I´m thinking about a possible implementation of a VPN server to be acting as a DNS server that would work through DNS relay.
I stumbled into a network that blocked any kind of connection but the DNS requests relayed through the DNS Server provided by the DHCP itself, so it made me think about the possibility to set subdomains (the name of the subdomain can be up to 63 characters as payload) with low TTLs and return packets as TXT records (up to 255 characters) that would be relayed through.
I´m asking here because I don´t know how viable it would be, but it sure got my attention as the TTLs are for mostly DNS updates and not for DNS first propagation of a record.
Best Regards, 
Lincoln.
			
									
									
						VPN over DNS relay
- 
				demanick05
- Posts: 6
- Joined: Fri May 03, 2019 12:12 pm
Re: VPN over DNS relay
Wow... Nice thought! I heard MIT use the same thing among their students
			
									
									
						- 
				Jessica007
- Posts: 5
- Joined: Mon May 06, 2019 8:19 pm
Re: VPN over DNS relay
It's completely possible to set subdomains with low TTLs and return packets
The implementation of such VPN server is a good idea but may I ask what is your main goal here?
			
									
									
						The implementation of such VPN server is a good idea but may I ask what is your main goal here?
- 
				doiiido
- Posts: 2
- Joined: Tue Mar 19, 2019 5:00 pm
Re: VPN over DNS relay
I´ve had discussed it with one of my teachers and as Jessica007 said, it´s possible but would end up with a big ping, a (probably) slow bitrate but, for my surprise, it´s already being used in some covert channel applications.
It´s a potential project to bring it to public use, as a more agressive way to break through some low-end (or poorly implemented) firewall (ISPs) infrastructures.
Thank you all for the info and discussion!
Best regards,
Lincoln.
			
									
									
						It´s a potential project to bring it to public use, as a more agressive way to break through some low-end (or poorly implemented) firewall (ISPs) infrastructures.
Thank you all for the info and discussion!
Best regards,
Lincoln.
- 
				jennylove
- Posts: 5
- Joined: Tue Nov 05, 2019 6:08 am
Re: VPN over DNS relay
The actual thing is supposed to be this:
The Client uses the VPN Device as the DNS IP to use. The VPN Device acts as a DNS Relay and is supposed to pass the DNS query on to the Internal Active Directory DNS Server(s).
You can configure DNS relay on Single Firewalls, Firewall Clusters, and Virtual Firewalls.
			
									
									
						The Client uses the VPN Device as the DNS IP to use. The VPN Device acts as a DNS Relay and is supposed to pass the DNS query on to the Internal Active Directory DNS Server(s).
You can configure DNS relay on Single Firewalls, Firewall Clusters, and Virtual Firewalls.
