On Thu, 20 Sep 2018, Alex wrote:
I'm interested in building a tunnel between two Linux boxes
specifically to send DNS requests.
We've been having some problems with some DNS query responses being
dropped, and want to rule out the possibility they're being filtered
along the way. I thought if we could tunnel the DNS queries, perhaps
they wouldn't be filtered or otherwise dropped.
Is this possible? Do you have an idea of a config you could share?
Yes it is possible. The easiest would be to just do a host-to-host
tunnel that covers everything included DNS, eg:
https://libreswan.org/wiki/Host_to_host_VPN
If you really want to limit it to DNS, then you need to that
that connection and copy it so you have two (using two different
names, eg dns-tcp and dns-ucp) and then add
# assumes left is the DNS client, right the DNS server
leftprotoport=udp/%any
rightprotoport=udp/53
on one connection and add the same but tcp instead of udp on the second
one.
Paul
_______________________________________________
Swan mailing list
Swan@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan
