Faking DNS from userland.md

Faking DNS from userland

To give false DNS responses from userland we need to handle different type of syscalls : gethostbyname(), gethostbyname2(), getaddrinfo(), getnameinfo(), etc. To cover all these cases, and to prevent leaks to real dns servers, we will use two libraries : libresolv_wrapper and libnss_wrapper.

Installation

Install resolv_wrapper and nss_wrapper, either from sources or from your favorite Linux distribution.

Configuration

Add the following content to your .bashrc (or .profile)

export LD_PRELOAD
export NSS_WRAPPER_HOSTS="$HOME/.fakehosts"
export RESOLV_WRAPPER_HOSTS="$HOME/.fakedns"

if [ -f "/usr/local/lib/libresolv_wrapper.so" ]; then
        LD_PRELOAD="/usr/local/lib/libresolv_wrapper.so $LD_PRELOAD"
fi

if [ -f "/usr/local/lib/libnss_wrapper.so" ]; then
        LD_PRELOAD="/usr/local/lib/libnss_wrapper.so $LD_PRELOAD"
fi

Usage

Adding a fake DNS

In your ~/.fakehosts :

127.0.0.10      my-super-site.example.com www.my-super-site.example.com
192.168.33.100   fake-dns-for-real-site.com   www.fake-dns-for-real-site.com

and in file ~/.fakedns :

A   my-super-site.example.com 127.0.0.10
A   www.my-super-site.example.com 127.0.0.10
A   fake-dns-for-real-site.com 192.168.33.100
A   www.fake-dns-for-real-site.com        192.168.33.100

Using the fake DNS resolver

1. First, make sure the environment variable LD_PRELOAD includes both libraries
2. then run the program (ex: firefox, chrome) that should access to the fake DNS .

Still not enough. getent ahosts dns.example.com and Socket.getaddrinfo in Ruby are not bothered :( I need to resort to either messing up with /etc/resolv.conf or custom DNS. But thanks for the info. At least I saw I'm not doing something wrong.