A lightweight DNS proxy designed to bypass DNS spoofing by exploiting timing differences between fake and legitimate packets
Project description
LatterDNS
LatterDNS is a lightweight, experimental DNS proxy designed to bypass DNS spoofing; a common censorship method used by the Great Firewall (GFW); by exploiting the timing difference between fake and legitimate packets.
"The truth arrives late."
This project is inspired by prior research on DNS censorship, especially the measurement work in “How Great is the Great Firewall? Measuring China’s DNS Censorship” (2021). That paper documents the race condition between forged and legitimate DNS packets, which this tool leverages in practice.
How It Works
This tool operates on a simple observation: Censorship is a race.
-
The Trigger: When you query a blocked domain (e.g.,
facebook.com), the firewall detects the request. -
The Race: The firewall attempts to "poison" your DNS cache by racing to send you a fake response (usually a random or reset IP) before the legitimate DNS server can respond.
-
The Exploit: Because the firewall is injecting packets locally/en route, the fake response almost always arrives first. The legitimate response from the real DNS server travels a longer path and arrives second (milliseconds later).
LatterDNS simply discards the first response it sees for every query and accepts the second one.
Visualizing the Logic
sequenceDiagram
participant Client
participant LatterDNS
participant GFW
participant RealDNS
Client->>LatterDNS: Query: facebook.com
LatterDNS->>RealDNS: Forward Query
Note over GFW: GFW detects keyword!
GFW-->>LatterDNS: Fake IP (First Packet)
Note over LatterDNS: 🛑 BLOCKED (Too fast)
RealDNS-->>LatterDNS: Real IP (Second Packet)
Note over LatterDNS: ✅ ACCEPTED (The Latter)
LatterDNS->>Client: Real IP
Installation
Normal Usage
pip install latterdns
Development
git clone https://github.com/itsamirhn/latterdns.git
cd latterdns
uv pip install -e .
Usage
Once installed, you can run LatterDNS from anywhere using the latterdns command.
# Basic usage (defaults to listening on port 1053)
latterdns
# Custom upstream (Google DNS) and custom timeouts
latterdns --upstream-host 8.8.8.8 --timeouts 150 --timeouts 600
# Enable debug logging
latterdns --log-level DEBUG
# Multiple timeout values for packet collection
latterdns --timeouts 50 --timeouts 200 --timeouts 500
Available Options:
You can view all options anytime by running latterdns --help:
Usage: latterdns [OPTIONS]
LatterDNS - Returns the latter DNS response packet from upstream.
Options:
--listen-port INTEGER Port to listen on [default: 1053]
--upstream-host TEXT Upstream DNS host [default: 1.1.1.1]
--upstream-port INTEGER Upstream DNS port [default: 53]
--timeouts INTEGER Timeout values in milliseconds (can be
specified multiple times, e.g., --timeouts
100 --timeouts 500) [default: 100, 500]
--log-level [DEBUG|INFO|WARNING|ERROR|CRITICAL]
Logging level [default: INFO]
--help Show this message and exit.
🧪 How to Test
To verify that LatterDNS is working, you need to query a domain known to be poisoned by the GFW.
1. Without LatterDNS (The Control Test) Run a query against a standard upstream DNS. You should see a suspicious IP (often changed) or a connection reset.
dig @8.8.8.8 facebook.com +short
# Result: 1.2.3.4 (Fake IP / Poisoned Result)
2. With LatterDNS Point your query to the local port where LatterDNS is running (e.g., 1053).
dig @127.0.0.1 -p 1053 facebook.com +short
# Result: 157.240.x.x (Real Facebook IP)
⚠️ Limitations & Trade-offs
-
Latency for Unblocked Domains: For unblocked domains (where the GFW sends nothing), the proxy receives the legitimate packet first. It waits for the first timeout (default 100ms) to check for additional packets before returning the result. This adds latency to every query.
-
Packet Loss: If the legitimate packet (the latter one) is lost in transit, the proxy will timeout and return the last received packet (potentially the fake one), failing to bypass the block.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file latterdns-0.3.0.tar.gz.
File metadata
- Download URL: latterdns-0.3.0.tar.gz
- Upload date:
- Size: 5.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.9.13 {"installer":{"name":"uv","version":"0.9.13"},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
19ffd8adc621c45e14c9484d3ddee887344d774e51a25d070c2c9f323fba8d2c
|
|
| MD5 |
f54b5f9b77b17659a049804b32122d1f
|
|
| BLAKE2b-256 |
9641a9a2d193b5d39a7af7b231297c8c8eb3c082470bb777837c6d158f342e4e
|
File details
Details for the file latterdns-0.3.0-py3-none-any.whl.
File metadata
- Download URL: latterdns-0.3.0-py3-none-any.whl
- Upload date:
- Size: 5.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.9.13 {"installer":{"name":"uv","version":"0.9.13"},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
9912f52b0c6c249d53d9f387a145c1e478fa55641f16abbb74e1dae3b86749f2
|
|
| MD5 |
b4c2539b36f2e8824b30fb0ec5626977
|
|
| BLAKE2b-256 |
fae03a80a9d16aa67ddeaf2e7290f80b5420a525006ee00c54666b0b479e9f4e
|
