Hosting your own DNS (and how to setup DNS tunneling)

Written in


Earlier this week, I wrote a post on DNS tunneling, and how to pass information over the web through the DNS protocol by stuffing information in the DNS Name Resolution process.

In this post, we’re going to look at how to setup and host your own DNS server. And because you’re hosting it, you can essentially choose to reply whatever you want to the subject querying you.


  1. VM with a static IP address, and allowed ingress/egress connections for port 53.
    • For this, I spun up a VM on GCP with minimal settings to reduce the cost
    • I used a Linux based image because I planned to use bind9 for my DNS (
  2. A Domain name
    • Head over to for a free domain name with a .tk TLD


  • DNS Resolution
    • When you send a query for a domain name, it queries your DNS for the corresponding IP address tied to the domain name
    • Your DNS server then queries the Root Servers, which are DNS servers who hold information about the TLDs such as .com or .tk, and redirects your query to the TLD Server
    • The TLD Server stores information about your second level domains. The .com server will store information such as or In our case, we’re using the .tk domain, so the .tk server will hold our website information The TLD server defers the query to
    • is known as the Authoritative Server, which gives the authoritative response of the IP address
  • DNS Glue Record
    • A DNS glue record is used for preventing circular dependencies
    • This is important when your DNS server is a subdomain of your domain name itself. e.g. is a subdomain of
    • The circular dependency happens when we ask for the IP address of, and it tells you to ask it’s DNS server But in order to query, you need the IP address of
    • To solve this issue, we “glue” the IP address of
    • Now, instead of asking you to query, it’ll give you the IP address of directly, breaking the circular dependency



We will need to spin up the VM, get it’s static IP, and host a DNS server on it. this VM will be our

You can follow this guide on how to setup bind9 on your VM

On your GCP console, you have to do 2 things

  • Open ports 53 to allow DNS traffic to flow through
  • Set your IP address to static, instead of ephemeral

Domain name console

When you register for a new domain name, you can usually configure it. The free domain name we got from allows your to specify your own Nameserver and glue records.

I’ve attached screen grabs on how to point the Nameservers to your, and how to glue your IP address to for breaking circular dependency

When setting up your glue records for the Nameservers, you can use the same IP address for both records. You need 2 records because when you specify new Nameserver, you need to input minimally 2 records

Instead of letting Freenom Nameservers to be the authoritative Nameserver, point it to your Nameservers your are hosting.


When you set a new Nameserver, you need to wait a few hours for it to propagate the information over to other DNS servers.

In your DNS server, you can choose to return whatever you want when a DNS request comes to your server. In this way, it can be possible to craft it as a C2 communication server. I won’t go into details on how to set that up, but this is one of the steps.


One response to “Hosting your own DNS (and how to setup DNS tunneling)”

  1. Red Avatar

    Good concept !
    Next, please write up DNS tunneling for inflight using Kali.
    Don’t forget a disclaimer!


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: