Sometimes, you are at an airport, hotel, train station, … Wireless Internet access is available, but very expensive, and you start to feel not so well because you haven’t checked your mail in the last 6 hours.

Often, DNS works : you can resolve everything, which is quite frustrating… But wait. Why can’t we tunnel IP packets into DNS packets ?

There are two existing solutions (to my knowledge) to do that. Both work using the same principle : you delegate a subdomain to a special DNS server (so you need to be able to run a DNS server somewhere, that means having UDP port 53 still available). Then, the client software issues DNS requests for TXT records in this subdomain. Data is encapsulated into those DNS requests.

NSTX (latest version, project page, Debian package) is written in C and tries to build a full VPN between you and the server. While it works, it doesn’t always work, probably because of some caching DNS servers which might not like your crafted packets. Also, it requires setting tun interfaces at both ends. So I gave up with it, and switched to OzymanDNS

OzymanDNS (latest release, no real documentation available) is a simpler alternative, written in Perl. It only allows you to tunnel a TCP connection, which is enough, because if you can establish an SSH connection, you can use SSH tunnelling, Socks proxying, or even build a full VPN with OpenSSH 4.3.

To run OzymanDNS, you need to install the necessary perl modules (Debian packages libnet-dns-perl and libmime-base32-perl, amongst others) on both ends. You also need to delegate a subdomain to your crafted server (we will use tunnel.example.com). Then :

• On the server, start: ./nomde.pl -i 127.0.0.1 tunnel.example.com (the -i 127.0.0.1 is not important, it’s just the IP address the server returns in case it receives an A query).
• On the client, run ssh with ProxyCommand: ssh -o ProxyCommand="./droute.pl sshdns.tunnel.example.com" localhost. The sshdns asks the server for a connection to localhost:22.
• You know have an SSH connection open to the other end.

While it’s not very fast, it’s still quite usable for stuff like reading mails with mutt. Also, I experienced some crashes while trying to transfer a quite large file with scp over socks over ssh over IP over DNS, so there might be some bugs. If somebody wants to hack on this … :-)

Update: Nice presentation about all this stuff here.

Update 2: As mentionned in the comments, there’s also iodine, which is similar to nstx (tunnelling IP over DNS using tun devices on both ends). I also found DNScat. It’s written in Java, and can do tunnelling using ppp.