mirror of
https://github.com/sshuttle/sshuttle.git
synced 2025-08-15 02:38:43 +02:00
Intercept DNS requests sent by systemd-resolved.
Previously, we would find DNS servers we wish to intercept traffic on by reading /etc/resolv.conf. On systems using systemd-resolved, /etc/resolv.conf points to localhost and then systemd-resolved actually uses the DNS servers listed in /run/systemd/resolve/resolv.conf. Many programs will route the DNS traffic through localhost as /etc/resolv.conf indicates and sshuttle would capture it. However, systemd-resolved also provides other interfaces for programs to resolve hostnames besides the localhost server in /etc/resolv.conf. This patch adds systemd-resolved's servers into the list of DNS servers when --dns is used. Note that sshuttle will continue to fail to intercept any traffic sent to port 853 for DNS over TLS (which systemd-resolved also supports). For more info, see: sshuttle issue #535 https://www.freedesktop.org/software/systemd/man/systemd-resolved.service.html https://github.com/systemd/systemd/issues/6076
This commit is contained in:
@ -104,10 +104,12 @@ Options
|
||||
|
||||
Capture local DNS requests and forward to the remote DNS
|
||||
server. All queries to any of the local system's DNS
|
||||
servers (/etc/resolv.conf) will be intercepted and
|
||||
servers (/etc/resolv.conf and, if it exists,
|
||||
/run/systemd/resolve/resolv.conf) will be intercepted and
|
||||
resolved on the remote side of the tunnel instead, there
|
||||
using the DNS specified via the :option:`--to-ns` option,
|
||||
if specified.
|
||||
if specified. Only plain DNS traffic sent to these servers
|
||||
on port 53 are captured.
|
||||
|
||||
.. option:: --ns-hosts=<server1[,server2[,server3[...]]]>
|
||||
|
||||
|
Reference in New Issue
Block a user