我要啦免费统计

Set Up DNS Tunnel Using Iodine

What is DNS Tunneling?

It can be useful when you can connect to a wifi network, but it requires you to log on through a web portal in order to access the Internet. This is very common when you are at a airport or a restaurant where they have wifi network without password, but once you try to access google.com, you will be redirectly to a login page. With DNS Tunneling, you don’t need to login and can still access the Internet.

Requirement

  • A remote server that you have root access
  • A domain name that you can configure its NS record and A record

Domain set-Up

Assume you own the domain example.com. Create NS record and A record:

1
2
A x0ns.example.com YOUR_SERVER_IP
NS x0.example.com x0ns.example.com

Note that the NS record routes the queries for the x0.example.com to the x0ns server.

Server side set-Up

If your server is running Ubuntu, you can install iodine with:

1
sudo apt-get install iodine

Then start iodine in the server with

1
sudo iodined -c -P secretPassword 192.168.99.1 x0.example.com

where 192.168.99.1 can be any IP address that you don’t use, and x0.example.com is the NS record we just set. The -P option set the password for the DNS tunnel that will be required when the client tries to connect to the server through DNS requests.

Then you should test to see if iodine is set up correctly on your server using this tool. Enter x0.example.com to the input box and click ‘check’. If the server is configured correctly, it should return

1
Well done, your iodine setup seems fine!

Make sure your server’s firewall allows incoming DNS request from port 53. Otherwise you should set the firewall rules using

1
2
sudo iptables -A INPUT -p udp --dport 53 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 53 -j ACCEPT

Client Side

Set up iodine

If you are using Linux, you can install iodine just like installing it on the server with apt-get install iodine.

However, if you are using Windows, you should download the Windows version of iodine from the developer’s website.

After download the zip, unzip it and open the terminal as Administartor. Go to the unziped directory, and run the following command:

1
2
cd bin
.\iodine.exe -f -P secretPassword x0.example.com

If it successes, a DNS tunnel has been set up between the client and the remote server. You can test the connection between the client and the server using

1
ping 192.168.99.1

You should see the ping returns result.

Set up SOCK5 proxy through the DNS tunnel

If you are using windows, you can use PuTTY to set up the proxy. First we will set up a way to forward the traffic through ssh to the server. Open PuTTY, in Session, set the Host Name to 192.168.99.1, and Connection Type to SSH. Then go to the category Connection - SSH - Tunnels, under Add new forwarded port, enter 5555 as the Source port, and choose Dynamic, then click Add. You should see under Forwarded port, it shows D5555.

Noted that at this stage, the client don’t need to have Internet access to connect to the server, because it can already communicate with the server using the “subnet” IP 192.168.99.1 through the DNS tunnel set up by iodine. Go ahead and login to the server in PuTTY.

Upon successful login, you can configure the SOCK5 proxy to use

1
2
SOCKS Host: 127.0.0.1
Port: 5555

If you are using Chrome, you can download the extension SwitchySharp, and create a SOCK5 proxy profile with the above information.

Then you should be able to access the Internet through the DNS tunnel.

P.S. It a rather sketchy turtorial. It’s mainly written for my future reference. I will talk about more about how the DNS tunnel works and add more details if I have the chance.