[iodine-users] iodined: header->qr does not match the requested qr

Erik Ekman yarrick at kryo.se
Mon Mar 25 23:17:58 CET 2019 

On Mon, 25 Mar 2019 at 15:46, AreYouLoco? <areyouloco at paranoici.org> wrote:

> Hi Erik,
> Thank you for your interest.
>
> >Sounds like you are getting replies instead of questions to your
> >server.
> Yes it's seems so. But I am not that  into DNS so I don't really know
> what that means.
>
> >Are you running the client from the same network as the server[...]
> I didn't really try clients yet because the server is not working. but I
> am going to try...
>
> 1. Client Andiodine (different network):
> opened IPv4 UDP socket
> Autodetecting DNS query type (use -T to override).......
> [and after a while]
> Error
> Handshake failed
>
> 2. Client Iodine on Debian (same network but with VPN to go from
> external IP):
> Opened dns0
> Opened IPv4 UDP socket
> Sending DNS queries for tunnel.mydomain.tld to 192.168.x.x
> Autodetecting DNS query type (use -T to override).....................
> [and after a while]
> iodine: No suitable DNS query type found. Are you connected to a network?
> iodine: If you expect very long roundtrip delays, use -T explicitly.
> iodine: (Also, connecting to an "ancient" version of iodined won't work.)
>
> 3. The web test (https://code.kryo.se/iodine/check-it/) is a client as
> well I guess:
> Troubleshoot your iodine setup
> Analyzing DNS setup for tunnel domain 'tunnel.mydomain.tld'... (might
> take some time)
> Looking for nameserver for mydomain.tld.. got ns2.NAMESERVER.TLD (at
> 69.65.x.x).
> Resolving delegation of tunnel.mydomain.tld at 69.65.x.x... not known.
> Error: The tunnel name tunnel.mydomain.tld is not delegated to any host
> according to nameserver ns2.NAMESERVER.TLD.


You need to make this nameserver point your domain name to your router to
make things work. As long as this that server doesn’t do that it will it
work.

>
>
> >with a remote nameserver in between?
> This I don't understand.
>
> My setup look like this I have openwrt router that has dynamic dns
> script set up and its correctly assigns my public ip to mydomain.tld and
> dns.mydomain.tld. (The router is also a server) I already asked my
> dyndns provider if NS record should have a dot at the end and they
> replied that they add it on the backend automatically. So this all
> should not be the problem.


>
> I have dns forwarding set on the router so it resolves local queries by
> forwarding to DNS provider of my choice. And it should be on port 53 for
> local hosts. So I tried to set -p 5353 switch for iodined and forwarded
> external port 53 to internal 5353 in firewall setup. I think it should
> be correct, no?
>
> And doing so there was some small progress because iodined with -p 5353
> didn't give the error mentioned in the subject instantly on running. But
> just after I post a request on the webtest
> (https://code.kryo.se/iodine/check-it/). So there is indeed some kind of
> connection. I don't know how to dig deeper, tho.
>
> I suspect it might be related to DNS itself. Do I have to run my own
> standalone DNS on the server to be able to use iodined? I have local
> resolving forwarded to some DNS provider. And that should do the job I
> think.


You only need the nameserver responsible for your domain to delegate
traffic to your dynamic dns host. The router should send all incoming dns
traffic to iodined, so there should not be another externally reachable dns
server there.

>
>
> Any further suggestions?


>
> >It seem your network or DNS setup is wrong.
> >Try recording the network traffic from both
> >the server and clients point of view.
> I will go into that in free-time. But I have almost no experience with
> [wire|t]shark. But I am going to try. I have to learn that at some point
> anyway.
>

Good luck. Once you learn DNS and networking better you should be able to
set it up.

>
>
> On March 24, 2019 3:29:48 PM UTC, Erik Ekman <yarrick at kryo.se> wrote:
> >Sounds like you are getting replies instead of questions to your
> >server.
> >Are you running the client from the same network as the server, with a
> >remote nameserver in between?
> >It seem your network or DNS setup is wrong. Try recording the network
> >traffic from both the server and clients point of view.
> >
> >/Erik
> >
> >On Sat, 23 Mar 2019 at 21:35, AreYouLoco? <areyouloco at paranoici.org>
> >wrote:
> >
> >> Hi,
> >>
> >> I am trying to set up a DNS tunnel to use with iodine and I am
> >failing
> >> so far to make the server part work. Some help would be useful. I was
> >> following this guide:
> >> http://rossmarks.uk/blog/setting-up-an-iodine-server/
> >>
> >> What I did... have succesfully added a A type record for
> >> dns.mydomain.tld pointing to my IP and NS record tunnel.mydomain.tld
> >> pointing to dns.mydomain.tld
> >>
> >> I installed iodine -v: version: 0.7.0 from 2014-06-16 on my openwrt
> >> router (kernel > 4.4) and opened port 53 (checked with nmap). I am
> >> trying to run iodined with this command:
> >> iodined -fP password -d tap0 10.0.0.1 tunnel.mydomain.tld
> >>
> >> and I get:
> >>
> >> Opened tap0
> >> Setting IP of tap0 to 10.0.0.1
> >> Setting MTU of tap0 to 1130
> >> Opened IPv4 UDP socket
> >> Listening to dns for domain tunnel.mydomain.tld
> >> iodined: header->qr does not match the requested qr
> >> iodined: header->qr does not match the requested qr
> >> iodined: header->qr does not match the requested qr
> >> iodined: header->qr does not match the requested qr
> >>
> >> And last line keeps repeating. I didn't find search option to check
> >the
> >> archive of the mailinglist to look for solution. So I write.
> >>
> >> The only thing that I could find on the internet is this:
> >> https://github.com/spritsail/iodine/issues/6 but it was related to
> >old
> >> busybox and I am running bash.
> >>
> >> I tried checking with https://code.kryo.se/iodine/check-it/ both
> >> dns.mydomain.tld and tunnel.mydomain.tls but it gives me:
> >>
> >> [...]Expecting iodined to be accessible at x.x.x.x... no reply.
> >>
> >> Error: Make sure iodined is running and the firewall accepts UDP port
> >> 53. Also check any port forwards in use. (checked with nmap it's
> >open)
> >> --
> >>
> >>
> >> AreYouLoco?
> >>
> >> GPG 2717 7338 4742 E034 F65F 7C83 C757 3088 E8B7 DEDA
> >>
> >> _______________________________________________
> >> iodine-users mailing lists
> >> iodine-users at lists.wpkg.org
> >> https://lists.wpkg.org/mailman/listinfo/iodine-users
> >>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wpkg.org/pipermail/iodine-users/attachments/20190325/37ef301b/attachment-0001.html>

More information about the iodine-users mailing list