💾 Archived View for thebackupbox.net › ~epoch › blog › NAT-and-dns captured on 2024-12-17 at 10:13:29. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2024-07-09)
-=-=-=-=-=-=-
(I need to get this turned into a normal text file and not copy-pasta IRC log)
08:04:40 < epoch> I thought of a neat idea for dealing with LAN and internet DNS
08:04:59 < epoch> probably how it was intended to be done, but I hadn't read to do it this way before
08:05:28 < epoch> so, you have a "domain" line in resolv.conf, which can be passed out by the DHCP server
08:05:52 < epoch> set it to something like, .local
08:06:30 < epoch> and if the domain that resolves to your WAN IP is domain.tld
08:06:37 < epoch> you make a domain.tld.local record
08:07:15 < epoch> since LAN hosts will check for domain.tld.local, you can have it be a LAN IP
08:08:17 < epoch> and since almost nobody uses absolute domain names (trailing .) you could also use this to hijack and DNS request
08:09:36 < epoch> my LAN is set to use whois.ano for the LAN domain, so I have thebackupbox.net.whois.ano set to the anonet IP
08:09:54 < epoch> of the box that my NAT would be forwarding the http port to
08:11:11 < randyr> just woke up and this melted my brain will read again after coffee
08:11:16 < epoch> now... if tor would have another fake TLD that I could use as "domain" so then I could force almost all things over tor by just setting the domain to it.
08:11:31 < epoch> like, derp.com.tor
08:11:43 < epoch> would be the transparent proxy IP for it
08:12:38 < epoch> I /could/ make a hidden service that uses its subdomain to proxy requests
08:12:54 < epoch> derp.com.asdfasdfasdf.onion
08:14:49 < epoch> I like this idea better than NAT pinning
08:15:18 < epoch> because it doesn't possibly cause the REMOTE_HOST to be my router IP instead of the client IP