Here’s the situation: you’ve got a nice hardened dns resolver setup which prevents dns resolution of unsavory server addresses. But what happens when you really, really really need to access one of them?
I had to face this prospect with analytics.google.com. When going to the website, i get:
As far as my system is concerned, analytics.google.com simply does not exist (there’s even an RFC about NXDOMAIN meaning that).
What we really need is a way to run a browser with a non-restricted dns resolver. I would use this (untrusted) environment to open the one website I need to access, and then terminate the environment when I’m done.
So let’s bring the environment up with this Vagrantfile:
Vagrant.configure("2") do |config| config.vm.box = "ubuntu/bionic64" config.vm.provision "shell", inline: <<-SHELL apt-get update apt-get install -y firefox rm /etc/resolv.conf echo "nameserver 18.104.22.168" > /etc/resolv.conf SHELL end
So there you have it, a browser vm you can bring up using:
then a browser you can start using:
vagrant ssh -- -X firefox
visit the untrusted site, do your thing, and finally:
You can now visit websites you don’t trust, and clean up after yourself.