NSTX (IP-over-DNS) HOWTO

Problem

You're sitting in an airport or in a cafe, and people want your money for Internet access. They do allow DNS traffic, though. If the ISP allows DNS traffic to any DNS server (and not just their own), you might consider running OpenVPN on UDP port 53 (thanks to Norman Rasmussen for this suggestion). If they don't, however, NSTX comes to the rescue. NSTX is a hack to tunnel IP traffic over DNS. NSTX (IP-over-DNS) seems cool, but you cannot get it to work. You've downloaded the latest version, maybe because you saw it mentioned on Slashdot. You've looked at the nstx project page and the freshmeat page. You even tried reading some confusing documentation. Maybe you gave up and tried OzymanDNS. But curiousity got the better of you. You really want to use this.

Once you've followed these instructions, you basically have a remote proxy, providing you with access to the Internet. Communication between you and the remote proxy is over NSTX.

If DNS traffic does not work, but ICMP traffic (i.e., ping) works, try ICMPTX: IP-over-ICMP. Note that these instructions play nicely with ICMPTX. You can run both on one proxy.

Keywords
nstx, ip-over-DNS, tunnel, firewall piercing, ifconfig, route, tun/tap, tun0.

Solution

You need several things to get going:
a DNS server that you can configure, (we'll call this ns.example.com)
another server, one not running DNS. We're going to assume the IP address of this machine is 1.2.3.4. The reason you cannot run DNS on the same machine, is that you're going to run nstx on this machine. Nstx must run on port 53, like DNS.
a crippled Internet connection, i.e., one that only allows you to issue DNS queries.

Read more: NSTX (IP-over-DNS) HOWTO

Official site: NSTX

Posted via email from jasper22's posterous