I have two DNS servers A and B (A is within a controled area where DNS requests are likely being monitored even using DoH - either DoH is blocked or the DoH server itself is monitored too),B is outside of the controled area. Both of the servers provides DNS service on port 53. The difference is, A's upstream server is set to 127.0.0.1:1234 (local ip), and B's upsteram server points to real DNS servers such as 8.8.8.8.
I wanted to setup a SSH tunnel between A and B:
ssh -L 1234:localhost:53 user@B_ip
so that A's 127.0.0.1:1234 can work as A's upstream DNS server. This way, when I use A as my local DNS server, its requests will safely transfer to B and never be monitored by ISP. However, I can't get this to work:
I ensured that both A and B can work separately (setting A's upstream to 8.8.8.8, B the same), the tunnel was created successfully, but once I change A's upstream DNS to 127.0.0.1:1234 (the tunnel), it times out.
This is my test servers within the same LAN: A's dnsmasq.conf:
port=53
listen-address=10.0.0.125
server=127.0.0.1#5533
#server=10.0.0.130
B's dnsmasq.conf:
port=53
listen-address=127.0.0.1,10.0.0.130
server=8.8.8.8
Im not sure if I missed anything, these two servers are within the same LAN and can work fine separately, I just cannot get the tunnel working, any ideas are much appreciated!
I found the reason why it didn't work...I used dig command to test the services, but it turns out dig command uses UDP as default to send DNS requests, and that's why the reuqests cannot go through the SSH tunnel which uses TCP. With the same setup, use +tcp option will get it working: