[iodine-users] iodine mangling passthrough DNS queries?

[Rick van Rein]

Hello,

First of all, thanks for iodine.  It looks like a well-done piece of software, and very useful to access low-traffic protocols like Kerberos that are suppressed by populustic interpretations of “Internet access”.  It may also be an interesting fallback carrier for my own 6bed4 tunnel, which provides IPv6 on any netwerk, usually with realtime p2p connections.

I tried iodine but was shocked to see it modify “normal” traffic.  What am I doing wrong?

I studied http://lists.wpkg.org/pipermail/iodine-users/2011-February/000018.html
and decided the transparancy warnings weren’t that awful and tried it as a stumbling block a low-traffic authoritative.  It only degrades IPv4 name service anyway ;-)

This mangled DNS answer was sent although the query fell outside the iodine-assigned topdomain, as shown by tshark:

78.905041 69.252.250.23 -> 123.45.67.89     DNS Standard query A ns1.mydomain.nep
78.905046 69.252.250.23 -> 123.45.67.89     DNS Standard query A ns2.mydomain.nep
78.905133     123.45.67.89 -> 69.252.250.23 DNS Standard query response CNAME hijauitcfjy.kj
78.905165     123.45.67.89 -> 69.252.250.23 DNS Standard query response CNAME hijauitcfjy.nq

I was running an iodine 0.6.0-rc1 client at the same time, but not on the client IP shown here.  Lacking a new 0.6.0, I’ve assumed that 0.6.0-rc1 == 0.6.0-stable.

The server is iodine 0.6.0 from the Debian Squeeze package.  I had iodine sitting on port 53, the “real” authoritative sitting on port 54 and the iodined was run with

/usr/sbin/iodined -f -b 54 -P sekreet 192.168.0.1 iodine.example.org

Note that iodine.example.org differs from mydomain.nep which nonetheless got the funny-looking CNAME response.  And no, my name servers aren’t hijacked; they are authoritatives not resolvers, and when I ask them on port 54 they did send proper replies ;-)

Am I mistaken, or is my normal DNS traffic incorrectly being mangled here?  Or did I goof up anywhere?

Thanks!
-Rick