Tunnel dns Around Network Blockages

I find that guest networks at places like hotels and coffee shops frequently block outgoing dns requests. I have sometimes tried using the local network's dns server as provided by the dhcp lease, but it seems to often give incorrect results.

In extreme cases, where many services are being blocked, I'll use a vpn to route around the damage. Recently I've been using sshuttle, because it works well and is easy to set up.

But for dns I find it useful to continue running my local caching name server, and forward requests via socat and an ssh tunnel.

First set up the ssh tunnel, in .ssh/config:

Host someone-you-trust.example.org
LocalForward 53053 localhost:53053

Start socat on the server side. I start this at boot on my server and leave it running.

socat tcp4-listen:53053,reuseaddr,fork UDP:localhost:53

Then socat forwarding:

socat udp4-recvfrom:53053,reuseaddr,fork tcp:127.0.0.1:53053

And bind forwarding, in named.conf:

	forward only;
	forwarders port 53053 { 127.0.0.1; };

Kick the name server and it should all work.

rndc reconfig

Jim Rees