VPN over DNS relay

This is idle-talk forum. Write your greeting here. Feel free to discuss here for anything.
Post Reply
doiiido
Posts: 2
Joined: Tue Mar 19, 2019 5:00 pm

VPN over DNS relay

Post by doiiido » Tue Mar 19, 2019 5:17 pm

I´m thinking about a possible implementation of a VPN server to be acting as a DNS server that would work through DNS relay.

I stumbled into a network that blocked any kind of connection but the DNS requests relayed through the DNS Server provided by the DHCP itself, so it made me think about the possibility to set subdomains (the name of the subdomain can be up to 63 characters as payload) with low TTLs and return packets as TXT records (up to 255 characters) that would be relayed through.

I´m asking here because I don´t know how viable it would be, but it sure got my attention as the TTLs are for mostly DNS updates and not for DNS first propagation of a record.

Best Regards,
Lincoln.

demanick05
Posts: 6
Joined: Fri May 03, 2019 12:12 pm

Re: VPN over DNS relay

Post by demanick05 » Fri May 03, 2019 5:08 pm

Wow... Nice thought! I heard MIT use the same thing among their students

Jessica007
Posts: 5
Joined: Mon May 06, 2019 8:19 pm

Re: VPN over DNS relay

Post by Jessica007 » Wed May 08, 2019 10:36 pm

It's completely possible to set subdomains with low TTLs and return packets
The implementation of such VPN server is a good idea but may I ask what is your main goal here?

doiiido
Posts: 2
Joined: Tue Mar 19, 2019 5:00 pm

Re: VPN over DNS relay

Post by doiiido » Mon May 20, 2019 2:15 pm

I´ve had discussed it with one of my teachers and as Jessica007 said, it´s possible but would end up with a big ping, a (probably) slow bitrate but, for my surprise, it´s already being used in some covert channel applications.
It´s a potential project to bring it to public use, as a more agressive way to break through some low-end (or poorly implemented) firewall (ISPs) infrastructures.

Thank you all for the info and discussion!
Best regards,
Lincoln.

jennylove
Posts: 5
Joined: Tue Nov 05, 2019 6:08 am
Location: Dallas, TX

Re: VPN over DNS relay

Post by jennylove » Tue Nov 05, 2019 7:18 am

The actual thing is supposed to be this:

The Client uses the VPN Device as the DNS IP to use. The VPN Device acts as a DNS Relay and is supposed to pass the DNS query on to the Internal Active Directory DNS Server(s).

You can configure DNS relay on Single Firewalls, Firewall Clusters, and Virtual Firewalls.

Post Reply