### Configure and Run dnstt Server Source: https://context7.com/mygod/dnstt/llms.txt Starts the dnstt server to listen for DNS queries and forward traffic to an upstream TCP service. Supports custom MTU settings, fallback proxies, and hex-encoded private keys. ```bash # Basic server setup dnstt-server -udp :5300 -privkey-file server.key t.example.com 127.0.0.1:8000 # Server with custom MTU and fallback dnstt-server -udp :5300 -mtu 512 -privkey-file server.key -fallback 127.0.0.1:8888 t.example.com 127.0.0.1:8000 ``` -------------------------------- ### Manage Noise Protocol Keys in Go Source: https://context7.com/mygod/dnstt/llms.txt Provides examples for generating, saving, loading, and encoding cryptographic keys used by the Noise protocol. It utilizes the dnstt/noise package to handle private and public key operations. ```go package main import ( "fmt" "os" "www.bamsoftware.com/git/dnstt.git/noise" ) func main() { privkey, err := noise.GeneratePrivkey() if err != nil { panic(err) } pubkey := noise.PubkeyFromPrivkey(privkey) fmt.Printf("Private key: %x\n", privkey) fmt.Printf("Public key: %x\n", pubkey) privFile, _ := os.Create("server.key") noise.WriteKey(privFile, privkey) privFile.Close() pubFile, _ := os.Create("server.pub") noise.WriteKey(pubFile, pubkey) pubFile.Close() f, _ := os.Open("server.pub") loadedPubkey, err := noise.ReadKey(f) f.Close() if err != nil { panic(err) } fmt.Printf("Loaded public key: %x\n", loadedPubkey) hexKey := "14ca15f53660e248d289d9302f992c4bee518f2361d6343dafa7b417b5a3d752" decodedKey, err := noise.DecodeKey(hexKey) if err != nil { panic(err) } fmt.Printf("Decoded key: %x\n", decodedKey) encoded := noise.EncodeKey(decodedKey) fmt.Printf("Encoded key: %s\n", encoded) } ``` -------------------------------- ### Create and Use QueuePacketConn for Virtual Packet Connections (Go) Source: https://context7.com/mygod/dnstt/llms.txt Demonstrates how to create and utilize QueuePacketConn for establishing virtual packet-based connections. It covers queuing incoming and outgoing packets, reading from and writing to the connection, and managing stashed packets for a given client ID. This is useful for simulating network packet behavior in tests or custom tunneling logic. ```go package main import ( "time" "www.bamsoftware.com/git/dnstt.git/turbotunnel" ) func main() { // Create a new QueuePacketConn localAddr := turbotunnel.DummyAddr{} timeout := 4 * time.Minute qconn := turbotunnel.NewQueuePacketConn(localAddr, timeout) defer qconn.Close() // Generate a client ID for session tracking clientID := turbotunnel.NewClientID() // Queue an incoming packet (simulating received data) incomingData := []byte("received packet data") qconn.QueueIncoming(incomingData, clientID) // Read the queued packet buf := make([]byte, 4096) n, addr, err := qconn.ReadFrom(buf) if err != nil { panic(err) } println("Received from", addr.String(), ": ", string(buf[:n])) // Write an outgoing packet outgoingData := []byte("data to send") qconn.WriteTo(outgoingData, clientID) // Get the outgoing queue for a specific client sendQueue := qconn.OutgoingQueue(clientID) select { case packet := <-sendQueue: println("Packet to send:", string(packet)) default: println("No packet waiting") } // Use stash for temporary packet storage extraPacket := []byte("stashed packet") if qconn.Stash(extraPacket, clientID) { println("Packet stashed successfully") } // Retrieve stashed packet stashChan := qconn.Unstash(clientID) select { case p := <-stashChan: println("Retrieved from stash:", string(p)) default: println("Stash empty") } } ``` -------------------------------- ### Generate and Use ClientID for Session Management (Go) Source: https://context7.com/mygod/dnstt/llms.txt Illustrates the creation and usage of ClientID for managing client sessions. It shows how to generate a new ClientID, access its network and string representations, and compare different ClientIDs. It also demonstrates the use of DummyAddr when a net.Addr is required but not functionally relevant. ```go package main import ( "fmt" "www.bamsoftware.com/git/dnstt.git/turbotunnel" ) func main() { // Generate a random client ID clientID := turbotunnel.NewClientID() // ClientID implements net.Addr interface fmt.Printf("Network: %s\n", clientID.Network()) // "clientid" fmt.Printf("String: %s\n", clientID.String()) // hex-encoded 8 bytes // ClientIDs can be compared clientID2 := turbotunnel.NewClientID() if clientID != clientID2 { fmt.Println("Different clients") } // Use DummyAddr when a net.Addr is required but not relevant dummy := turbotunnel.DummyAddr{} fmt.Printf("Dummy network: %s\n", dummy.Network()) // "dummy" fmt.Printf("Dummy