[iodine-users] iodined: header->qr does not match the requested qr

AreYouLoco? areyouloco at paranoici.org
Mon Mar 25 15:46:00 CET 2019 

Hi Erik,
Thank you for your interest.

>Sounds like you are getting replies instead of questions to your
>server.
Yes it's seems so. But I am not that  into DNS so I don't really know
what that means.

>Are you running the client from the same network as the server[...]
I didn't really try clients yet because the server is not working. but I
am going to try...

1. Client Andiodine (different network):
opened IPv4 UDP socket
Autodetecting DNS query type (use -T to override).......
[and after a while]
Error
Handshake failed

2. Client Iodine on Debian (same network but with VPN to go from
external IP):
Opened dns0
Opened IPv4 UDP socket
Sending DNS queries for tunnel.mydomain.tld to 192.168.x.x
Autodetecting DNS query type (use -T to override).....................
[and after a while]
iodine: No suitable DNS query type found. Are you connected to a network?
iodine: If you expect very long roundtrip delays, use -T explicitly.
iodine: (Also, connecting to an "ancient" version of iodined won't work.)

3. The web test (https://code.kryo.se/iodine/check-it/) is a client as
well I guess:
Troubleshoot your iodine setup
Analyzing DNS setup for tunnel domain 'tunnel.mydomain.tld'... (might
take some time)
Looking for nameserver for mydomain.tld.. got ns2.NAMESERVER.TLD (at
69.65.x.x).
Resolving delegation of tunnel.mydomain.tld at 69.65.x.x... not known.
Error: The tunnel name tunnel.mydomain.tld is not delegated to any host
according to nameserver ns2.NAMESERVER.TLD.

>with a remote nameserver in between?
This I don't understand.

My setup look like this I have openwrt router that has dynamic dns
script set up and its correctly assigns my public ip to mydomain.tld and
dns.mydomain.tld. (The router is also a server) I already asked my
dyndns provider if NS record should have a dot at the end and they
replied that they add it on the backend automatically. So this all
should not be the problem.

I have dns forwarding set on the router so it resolves local queries by
forwarding to DNS provider of my choice. And it should be on port 53 for
local hosts. So I tried to set -p 5353 switch for iodined and forwarded
external port 53 to internal 5353 in firewall setup. I think it should
be correct, no?

And doing so there was some small progress because iodined with -p 5353
didn't give the error mentioned in the subject instantly on running. But
just after I post a request on the webtest
(https://code.kryo.se/iodine/check-it/). So there is indeed some kind of
connection. I don't know how to dig deeper, tho.

I suspect it might be related to DNS itself. Do I have to run my own
standalone DNS on the server to be able to use iodined? I have local
resolving forwarded to some DNS provider. And that should do the job I
think.

Any further suggestions?

>It seem your network or DNS setup is wrong.
>Try recording the network traffic from both
>the server and clients point of view.
I will go into that in free-time. But I have almost no experience with
[wire|t]shark. But I am going to try. I have to learn that at some point
anyway.


On March 24, 2019 3:29:48 PM UTC, Erik Ekman <yarrick at kryo.se> wrote:
>Sounds like you are getting replies instead of questions to your
>server.
>Are you running the client from the same network as the server, with a
>remote nameserver in between?
>It seem your network or DNS setup is wrong. Try recording the network
>traffic from both the server and clients point of view.
>
>/Erik
>
>On Sat, 23 Mar 2019 at 21:35, AreYouLoco? <areyouloco at paranoici.org>
>wrote:
>
>> Hi,
>>
>> I am trying to set up a DNS tunnel to use with iodine and I am
>failing
>> so far to make the server part work. Some help would be useful. I was
>> following this guide:
>> http://rossmarks.uk/blog/setting-up-an-iodine-server/
>>
>> What I did... have succesfully added a A type record for
>> dns.mydomain.tld pointing to my IP and NS record tunnel.mydomain.tld
>> pointing to dns.mydomain.tld
>>
>> I installed iodine -v: version: 0.7.0 from 2014-06-16 on my openwrt
>> router (kernel > 4.4) and opened port 53 (checked with nmap). I am
>> trying to run iodined with this command:
>> iodined -fP password -d tap0 10.0.0.1 tunnel.mydomain.tld
>>
>> and I get:
>>
>> Opened tap0
>> Setting IP of tap0 to 10.0.0.1
>> Setting MTU of tap0 to 1130
>> Opened IPv4 UDP socket
>> Listening to dns for domain tunnel.mydomain.tld
>> iodined: header->qr does not match the requested qr
>> iodined: header->qr does not match the requested qr
>> iodined: header->qr does not match the requested qr
>> iodined: header->qr does not match the requested qr
>>
>> And last line keeps repeating. I didn't find search option to check
>the
>> archive of the mailinglist to look for solution. So I write.
>>
>> The only thing that I could find on the internet is this:
>> https://github.com/spritsail/iodine/issues/6 but it was related to
>old
>> busybox and I am running bash.
>>
>> I tried checking with https://code.kryo.se/iodine/check-it/ both
>> dns.mydomain.tld and tunnel.mydomain.tls but it gives me:
>>
>> [...]Expecting iodined to be accessible at x.x.x.x... no reply.
>>
>> Error: Make sure iodined is running and the firewall accepts UDP port
>> 53. Also check any port forwards in use. (checked with nmap it's
>open)
>> --
>>
>>
>> AreYouLoco?
>>
>> GPG 2717 7338 4742 E034 F65F 7C83 C757 3088 E8B7 DEDA
>>
>> _______________________________________________
>> iodine-users mailing lists
>> iodine-users at lists.wpkg.org
>> https://lists.wpkg.org/mailman/listinfo/iodine-users
>>

More information about the iodine-users mailing list