Documentation
¶
Overview ¶
dnstt-server is the server end of a DNS tunnel.
Usage:
dnstt-server -gen-key [-privkey-file PRIVKEYFILE] [-pubkey-file PUBKEYFILE] dnstt-server -udp ADDR [-privkey PRIVKEY|-privkey-file PRIVKEYFILE] [-fallback FALLBACKADDR] DOMAIN UPSTREAMADDR
Example:
dnstt-server -gen-key -privkey-file server.key -pubkey-file server.pub dnstt-server -udp :53 -privkey-file server.key t.example.com 127.0.0.1:8000
With fallback for non-DNS traffic:
dnstt-server -udp :53 -privkey-file server.key -fallback 127.0.0.1:8888 t.example.com 127.0.0.1:8000
To generate a persistent server private key, first run with the -gen-key option. By default the generated private and public keys are printed to standard output. To save them to files instead, use the -privkey-file and -pubkey-file options.
dnstt-server -gen-key dnstt-server -gen-key -privkey-file server.key -pubkey-file server.pub
You can give the server's private key as a file or as a hex string.
-privkey-file server.key -privkey 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
The -udp option controls the address that will listen for incoming DNS queries.
The -mtu option controls the maximum size of response UDP payloads. Queries that do not advertise requester support for responses of at least this size at least this size will be responded to with a FORMERR. The default value is maxUDPPayload.
The -fallback option specifies a UDP address (host:port). If an incoming packet is not a valid DNS message, it will be forwarded to this address. This acts as a simple UDP proxy for non-DNS traffic, allowing another service to run on the same port.
DOMAIN is the root of the DNS zone reserved for the tunnel. See README for instructions on setting it up.
UPSTREAMADDR is the TCP address to which incoming tunnelled streams will be forwarded.
Source Files