Is there a Local transparent dns proxy application ?

I'm not expert in Networking but i have some knowledge.

I have a question about local dns applications like DNSChef and Acrylic which are local DNS proxies used for caching dns records,

Is it possible to develop similar application that runs without setting in my network configurations, the goal of this proxy is intercepting all Windows dns requests and forward them to a specific dns server and also intercept the response and read it.

i read about transparent dns proxies which are implemented in ISP Level not local.
Who is Participating?
btanConnect With a Mentor Exec ConsultantCommented:
Actually there is another means w/o really going into kernel is injecting to a targeted process such as this example on dnshijack, hooking at the application dns lookup call and change it when thte response comes back from the system...quite "unorthodox"

DnsHijack works by injecting a DLL into the Firefox process and hooking the gethostbyname function using the Detours library available from Microsoft Research. gethostbyname is the Winsock function that will be called by Firefox when it needs to perform a DNS lookup.
Please clarify what you mean. is a local loopback and does not need to be set.
I believe what you are talking about when using DNSchef or Acrylic,
you need to alter the DNS records from the IP settings to point to other wise the DNS resolution requests go to the wrong DNS servers.

The issue you are trying to address is in no way related to DNSchef nor is it with Acrylic or any other DNS proxy application.

It seems what you are asking is for a way to override all other applications to send their DNS requests to the where you have DNSchef or Acrylic running versus the Name server records defined on the system.

If you are the admin of a network, you can through DHCP configure the clients to direct their DNS requests to your configured DNS server that can be running any DNS applicaiton you choose.

If you want to write an application that presumes that there is a local DNS running, you of course can hard code it into the DNS portion of your application code versus relying on established/existing API interfaces to said tools.
Learn the DNS protocol, then use sockets to establish a connection to a local port 53, if it exists, create the requisite data packet to transmit the initial request, once you receive a response, cycle through until you get the answer you need, passing it on to your application.
btanExec ConsultantCommented:
Agree that coding it locally into the app code is the safest mean if you really want it to loop with the machine. There is mentioned of technet to explicit configure loopback in the NIC card

Configure adapter settings to add the loopback IP address to the list of DNS servers on all active interfaces, but not as the first server in the list.
Configure network adapters on this DNS server to use the loopback address (, 0:0:0:0:0:0:0:1, or ::1) as one of the DNS servers, but not as the first DNS server on the list. If the loopback address is configured as the first DNS server, then configure another DNS server first.
Become a Leader in Data Analytics

Gain the power to turn raw data into better business decisions and outcomes in your industry. Transform your career future by earning your MS in Data Analytics. WGU’s MSDA program curriculum features IT certifications from Oracle and SAS.  

I think the asker is actually looking to install DNSchef or acrylic and have it "divert any and all requests on port 53" to this application without making any changes.

you could look at the ip security policy MMC's to see whether you can set a policy that deals with diverting requests on port 53 to any external resource with the exception of dnschef/acrylic to localhost:53,
The difficulty with network based diversion is how will policy distinguish a request from application1 versus dnschef.
btanExec ConsultantCommented:
noted, straight off changing host file will be the most direct but as mentioned is to achieve w/o changing existing machine configuration as much as possible. Then it is likely running a fake dns server as like the dnschef. Acrylic, if I am not wrong has it own host file and you need to set Preferred DNS Server ->

Ideally these appl w/o installation are supposed to respond to all DNS queries with the specified IP address, logging the details of the received requests and transmitted responses. But that does not always works as these appl or tool attempts to automatically configure your local system to use localhost as the DNS server. Hence final resort (or be prepared) to still manually modify your DNS settings for localhost to work reliably as you will want it.

Unless it is a service developed to touches the kernel level or hardcoded into the appl to use localhost, external type of "fakedns" to work reliably still need to touch machine DNS settings..Also we must note that the use of DNS Proxy is recommended in situations where it is not possible to force an application to use some other proxy server directly.
DeepZoAuthor Commented:
As arnold said
I think the asker is actually looking to install DNSchef or acrylic and have it "divert any and all requests on port 53" to this application without making any changes.

That's what i need and its not important to use DNSChef or Acrylic, i mentioned them as example.

So, the question again is:

I need an application that divert all requests on port 53 and forward them to a specific dns ip, at the same time this application should read all responses.
The only means by which this can be done is for the application to insert itself within the network interface and kernel, the short answer is that there is no such application that you can customize.  

short of using netsh, vbscript, powershell scripts to remove existing while adding another name server which requires that the person under whose credentials the script runs has the requisite rights to make such a change, it is not possible on a computer by computer basis.  You of course can achieve this on the outside firewall where you can configure the firewall to reroute any outgoing port 53 requests with the exception of the system with your preferred DNS service to this preferred DNS server.
DeepZoAuthor Commented:
So how software firewalls can control outbound and inbound traffice!
they are placed in the kernel closest to the interface.

and have required hooks into the kernel/device layer.

You are looking for an Application to overwrite kernel and other applications settings.
Effectively you are trying to find an application that can "hijack" the local traffic on the computer.
btanExec ConsultantCommented:
as i have mentioned, to do the diversion, you need to be at the kernel to layer on the tcp stack and firewalll and AV does that, even wireshark. another possibility is dnsspoof

The following program does several things,

First we define the IP addresses of the DNS server (if the server is not on the LAN, it must be the address of the router) and the victim along with the keywords for DNS poisoning (contained in the spoof_list STL map: "google" and "proxy") and the false IP associated to each one of them.

Second, we perform and ARP Posion attack and spawn a sniffer listening to UDP traffic with a port equal to 53 (default for DNS). At this point, all traffic from the victim should be going through our machine. Therefore, IP forwarding is activated and we use IPTABLES to block all the UDP traffic with a source or destination port equal to 53.
In other words, all data going back and forth between the DNS server ( and the victim ( will be redirected correctly (through our kernel) except for the DNS traffic. The sniffer is responsible for processing them (through the DNSSpoofer function).

NOTE: Remember that libcrafter doesn't mind about local firewall rules. The sniffer will catch the DNS traffic even though the kernel is not processing/forwarding it.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.