in linux, I can use ssh with port forwarding to map ports towards the server. How can I temporarily modify the DNS settings of the local computer? Normally these things would be handled by something like wireguard. But can it be done with simple ssh?

Temporarily Modifying DNS Settings in Linux Using SSH

When managing Linux systems, the ability to modify DNS settings temporarily can be critical for scenarios like testing or debugging network configurations. While technologies like WireGuard provide robust solutions for VPN connections and DNS management, it is indeed possible to achieve temporary DNS modifications using SSH, albeit with some limitations. This guide will explain the process step-by-step.

Understanding DNS and SSH

DNS (Domain Name System) is the service that translates human-readable domain names into IP addresses that machines use to identify each other. Modifying DNS settings allows a local system to resolve domain names based on different IP addresses, which is useful for testing changes before they go live or for accessing services on a development server.

SSH (Secure Shell) provides a secure channel over an unsecured network. While SSH is primarily used for secure remote server access, it can also encapsulate various types of traffic, including DNS queries.

Using SSH to Tunnel DNS Requests

1. Establishing SSH Tunnel for DNS: You can use SSH to forward DNS requests from your local machine through a remote server. This involves setting up a tunnel to redirect DNS queries to an external DNS server.

   Here’s how to set up an SSH tunnel that forwards DNS requests:

   ssh -D [local_port] -f -C -q [username]@[remote_host] -N
   

   • -D [local_port]: This option specifies a local “dynamic” port that SSH will use for forwarding.
   • -f: Requests SSH to go into the background just before command execution.
   • -C: Enables compression.
   • -q: Quiet mode.
   • -N: Tells SSH that no command will be executed on the remote server.

   For example:

   ssh -D 1080 -f -C -q user@example.com -N
   

   This command initiates an SSH connection to example.com and sets up a SOCKS proxy on localhost:1080.

2. Configuring DNS to Use the Tunnel: After establishing the tunnel, you’ll need to direct your local DNS queries through it. This can be done by changing the /etc/resolv.conf file temporarily.

   Edit /etc/resolv.conf to add a new resolver that points to your local proxy. For example, you may add:

   nameserver 127.0.0.1
   

   This directs all DNS queries to the SOCKS proxy you created with SSH.

3. Reverting Changes: Once you finish testing, restore your original DNS settings. This involves either removing the temporary nameserver entry from /etc/resolv.conf or restoring it to its previous state.

   This method is effective for temporarily altering DNS resolution via SSH without requiring additional tools.

Considerations and Limitations

• Temporary Nature: Changes in /etc/resolv.conf will typically revert upon reboot or when certain network services restart, depending on your distribution's configuration.
• SSL/TLS Complications: While DNS tunneling through SSH can redirect queries, be cautious of potential SSL/TLS handshake problems when accessing secured sites, as some setups may not be compatible.
• Firewall Rules: Ensure that firewall rules on both the local and remote server allow traffic on the specified ports for any necessary DNS and SSH connections.

Conclusion

Utilizing SSH for tunneling DNS requests provides a flexible, albeit temporary, solution for testing and other networking purposes. By establishing an SSH connection that forwards DNS queries, Linux users can effectively redirect their DNS settings without relying on more complex tools like WireGuard. Always remember to revert changes to maintain system integrity and performance.

For further detailed guidance on SSH tunneling and port forwarding, refer to resources like DigitalOcean's guide.