tags:

views:

47

answers:

2

I noticed that BT Home are sending back fake DNS results from their DNS servers and this allows sites to bypass the IP addresses i have blocked in the firewall so i was looking to create my own DNS relay/server.

So far i can receive request on UDP port 53 and send them off to the DNS server and get a valid byte[] stream result and i then send back to the browser using the remote client port the request was made on but the browser just sends the request back again.

I've tested the code from a socket and the results work OK but for some reason IE/FF simply will not except the results.

    public void Listen()
    {
        receiveSocket = new Socket(AddressFamily.InterNetwork, SocketType.Dgram, ProtocolType.Udp );
        receiveEndPoint = new IPEndPoint(IPAddress.Any, receivePort); receiveSocket.Bind(receiveEndPoint); 
        receivePort = (receiveSocket.LocalEndPoint as IPEndPoint).Port; 
        receiveBuffer = new byte[BufferSize]; 
        receiveAsyncResult = receiveSocket.BeginReceiveFrom(receiveBuffer, 0, receiveBuffer.Length, SocketFlags.None, ref receiveEndPoint, new AsyncCallback(NetworkMessageReceivedCallback), receiveSocket);
    }


    public void NetworkMessageReceivedCallback(IAsyncResult asyncResult)
    {
        EndPoint remoteEndPoint = null;            
        byte[] bytes = null;                        
        remoteEndPoint = new IPEndPoint(IPAddress.Any, 0); //Will contain the clients port                
        int bytesRead = receiveSocket.EndReceiveFrom(asyncResult, ref remoteEndPoint);                                              
        bytes = new Byte[bytesRead];                
        Buffer.BlockCopy(receiveBuffer, 0, bytes, 0, bytesRead);
       //string ip = "208.67.222.222";
       string ip = "192.168.1.254";
       IPAddress dnsServer = IPAddress.Parse(ip);
       Response R = Resolver.Lookup(bytes, dnsServer);
       receiveSocket.SendTo(R.Message , remoteEndPoint);//127.0.0.1
       receiveSocket.Close();
       Listen();
    }
A: 

I never dealt with raw DNS from C# but it looks like you are trying to resolve the bytes you received from the client, instead of just relaying them to the DNS server.

The message you read off the UDP socket contains a DNS query, not just a host name. Take a look at the RFC 2929 for what goes in there.

You might be interested in this little but great DNS filter - adsuck - by Marco Peereboom (though it's for Unix, not Windows).

Nikolai N Fetissov
A: 

Also, shouldn't your try and listen to UDP and TCP. I think UDP is used mostly for authoritative DNS queries.

krico
Nearly all operations are UDP. TCP is only required by AFXR, DNSSEC, and for not-so-common cases of responses larger than 512 bytes.
jweyrich