Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Contact Us
Online Help
Domain Status
Man Pages

Virtual Servers

Topology Map

Server Agreement
Year 2038

USA Flag



Man Pages
dns2tcpc(1) FreeBSD General Commands Manual dns2tcpc(1)

dns2tcpc - A tunneling tool that encapsulate TCP traffic over DNS.

dns2tcpc [ -h ] [ -c ] [ -z domain zone ] [ -d debug_level ] [ -r resource ] [ -k key ] [ -f config_file ] [ -e command ] [ -T request type ] [ -l local_port ] [ server ]

dns2tcpc is a network tool used to encapsulate TCP communications in DNS. When connections are received on a specific port all TCP traffic is sent to the remote dns2tcpd server and forwarded to a specific host and port. Multiple connections are supported.

dns2tcpc was written for demonstration purposes.

Help Menu
Enable DNS compression. When used, be sure that all relay and DNS server support compression and really use it.
-z domain zone
Use this domain as endpoint.
-d debug level
Change debug level. Levels available are 1, 2 or 3.
-r resource
Remote resource to access.
-k key
Pre shared key used for authentication (identification).
-f config file
Configuration file to use.
-T request type
Request type to use. Actually only KEY and TXT requests are supported.
-e command
Command to execute, I/O are redirected in the tunnel.
-l local_port
Local port accepting incomming connections (or - for stdin on UNIX systems).
-t connection timeout
Maximum DNS server's answer delay in seconds. A valid delay is between 1 and 240 seconds. Default is 3.
DNS server to use. The first entry in resolv.conf file will be choosen if the server is not specified.

By default ${HOME}/.dns2tcprc is used if no configuration file is specified. Here is an example :

domain =
resource = ssltunnel
local_port = 4430
enable_compression = 0
debug_level = 1
key = mykey
# DNS to use
server =

dns2tcpc -k mykey -z mydns
Ask the dns2tcp server to list available resources.
ssh -o 'ProxyCommand dns2tcpc -r ssh -l - -z -k mykey mydns' myserver
Use dns2tcp as a proxy command with ssh. We try to connect to the ssh resource with the key 'mykey' and the DNS mydns.
dns2tcpc -r socat-resource -e '/bin/bash -i' -k mykey -z mydns
Use dns2tcp as a reverse shell, the remote shell will appear on the socat-resource.
dns2tcpc -d 1 -f /dev/null -r ssl-tunnel -l 2000 -k mykey -T KEY -z mydns
Do not use the default configuration file, bind local port 2000 and forward all the traffic on the remote ssl-tunnel resource, use the first debug level. Use KEY type DNS requests.

Olivier Dembour <>


Search for    or go to Top of page |  Section 1 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.