Use a virtualized browser

Here’s the situation: you’ve got a nice hardened dns resolver setup which prevents dns resolution of unsavory server addresses. But what happens when you really, really really need to access one of them?

I had to face this prospect with analytics.google.com. When going to the website, i get:


Chrome says no


As far as my system is concerned, analytics.google.com simply does not exist (there’s even an RFC about NXDOMAIN meaning that).

What we really need is a way to run a browser with a non-restricted dns resolver. I would use this (untrusted) environment to open the one website I need to access, and then terminate the environment when I’m done.

So let’s bring the environment up with this Vagrantfile:

Vagrant.configure("2") do |config|
  config.vm.box = "ubuntu/bionic64"
  config.vm.provision "shell", inline: <<-SHELL
    apt-get update
    apt-get install -y firefox
    rm /etc/resolv.conf
    echo "nameserver 9.9.9.9" > /etc/resolv.conf
  SHELL
end

So there you have it, a browser vm you can bring up using:

vagrant up

then a browser you can start using:

vagrant ssh -- -X firefox

visit the untrusted site, do your thing, and finally:

vagrant destroy

You can now visit websites you don’t trust, and clean up after yourself.