Wednesday, February 25, 2015

Manage your remote devices over DNS

Manage your remote devices over DNS


I was having problems with my remote WRT routers, the tunnels go down and I have to reboot them to restore the tunnels. I tried to solve it with IPSEC DPD but it hasn't fixed this issue.I don't want a script to reboot the routers all time they lost the connection with the tunnel broker (this implies that if the tunnel broker goes down or has connectivity problems the clients will be restarting continuously) so I look for a better solution to this problem.

I wanted a light and portable solution that works through NAT and I found this interesting article Manage your evil code with DNSI coded it in this simple bash script:




You need to install this script on the remote router and configure the crontab to execute it. You can use it to execute whatever you want so you can access the router an fix the problem, I use a ssh reverse shell for this.

You also need a domain to use for the C&C server, they are cheap nowadays and uses to have a control panel or/and an API to create and modify registers. Moreover, you can use subdomains if you have a lot of clients and want to segment them.

If you want to have more control you can install a DNS server, but  this Python script https://github.com/paulchakravarti/dnslib permits you to have a customized solution:


$cat db.local

;
; BIND data file for device management
; USE A TTL EQUAL OR MINOR THAN YOUR CRON PERIOD
$TTL    300
@       IN      SOA     dyn.yourdomain.here. root.localhost. (
                              2         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
@       IN      NS      dyn.yourdomain.here.
@       IN      CNAME   yourdomain.here.
device1.tenant1.yourdomain.here.     IN      A       127.0.0.1
device1.tenant1.yourdomain.here.     IN      TXT     FUTURE
device2.tenant1.yourdomain.here.     IN      A       127.0.0.3
device1.tenant2.yourdomain.here.     IN      A       127.0.0.2


$sudo python zoneresolver.py --zone db.local