How to Create DNS Tunnel in Ubuntu Using Iodine

What is DNS tunnel?

  • Technique to tunnel IPv4 data through DNS server.

Why do we use DNS tunnel?

  • We use DNS tunnel when in situation where our internet access is blocked by firewall, but DNS queries is allowed (e.g: in office, hotspot internet).



  • Ubuntu PC
  • Iodine package
  • Windows PC to test the tunnel
  • Domain name


How to do?

  1. Install Iodine package.

    # apt-get install iodine

  2. Modify DNS record by add in subdomain record

    t1 IN NS
    t1ns IN A

    IP address is the server where Iodine will run.

  3. Run Iodine server.

    # iodined -f -p 5353

    We use port 5353, because port 53 is already in use by DNS server. That’s why we have to forward the traffic using iptables.

    # iptables -t nat -A PREROUTING -i eth0 -p udp --dport 53 -j DNAT --to :5353

  4. In another PC running Windows XP, download Iodine software at Extract and run Iodine client.

    C:\iodine\bin>iodine -f -r

  5. Test the connection by ping each other.
    In server:

    # ping

    In client:


  6. To enable internet, activate IP forwarding and IP Masquerade.

    # echo 1 > /proc/sys/net/ipv4/ip_forward
    # iptables -t nat -A POSTROUTING -s -o eth0 -j MASQUERADE

  7. To modify default gateway in client (Windows XP), run ROUTE command.

    (run command prompt as Administrator)
    C:\iodine\bin>route delete
    C:\iodine\bin>route add mask

  8. Test by browse to or
  9. Finish.

Reference: Iodine