Forward DNS request to my work's jump server

5

I have SSH access to a jump box on my work. This jump box gives access to the complete network infrastructure at work. This is great to work from home.

I am able to run a SOCKS5 proxy on the jump box (via ssh -D) and successfully managed to configure my browser to use that SOCKS5 proxy for work hosts (via https://getfoxyproxy.org). Foxyproxy seems to forward DNS requests to that SOCKS5 proxy, so all is working fine.

My problem is that other tools, such as Maven (for building Java), is able to use a SOCKS5 proxy, but unable to forward DNS over it, unfortunately. This is a known limitation, as far as I know. So I ended up adding my work servers to /etc/hosts.

I am looking for a more dynamic and definite solution, to remove the burden of having to maintain /etc/hosts. In essence, I would like to keep using my ISPs DNS server as of now, but I want to forward DNS requests for my work servers (and only for them) to that jump box (either via SSH or that SOCKS5 proxy).

Is that possible?

Pritzl

Posted 2019-07-06T06:17:38.783

Reputation: 225

It's certainly possible, look at /etc/resolv.conf, and find out which way your distro uses to set this up (systemd, ...). Then configure this service to use your jump box as DNS server. – dirkt – 2019-07-06T06:24:31.647

Hi dirkt. Thank you, I will look at that. But please note, the question is not how to forward all DNS requests to the jum box, but only for hosts related to my work. So a DNS request for google.com, as an example, should still be handled by my ISP, and not my work. – Pritzl – 2019-07-06T06:31:48.357

I saw the question title and came to say "dnsmasq!" but see you've already got that answer. Another option that I've used in the past, as I see what you want to do is simply to work from home, is to use tmux to maintain an active session and do all my work on the remote machine. Obviously the suitability of this depends on how beefy your remote machine is :-) – Aaron F – 2019-07-06T14:54:21.940

@AaronF I thought about tmux, but did decide not to use it. I would rather do everything locally at home, instead in some session on some host at work. Thanks for the idea though! – Pritzl – 2019-07-07T18:43:41.387

Answers

6

Partial answer:

You can't selectively forward DNS requests for specific hosts in general (like Foxyproxy can handle specific requests for specific hosts or paths).

The only thing you can do is to run a DNS proxy somewhere that would answer requests for specific hosts itself, or forward requests following specific patterns to specific servers.

One popular DNS proxy is dnsmasq. You can configure it to forward DNS requests to different servers based on a pattern.

So you'd have to run dnsmasq on your local machine, use it for DNS resolution on your local machine, and configure it to use both your ISP's DNS server and the jump host DNS server as upstream DNS servers. That will require a bit of fiddling to get the configuration right, in particular to make it pickup both a dynamically given DNS your server (from your ISP) and a statically given one.

dirkt

Posted 2019-07-06T06:17:38.783

Reputation: 11 627

I did not know dnsmasq, that looks like exactly what I need. This sounds exciting. Thank you dirkt. – Pritzl – 2019-07-06T07:00:34.780

0

That's exactly what sshuttle is made for

Transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin. Works with Linux and MacOS. Supports DNS tunneling.

piec

Posted 2019-07-06T06:17:38.783

Reputation: 520

Asked: 2019-07-06T06:17:38.783

Viewed: 412 times

Active: 2019-07-10T09:26:31.470