Blind
TCP over DNS tunnel b[l]ind written in go.
Install / Use
/learn @doxx/BlindREADME
B[l]ind - DNS Tunnel
A DNS tunneling tool for TCP traffic, written in Go.
Copyright (c) 2024 Barrett Lyon. All rights reserved. MIT License
Overview
Blind allows you to tunnel TCP traffic through DNS queries, enabling connectivity in restricted network environments. It consists of a client and server component that work together to establish a bidirectional communication channel using DNS protocols.
Features
- TCP over DNS tunneling
- Support for both client and server modes
- Automatic session management
- Resilient connection handling
- Debug logging
- Works with ssh
Installation
go install github.com/doxx/blind@latest
Or build from source:
git clone https://github.com/doxx/blind.git
cd blind
go build
Usage Examples
Basic Examples
- Simple SSH Tunnel:
# On DNS server (public internet)
sudo ./blind -server-listen 0.0.0.0:53 -server-dest 127.0.0.1:22
# On client machine (behind firewall)
./blind -client-listen 127.0.0.1:2222 -client-dest dns-server.com:53
# Connect via SSH
ssh -p 2222 user@127.0.0.1
- Debug Logging:
./blind -client-listen 127.0.0.1:2222 \
-client-dest dns.example.com:53 \
-debug
Advanced Examples
- HTTP Proxy Tunnel:
# Server side (forwarding to local HTTP proxy)
sudo ./blind -server-listen 0.0.0.0:53 -server-dest 127.0.0.1:3128 -debug
# Client side
./blind -client-listen 127.0.0.1:8080 -client-dest dns.example.com:53
# Configure browser to use 127.0.0.1:8080 as HTTP proxy
- Database Connection Tunnel:
# Server side (forwarding to PostgreSQL)
sudo ./blind -server-listen 0.0.0.0:53 -server-dest db.internal:5432
# Client side
./blind -client-listen 127.0.0.1:5432 -client-dest dns.example.com:53
# Connect to database
psql -h 127.0.0.1 -p 5432 -U dbuser dbname
Systemd Service Example
Create a systemd service file for automatic startup:
# /etc/systemd/system/blind.service
[Unit]
Description=Blind DNS Tunnel Service
After=network.target
[Service]
Type=simple
User=root
ExecStart=/usr/local/bin/blind -server-listen 0.0.0.0:53 -server-dest 10.0.0.1:22
Restart=always
RestartSec=5
[Install]
WantedBy=multi-user.target
Enable and start the service:
sudo systemctl enable blind
sudo systemctl start blind
sudo systemctl status blind
Docker Example
FROM golang:1.21-alpine
WORKDIR /app
COPY . .
RUN go build -o blind
FROM alpine:latest
COPY --from=0 /app/blind /usr/local/bin/
EXPOSE 53/udp
ENTRYPOINT ["blind"]
Run the Docker container:
# Server mode
docker run -p 53:53/udp blind -server-listen 0.0.0.0:53 -server-dest target:22
# Client mode
docker run -p 2222:2222 blind -client-listen 0.0.0.0:2222 -client-dest dns.example.com:53
License
MIT License - See LICENSE file for details
Author
Barrett Lyon
Related Skills
node-connect
336.9kDiagnose OpenClaw node connection and pairing failures for Android, iOS, and macOS companion apps
frontend-design
83.0kCreate distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, or applications. Generates creative, polished code that avoids generic AI aesthetics.
openai-whisper-api
336.9kTranscribe audio via OpenAI Audio Transcriptions API (Whisper).
commit-push-pr
83.0kCommit, push, and open a PR
