Say that you’re doing a pentest/RT with one end of a device connected to 4G dongle and the other end connected to the target network via ethernet. In such cases you want the box to fetch updates via 4G and only use the ethernet for the security test. Split DNS tunneling is a solution. However, sometimes you may already have a process bound to port 53/udp that you don’t want to kill (e.g. a C&C server such as CS / MSF). Unfortunately
/etc/resolv.conf does not allow you to specify a port on Linux (as far as I’m aware).
The following settings allow you to run dnsmasq on a different port but still work for a local resolver.
# Set the alternative port
# Ignore /etc/resolv.conf
# Upstream DNS for normal traffic
# Upstream DNS to resolve domain names for the security test
Local DNS resolver step:
# Dummy nameserver. Will not be actually queried
# to go to the local dnsmasq instead
iptables -t nat -I OUTPUT --dst 192.0.2.3 \
-p udp --dport 53 -j DNAT --to 127.0.0.1:5353