Say that you’re doing a pentest/RT with one end of a device connected to 4G dongle and the other end connected to the target network via ethernet. In such cases you want the box to fetch updates via 4G and only use the ethernet for the security test. Split DNS tunneling is a solution. However, sometimes you may already have a process bound to port 53/udp that you don’t want to kill (e.g. a C&C server such as CS / MSF). Unfortunately
/etc/resolv.conf does not allow you to specify a port on Linux (as far as I’m aware).
The following settings allow you to run dnsmasq on a different port but still work for a local resolver.
## vim /etc/dnsmasq.conf: # Set the alternative port port=5353 # Ignore /etc/resolv.conf no-resolv # Upstream DNS for normal traffic server=192.168.1.1 # Upstream DNS to resolve domain names for the security test server=/clientnetwork.local/10.0.0.1
Local DNS resolver step:
## vim /etc/resolv.conf: # Dummy nameserver. Will not be actually queried nameserver 192.0.2.3
# Redirect the DNS queries towards the dummy server # to go to the local dnsmasq instead iptables -t nat -I OUTPUT --dst 192.0.2.3 \ -p udp --dport 53 -j DNAT --to 127.0.0.1:5353