Manage your remote devices over DNS
I was having problems with my remote WRT routers, the tunnels go down and I have to reboot them to restore the tunnels. I tried to solve it with IPSEC DPD but it hasn't fixed this issue.I don't want a script to reboot the routers all time they lost the connection with the tunnel broker (this implies that if the tunnel broker goes down or has connectivity problems the clients will be restarting continuously) so I look for a better solution to this problem.
I wanted a light and portable solution that works through NAT and I found this interesting article Manage your evil code with DNS. I coded it in this simple bash script:
You need to install this script on the remote router and configure the crontab to execute it. You can use it to execute whatever you want so you can access the router an fix the problem, I use a ssh reverse shell for this.
You also need a domain to use for the C&C server, they are cheap nowadays and uses to have a control panel or/and an API to create and modify registers. Moreover, you can use subdomains if you have a lot of clients and want to segment them.
If you want to have more control you can install a DNS server, but this Python script https://github.com/paulchakravarti/dnslib permits you to have a customized solution:
$cat db.local ; ; BIND data file for device management ; USE A TTL EQUAL OR MINOR THAN YOUR CRON PERIOD $TTL 300 @ IN SOA dyn.yourdomain.here. root.localhost. ( 2 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; @ IN NS dyn.yourdomain.here. @ IN CNAME yourdomain.here. device1.tenant1.yourdomain.here. IN A 127.0.0.1 device1.tenant1.yourdomain.here. IN TXT FUTURE device2.tenant1.yourdomain.here. IN A 127.0.0.3 device1.tenant2.yourdomain.here. IN A 127.0.0.2 $sudo python zoneresolver.py --zone db.local