string: %s\n", dummy.String()) // "dummy" } ``` -------------------------------- ### Construct DNS Messages in Go Source: https://context7.com/mygod/dnstt/llms.txt Demonstrates how to create, encode, and parse DNS query and response messages using the dnstt/dns package. It covers setting message headers, question sections, and TXT record data. ```go package main import ( "fmt" "www.bamsoftware.com/git/dnstt.git/dns" ) func main() { domain, _ := dns.ParseName("t.example.com") query := &dns.Message{ ID: 0x1234, Flags: 0x0100, Question: []dns.Question{ { Name: domain, Type: dns.RRTypeTXT, Class: dns.ClassIN, }, }, } wireData, err := query.WireFormat() if err != nil { panic(err) } fmt.Printf("Wire format length: %d bytes\n", len(wireData)) response := &dns.Message{ ID: 0x1234, Flags: 0x8400, Question: query.Question, Answer: []dns.RR{ { Name: domain, Type: dns.RRTypeTXT, Class: dns.ClassIN, TTL: 60, Data: dns.EncodeRDataTXT([]byte("tunnel payload data here")), }, }, } responseWire, _ := response.WireFormat() fmt.Printf("Response length: %d bytes\n", len(responseWire)) } ``` -------------------------------- ### Establish Encrypted Noise Connections in Go Source: https://context7.com/mygod/dnstt/llms.txt Shows how to wrap standard io.ReadWriteCloser connections with Noise encryption for both client and server roles. This ensures all data transmitted over the connection is automatically encrypted and decrypted. ```go package main import ( "io" "net" "www.bamsoftware.com/git/dnstt.git/noise" ) func serverHandler(conn net.Conn, privkey []byte) { encrypted, err := noise.NewServer(conn, privkey) if err != nil { conn.Close() return } defer encrypted.Close() buf := make([]byte, 4096) n, err := encrypted.Read(buf) if err != nil && err != io.EOF { return } encrypted.Write([]byte("Hello from server")) } func clientConnect(serverAddr string, serverPubkey []byte) { conn, err := net.Dial("tcp", serverAddr) if err != nil { return } encrypted, err := noise.NewClient(conn, serverPubkey) if err != nil { conn.Close() return } defer encrypted.Close() encrypted.Write([]byte("Hello from client")) buf := make([]byte, 4096) n, _ := encrypted.Read(buf) println(string(buf[:n])) } ``` -------------------------------- ### Configure Shadowsocks Plugin Source: https://context7.com/mygod/dnstt/llms.txt Uses dnstt-client as a plugin for Shadowsocks. This allows Shadowsocks to tunnel traffic through DNS via environment variables or command-line arguments. ```bash export SS_PLUGIN_OPTIONS="doh=https://dns.google/dns-query;domain=t.example.com;pubkey=14ca15f53660e248d289d9302f992c4bee518f2361d6343dafa7b417b5a3d752" export SS_LOCAL_HOST="127.0.0.1" export SS_LOCAL_PORT="7000" # Run client without arguments (reads from environment) dnstt-client # Full ss-local command with plugin ss-local -s 0.0.0.1 -p 1 -l 1080 -k password \ --plugin dnstt-client \ --plugin-opts 'doh=https://dns.google/dns-query;domain=t.example.com;pubkey=14ca15f53660e248d289d9302f992c4bee518f2361d6343dafa7b417b5a3d752' ``` -------------------------------- ### Parse DNS Messages in Go Source: https://context7.com/mygod/dnstt/llms.txt Demonstrates how to parse raw DNS wire format data into structured Go objects using the dnstt DNS package. ```go package main import ( "fmt" "www.bamsoftware.com/git/dnstt.git/dns" ) func main() { wireData := []byte{...} message, err := dns.MessageFromWireFormat(wireData) if err != nil { panic(err) } fmt.Printf("ID: %d\n", message.ID) for _, q := range message.Question { fmt.Printf("Question: %s Type=%d Class=%d\n", q.Name, q.Type, q.Class) } } ``` -------------------------------- ### Create and Encode DNS Names in Go Source: https://context7.com/mygod/dnstt/llms.txt Utility functions for parsing, creating, and manipulating DNS domain names using the dnstt DNS library. ```go package main import ( "fmt" "www.bamsoftware.com/git/dnstt.git/dns" ) func main() { name, _ := dns.ParseName("subdomain.t.example.com") labels := [][]byte{[]byte("www"), []byte("example"), []byte("com")} name2, _ := dns.NewName(labels) suffix, _ := dns.ParseName("example.com") prefix, ok := name2.TrimSuffix(suffix) if ok { fmt.Printf("Prefix: %s\n", prefix) } } ``` -------------------------------- ### Configure HTTP Proxy with Ncat Source: https://context7.com/mygod/dnstt/llms.txt Sets up an HTTP proxy tunnel using Ncat and dnstt. It involves running the dnstt-server alongside an Ncat proxy and connecting via the dnstt-client. ```bash # Server side: Run Ncat HTTP proxy and tunnel server ncat -l -k --proxy-type http 127.0.0.1 8000 dnstt-server -udp :5300 -privkey-file server.key t.example.com 127.0.0.1:8000 # Client side: Connect to tunnel