Tunneling Opera's DNS requests over SSH

Opera won't tunnel DNS requests over a socks5 proxy if you have one set. This is an example of how I used system wide changes to get Opera (and everything else) to use an ssh tunnel for DNS using a remote virtual private server, socat, dnsmasq, ssh, and resolv.conf. Both home and server are ubuntu 10.04.

(If you're on windows try: dns2socks.)

## In examples,
## vps.yourhost.com is remote VPS
## I use 'username' as my account on both the VPS and the my home machine. So I don't specify user in the commands below.
## Normally with ssh you can specify user with -l, like -l username

## Setup http tunnel, set Opera to use socks5 proxy 8080
ssh -C2qTnN -D 8080 vps.yourhost.com

## Setup DNS tunnel... the scheme is:
## Opera-> system dns on 127.0.0.1-> socat listens on port 53 redirects to 5353->
## ssh forwards port 5353 from 127.0.0.1 to vps.yourhost.com VPS->
## On the VPS another instance of socat takes port 5353 from the ssh tunnel and redirects to 53 local to VPS->
## VPS is running dnsmasq DNS proxy listening on 53, it proxies the DNS request to it's DNS server->
## VPS's DNS server sends back answer and it goes back through the established chain-> Opera

# local machine
# has primary DNS set to 127.0.0.1 , secondary to router's DNS.
sudo socat tcp4-listen:5353,reuseaddr,fork UDP:127.0.0.1:53
ssh -N -L 5353:127.0.0.1:5353 vps.yourhost.com

# remote machine
# with dnsmasq DNS proxy running on port 53,
# as root do;
socat -T15 udp4-recvfrom:53,reuseaddr,fork tcp:localhost:5353

Set /etc/resolv.conf to use localhost for DNS with the router as backup (for before you start the tunnel).

#search namecoin-suffix.dot-bit.org # check .bit address first
nameserver 127.0.0.1 # VPS SSH DNS tunnel (no .bit resolver)
nameserver 192.168.1.1 # Router based DNSmasq .bit resolver and normal DNS fallback

If you leave a backup nameserver Opera will still leak DNS and use it when the latency of answers from the tunneled DNS becomes high. For example, when I load a 300+ tab Opera session more than half of the DNS requests are sent unencrypted to 192.168.1.1. So, disable the backup nameserver by commenting it out once you've set up the tunnel.

## So... after doing all this after every reboot ( I made scripts ) Opera will now browse "securely".
## Opera->127.0.0.1:53->127.0.0.1:5353->ssh->(vps.yourhost.com:5353)->vps.yourhost.com:53->dns proxy->(real DNS server)->SUCCESS

---

## firefox makes things so much fucking easier.
## For Firefox you can just set it to use socks5 proxy for DNS requests ## network.proxy.socks_remote_dns = true , and,
ssh -C2qTnN -D 8080 vps.yourhost.com
# SUCCESS

Interests

• RTLSDR/GNU Radio
• 70-1000 MHz Radio Archive
  • Frequency hopping scans, directory list, an example.
• 11 GHz Interferometer
  • Resources
• Spiral Antenna
  • Resources
• Pyroelectric Particle Acceleration
  • Resources
• Dense Plasma Focus
  • Resources

Other

• TkTTS
  A Gnome2/Nautilus-script GUI frontend for text to speech apps. Includes a few extra text processing utilities. Screenshot.
• epub2text
  I wrote this because I didn't know about calibre's ebook-convert cli functionality. It is not good at what it does. Use ebook-covert.
• Host googleapis ajax locally
• Skins and Scrobbling with Audacious 2.x
• Ubuntu 10.04 ATI Bitcoin mining guide
• Compile OpenParsec on Ubuntu 10.04
• Tunnel DNS over SSH w/Opera on linux
• nginx bandwidth throttling
• Debian menu on MATE
• OpticsPlanet, Inc: Scammers

Photos

• Gallery (small size)
• Index List (full size)

Good Books

• Rodolfo R Llinás - I of the Vortex: From Neurons to Self
• Alexandre T Filippov - The Versatile Soliton
• Ichiro Sunagawa - Crystals: Growth, Morphology, and Perfection

Legal Bullshit

DMCA Requests

Terms of Use:

You may not access or use the site superkuh.com unless you are under 7 years of age. If you do not agree then you must leave now.

The US Dept. of Justice has determined that violating a website's terms of service is a felony under CFAA 1030(a)2(c). Under this same law I can declare that you may only use one IP address to access this site; circumvention is a felony. Absurd, isn't it?

It is my policy to regularly delete server logs.

About

I enjoy recursion, dissipating local energy gradients, lipid bilayers, particle acceleration, heliophysics instrumentation and generally anything with a high rate of change in electrical current. This site is a combination of my efforts to archive what I find interesting and my shoddy attempts to implement the aformentioned without a budget.

Recent Music

np: Cloudkicker - The Map is Not the Territory

• Libre.fm (old)
• Last.fm (old)

Recently Read

• Pat Murphy - Inappropriate Behavior
• The Mammoth Book of Best New SF 26
• Allen Steele - Near-Space 02 - Clark County, Space
• Frank Herbert - The Dosadi Experiment
• Olaf Stapledon - Last And First Men
• Olaf Stapledon - Star Maker
• John Brunner - The Sheep Look Up
• John Crowley - Engine Summer
• Raymond Vogel - Matter of Resistance
• Spider Robinson - The Mind 3 - Lifehouse
• Peter Watts - Malak
• Arthur C Clarke - The Songs of Distant Earth
• M R Carey - The Girl With All the Gifts
• Peter Watts - Echopraxia
• John Scalzi - Lock In
• Stephen Baxter - Proxima
• Raphael Carter - The Fortunate Fall
• Vernor Vinge - True Names
• Patrick Rothfuss - The Slow Regard of Silent Things
• Geoffrey Landis - Mars Crossing
• A L Sirois - Three-Body Problem
• James S A Corey - Cibola Burn
• David Brin - Tank Farm Dynamo
• Stephen Baxter - Bronze Summer
• SL Huang - Zero Sum Game
• Kim Stanley Robinson - Shaman
• James P Hogan - Voyage from Yesteryear

Contact

I get all email sent to @superkuh.com

Make-up any address *@superkuh.com

TorChat: fri6mj44l5bujjyp

I also use Retroshare.

IRC as 'superkuh'

• Freenode
• OFTC
• ShadowWorld
• SlashNET
• Quakenet

History

This site was previously located at superkuh.ath.cx, but that subdomain system was shut down.

Then it was at superkuh.com for a while until all data was lost. Now it's back, same place, much less content.

superkuh.bit on namecoin DNS.