
dig microsoft.com <another dns server>
and parse the output with sed to isolate the IP's. But if there is concensus, how can the IP be returned to the process that did the dns lookup? Simply allow the original query and response to complete, otherwise block it with an iptables rule?
Maybe a script could run 3 dig commands in parallel like this:
dig microsoft.com 4.2.2.4
dig microsoft.com <another dns server>
dig microsoft.com <another dns server>
and parse the output with sed to isolate the IP's. But if there is concensus, how can the IP be returned to the process that did the dns lookup? Simply allow the original query and response to complete, otherwise block it with an iptables rule?
something like:
Code:
host -t ns example.com | while read dom ns server; do dig +short $dom; done
Don't know what this does. We want to compare results from an arbitrary list of DNS servers, after intercepting a normal DNS query.
Trying the following but this only shows the SENT data that contains the domain name, the RCVD data does not show up. How do you force the DNS query to go through this piping arrangement?
File dns-proxy.sh:
Code:
# create fifo's
mkfifo -m 0600 "$BACK" "$SENT" "$RCVD"
# Keep parsing SENT fifo to get domain name
od -c -w100 <"$SENT" | sed "s/blah blah//g" &
# Keep parsing RCVD fifo to get IP
od -t u1 -w100 <"$RCVD" | sed "s/blah blah//g" &
# Keep listening and piping
nc -ul "$1" <"$BACK" | tee "$SENT" | nc -u "$2" "$3" | tee "$RCVD" >"$BACK"
Why doesn't a DNS query from firefox go through all of these pipes if you set the connection DNS server to 127.0.0.1, type the following and enter a url in firefox?
I see where you are going with this, and its certainly approaching a solution to your problem.
But, using 12+ different programs, for each DNS request, is going to get really, really expensive, processor-wise. And also, it will quadruple your DNS traffic. Keep that in mind, if you are thinking of deploying such a thing to your user-environment. My windows servers handle 60 million+ requests in a given day.
Also. 8.8.8.8 is google's dns server. Youll find that 4.2.2.2-4.2.2.8 is actually level3's servers.
Maybe the system has another DNS server and using that after my 127.0.0.1 DNS server takes too long?
What is the meaning of this stuff in /etc/resolv.conf?
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.1.1
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.