Alternative Linux (iptables) method to resolve in host #102

NITEMAN · 2015-02-07T14:14:25Z

Abusing a bit the loopback interface, we can achieve resolution in the host without messing with dnsmasq nor resolv.conf

Tested on Debian 8 (jessie).

Steps:

Add a local DNS server (we'll choose 127.0.0.53 to avoid collitions) to your network connection, either:
- If using DHCP networking, edit /etc/dhcp/dhclient.conf and add prepend domain-name-servers 127.0.0.53;
- If using static networking, add 127.0.0.53 to your network connection via Network Manager (or other means)
Redirect DNS queries on that loopback interface to landrush daemon. Use the following iptables rules:

iptables -t nat -A OUTPUT -p udp -d 127.0.0.53 --dport 53 -j DNAT --to 127.0.0.1:10053
iptables -t nat -A OUTPUT -p tcp -d 127.0.0.53 --dport 53 -j DNAT --to 127.0.0.1:10053

Pros:

This may be automated inside landrush, providing a more straightforward integration in Linux

Cons:

This method intercepts DNS queries globally, not only for selected domains

The text was updated successfully, but these errors were encountered:

zfogg · 2015-05-21T03:24:59Z

+1

njam added the kind/task label Mar 13, 2016

hferentschik added kind/feature and removed kind/feature kind/task labels Feb 5, 2017

hferentschik added the priority/major label Sep 18, 2018

ExceptionGit mentioned this issue Jun 12, 2021

[Bug] "Replacing resolv.conf" fails without error orjail/orjail#76

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Alternative Linux (iptables) method to resolve in host #102

Alternative Linux (iptables) method to resolve in host #102

NITEMAN commented Feb 7, 2015

zfogg commented May 21, 2015

Alternative Linux (iptables) method to resolve in host #102

Alternative Linux (iptables) method to resolve in host #102

Comments

NITEMAN commented Feb 7, 2015

Steps:

Pros:

Cons:

zfogg commented May 21, 2015