Which iptables rules allow me to fake a remote DNS answer with a local DNS running on the router?

Question

A machine has a DNS set to 8.8.8.8
The network router has an ad hoc DNS running (say dnsmasq)

Which iptables rules allows to fake the response from the remote server 8.8.8.8 with the local router DNS?

For instance, if the router DNS is associating google.fr to the IP of google.co.uk, I want to be able to see this from the router (192.168.1.2 is the ansewer)

# dnsspoof
192.168.1.2.38072 > 8.8.8.8.53:  31752+ A? google.fr
8.8.8.8.53 > 192.168.1.2.38072: 31752+ A google.co.uk

Assuming that your router is running Linux http://serverfault.com/q/586486/37681 — HBruijn, Mar 22 '17 at 19:42

score 1 · Answer 1 · answered Mar 22 '17 at 21:10

1

iptables -t nat -A PREROUTING -p udp --dport 53 -j DNAT --to 127.0.0.1
[...]

answered Mar 22 '17 at 21:10

user123456

513
1
6
18

Which iptables rules allow me to fake a remote DNS answer with a local DNS running on the router?

1 Answers1