I've been following this nstx
tutorial. I set up a server on tunnel.nix.is. It's set
up
to use the tun1 interface there. See also this tutorial for iodine.
Since the server is also a shadow DNS master for several domains I compiled a custom nstxd that listens on port 5252/udf instead of 53/udp. So these are the listening processes:
$ sudo netstat -ldnp | grep :5[23]
tcp 0 0 127.0.0.1:5300 0.0.0.0:* LISTEN 2244/pdns_recursor
tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN 17595/pdns_server-i
udp 0 0 0.0.0.0:53 0.0.0.0:* 17595/pdns_server-i
udp 0 0 0.0.0.0:5252 0.0.0.0:* 19470/nstxd
udp 0 0 127.0.0.1:5300 0.0.0.0:* 2244/pdns_recursor
And then I use iptables to route external
traffic
to 53/udp to either 53/udp (an actual DNS server) or 5252/udp
depending on the remote host. So as a result on the server itself
(from localhost):
v ~ (master) $ dig +short @localhost tunnel.nix.is
109.74.193.250
And externally I can do this:
$ dig +short @v.nix.is tunnel.nix.is TXT
"\180\000\000\000" ""
Which returns a reply from the nstxd. But externally that doesn't work:
$ dig +short @ns1.linode.com tunnel.nix.is TXT
$
Because that query will recurse through the linode servers, which'll return an empty TXT reply. So fail.