How to Create DNS Tunnel in Ubuntu Using Iodine

What is DNS tunnel?

  • Technique to tunnel IPv4 data through DNS server.

Why do we use DNS tunnel?

  • We use DNS tunnel when in situation where our internet access is blocked by firewall, but DNS queries is allowed (e.g: in office, hotspot internet).

 

Requirements:

  • Ubuntu PC
  • Iodine package
  • Windows PC to test the tunnel
  • Domain name

 

How to do?

  1. Install Iodine package.

    # apt-get install iodine

  2. Modify DNS record by add in subdomain record t1.id-ebook.com.

    t1 IN NS t1ns.id-ebook.com.
    t1ns IN A 202.130.222.111

    IP address 202.130.222.111 is the server where Iodine will run.

  3. Run Iodine server.

    # iodined -f -p 5353 10.0.0.1 t1.id-ebook.com

    We use port 5353, because port 53 is already in use by DNS server. That’s why we have to forward the traffic using iptables.

    # iptables -t nat -A PREROUTING -i eth0 -p udp --dport 53 -j DNAT --to :5353

  4. In another PC running Windows XP, download Iodine software at http://code.kryo.se/iodine/. Extract and run Iodine client.

    C:\iodine\bin>iodine -f -r 202.130.222.111 t1.id-ebook.com

  5. Test the connection by ping each other.
    In server:

    # ping 10.0.0.2

    In client:

    C:\iodine\bin>ping 10.0.0.1

  6. To enable internet, activate IP forwarding and IP Masquerade.

    # echo 1 > /proc/sys/net/ipv4/ip_forward
    # iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth0 -j MASQUERADE

  7. To modify default gateway in client (Windows XP), run ROUTE command.

    (run command prompt as Administrator)
    C:\iodine\bin>route delete 0.0.0.0
    C:\iodine\bin>route add 0.0.0.0 mask 0.0.0.0 10.0.0.1

  8. Test by browse to google.com or yahoo.com
  9. Finish.

Reference: Iodine