and use as HTTP proxy dnstt-client -doh https://dns.google/dns-query -pubkey-file server.pub t.example.com 127.0.0.1:7000 # Test the proxy curl --proxy http://127.0.0.1:7000/ https://wtfismyip.com/text ``` -------------------------------- ### Generate dnstt Server Keypair Source: https://context7.com/mygod/dnstt/llms.txt Generates a persistent keypair required for server authentication and end-to-end encryption. The keys can be saved to files or printed to standard output for manual configuration. ```bash # Generate keypair and save to files dnstt-server -gen-key -privkey-file server.key -pubkey-file server.pub # Generate keypair and print to stdout dnstt-server -gen-key ``` -------------------------------- ### Configure SOCKS Proxy with SSH Source: https://context7.com/mygod/dnstt/llms.txt Establishes a SOCKS proxy tunnel by wrapping SSH traffic within dnstt. This allows secure SOCKS5 proxying over DNS. ```bash # Server side: SSH SOCKS proxy listening on port 8000 ssh -N -D 127.0.0.1:8000 -o NoHostAuthenticationForLocalhost=yes 127.0.0.1 dnstt-server -udp :5300 -privkey-file server.key t.example.com 127.0.0.1:8000 # Client side: Connect and use SOCKS proxy dnstt-client -doh https://dns.google/dns-query -pubkey-file server.pub t.example.com 127.0.0.1:7000 # Test the SOCKS proxy curl --proxy socks5h://127.0.0.1:7000/ https://wtfismyip.com/text ``` -------------------------------- ### Connect dnstt Client via DoT Source: https://context7.com/mygod/dnstt/llms.txt Configures the client to use DNS over TLS (DoT) for encrypted transport. Requires a DoT-capable resolver address. ```bash # DoT client with standard port 853 dnstt-client -dot dns.google:853 -pubkey-file server.pub t.example.com 127.0.0.1:7000 # DoT with custom TLS fingerprint dnstt-client -dot dns.google:853 -utls 'random' -pubkey-file server.pub t.example.com 127.0.0.1:7000 ``` -------------------------------- ### Connect dnstt Client via UDP Source: https://context7.com/mygod/dnstt/llms.txt Connects the client using standard UDP DNS. This mode is primarily for testing and debugging as it does not provide the same level of covertness as DoH or DoT. ```bash # Connect to recursive resolver dnstt-client -udp 8.8.8.8:53 -pubkey-file server.pub t.example.com 127.0.0.1:7000 # Connect directly to tunnel server dnstt-client -udp tns.example.com:53 -pubkey-file server.pub t.example.com 127.0.0.1:7000 ``` -------------------------------- ### DNS Zone Configuration Source: https://context7.com/mygod/dnstt/llms.txt Required DNS records to delegate a subdomain to the dnstt server. Includes A, AAAA, and NS records. ```text A tns.example.com 203.0.113.2 AAAA tns.example.com 2001:db8::2 NS t.example.com tns.example.com ``` -------------------------------- ### Configure System Port Forwarding Source: https://context7.com/mygod/dnstt/llms.txt Uses iptables and ip6tables to redirect external DNS traffic on port 53 to the unprivileged port used by the dnstt server. This is necessary for production environments where the server cannot bind to port 53 directly. ```bash # Forward IPv4 port 53 to localhost port 5300 sudo iptables -I INPUT -p udp --dport 5300 -j ACCEPT sudo iptables -t nat -I PREROUTING -i eth0 -p udp --dport 53 -j REDIRECT --to-ports 5300 # Forward IPv6 port 53 to localhost port 5300 sudo ip6tables -I INPUT -p udp --dport 5300 -j ACCEPT sudo ip6tables -t nat -I PREROUTING -i eth0 -p udp --dport 53 -j REDIRECT --to-ports 5300 ``` -------------------------------- ### Configure Tor Bridge Source: https://context7.com/mygod/dnstt/llms.txt Integrates dnstt as a pluggable transport for Tor bridges. The tunnel forwards traffic to the local Tor ORPort. ```bash # Server side: Forward tunnel to Tor bridge ORPort dnstt-server -udp :5300 -privkey-file server.key t.example.com 127.0.0.1:9001 # Client side: Connect tunnel to local port dnstt-client -doh https://dns.google/dns-query -pubkey-file server.pub t.example.com 127.0.0.1:7000 # Add to torrc (replace FINGERPRINT with actual bridge fingerprint) # Bridge 127.0.0.1:7000 FINGERPRINT ``` -------------------------------- ### Connect dnstt Client via DoH Source: https://context7.com/mygod/dnstt/llms.txt Configures the client to use DNS over HTTPS (DoH) for transport. Includes options for uTLS fingerprinting to camouflage the TLS handshake. ```bash # Basic DoH client dnstt-client -doh https://dns.google/dns-query -pubkey-file server.pub t.example.com 127.0.0.1:7000 # DoH with custom uTLS fingerprinting dnstt-client -doh https://dns.google/dns-query -utls '3*Firefox,2*Chrome,1*iOS' -pubkey-file server.pub t.example.com 127.0.0.1:7000 ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.