DeepZo
asked on
Is there a Local transparent dns proxy application ?
I'm not expert in Networking but i have some knowledge.
I have a question about local dns applications like DNSChef and Acrylic which are local DNS proxies used for caching dns records,
Is it possible to develop similar application that runs without setting 127.0.0.1 in my network configurations, the goal of this proxy is intercepting all Windows dns requests and forward them to a specific dns server and also intercept the response and read it.
i read about transparent dns proxies which are implemented in ISP Level not local.
I have a question about local dns applications like DNSChef and Acrylic which are local DNS proxies used for caching dns records,
Is it possible to develop similar application that runs without setting 127.0.0.1 in my network configurations, the goal of this proxy is intercepting all Windows dns requests and forward them to a specific dns server and also intercept the response and read it.
i read about transparent dns proxies which are implemented in ISP Level not local.
Agree that coding it locally into the app code is the safest mean if you really want it to loop with the machine. There is mentioned of technet to explicit configure loopback in the NIC card
Configure adapter settings to add the loopback IP address to the list of DNS servers on all active interfaces, but not as the first server in the list.
Configure network adapters on this DNS server to use the loopback address (127.0.0.1, 0:0:0:0:0:0:0:1, or ::1) as one of the DNS servers, but not as the first DNS server on the list. If the loopback address is configured as the first DNS server, then configure another DNS server first.
I think the asker is actually looking to install DNSchef or acrylic and have it "divert any and all requests on port 53" to this application without making any changes.
you could look at the ip security policy MMC's to see whether you can set a policy that deals with diverting requests on port 53 to any external resource with the exception of dnschef/acrylic to localhost:53,
The difficulty with network based diversion is how will policy distinguish a request from application1 versus dnschef.
you could look at the ip security policy MMC's to see whether you can set a policy that deals with diverting requests on port 53 to any external resource with the exception of dnschef/acrylic to localhost:53,
The difficulty with network based diversion is how will policy distinguish a request from application1 versus dnschef.
noted, straight off changing host file will be the most direct but as mentioned is to achieve w/o changing existing machine configuration as much as possible. Then it is likely running a fake dns server as like the dnschef. Acrylic, if I am not wrong has it own host file and you need to set Preferred DNS Server -> 127.0.0.1
Ideally these appl w/o installation are supposed to respond to all DNS queries with the specified IP address, logging the details of the received requests and transmitted responses. But that does not always works as these appl or tool attempts to automatically configure your local system to use localhost as the DNS server. Hence final resort (or be prepared) to still manually modify your DNS settings for localhost to work reliably as you will want it.
Unless it is a service developed to touches the kernel level or hardcoded into the appl to use localhost, external type of "fakedns" to work reliably still need to touch machine DNS settings..Also we must note that the use of DNS Proxy is recommended in situations where it is not possible to force an application to use some other proxy server directly.
Ideally these appl w/o installation are supposed to respond to all DNS queries with the specified IP address, logging the details of the received requests and transmitted responses. But that does not always works as these appl or tool attempts to automatically configure your local system to use localhost as the DNS server. Hence final resort (or be prepared) to still manually modify your DNS settings for localhost to work reliably as you will want it.
Unless it is a service developed to touches the kernel level or hardcoded into the appl to use localhost, external type of "fakedns" to work reliably still need to touch machine DNS settings..Also we must note that the use of DNS Proxy is recommended in situations where it is not possible to force an application to use some other proxy server directly.
ASKER
As arnold said
That's what i need and its not important to use DNSChef or Acrylic, i mentioned them as example.
So, the question again is:
I need an application that divert all requests on port 53 and forward them to a specific dns ip, at the same time this application should read all responses.
I think the asker is actually looking to install DNSchef or acrylic and have it "divert any and all requests on port 53" to this application without making any changes.
That's what i need and its not important to use DNSChef or Acrylic, i mentioned them as example.
So, the question again is:
I need an application that divert all requests on port 53 and forward them to a specific dns ip, at the same time this application should read all responses.
The only means by which this can be done is for the application to insert itself within the network interface and kernel, the short answer is that there is no such application that you can customize.
short of using netsh, vbscript, powershell scripts to remove existing while adding another name server which requires that the person under whose credentials the script runs has the requisite rights to make such a change, it is not possible on a computer by computer basis. You of course can achieve this on the outside firewall where you can configure the firewall to reroute any outgoing port 53 requests with the exception of the system with your preferred DNS service to this preferred DNS server.
short of using netsh, vbscript, powershell scripts to remove existing while adding another name server which requires that the person under whose credentials the script runs has the requisite rights to make such a change, it is not possible on a computer by computer basis. You of course can achieve this on the outside firewall where you can configure the firewall to reroute any outgoing port 53 requests with the exception of the system with your preferred DNS service to this preferred DNS server.
ASKER
So how software firewalls can control outbound and inbound traffice!
they are placed in the kernel closest to the interface.
and have required hooks into the kernel/device layer.
You are looking for an Application to overwrite kernel and other applications settings.
Effectively you are trying to find an application that can "hijack" the local traffic on the computer.
and have required hooks into the kernel/device layer.
You are looking for an Application to overwrite kernel and other applications settings.
Effectively you are trying to find an application that can "hijack" the local traffic on the computer.
as i have mentioned, to do the diversion, you need to be at the kernel to layer on the tcp stack and firewalll and AV does that, even wireshark. another possibility is dnsspoof
https://code.google.com/p/libcrafter/wiki/DNSSpoofing
https://code.google.com/p/libcrafter/wiki/DNSSpoofing
The following program does several things,
First we define the IP addresses of the DNS server (if the server is not on the LAN, it must be the address of the router) and the victim along with the keywords for DNS poisoning (contained in the spoof_list STL map: "google" and "proxy") and the false IP associated to each one of them.
Second, we perform and ARP Posion attack and spawn a sniffer listening to UDP traffic with a port equal to 53 (default for DNS). At this point, all traffic from the victim should be going through our machine. Therefore, IP forwarding is activated and we use IPTABLES to block all the UDP traffic with a source or destination port equal to 53.
In other words, all data going back and forth between the DNS server (192.168.1.1) and the victim (192.168.1.8) will be redirected correctly (through our kernel) except for the DNS traffic. The sniffer is responsible for processing them (through the DNSSpoofer function).
NOTE: Remember that libcrafter doesn't mind about local firewall rules. The sniffer will catch the DNS traffic even though the kernel is not processing/forwarding it.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
127.0.0.1 is a local loopback and does not need to be set.
I believe what you are talking about when using DNSchef or Acrylic,
you need to alter the DNS records from the IP settings to point to 127.0.0.1 other wise the DNS resolution requests go to the wrong DNS servers.
The issue you are trying to address is in no way related to DNSchef nor is it with Acrylic or any other DNS proxy application.
It seems what you are asking is for a way to override all other applications to send their DNS requests to the 127.0.0.1 where you have DNSchef or Acrylic running versus the Name server records defined on the system.
If you are the admin of a network, you can through DHCP configure the clients to direct their DNS requests to your configured DNS server that can be running any DNS applicaiton you choose.
If you want to write an application that presumes that there is a local DNS running, you of course can hard code it into the DNS portion of your application code versus relying on established/existing API interfaces to said tools.
Learn the DNS protocol, then use sockets to establish a connection to a local port 53, if it exists, create the requisite data packet to transmit the initial request, once you receive a response, cycle through until you get the answer you need, passing it on to your application.