iodine
Tool for tunneling IPv4 data through a DNS server. Usable where internet access is firewalled but DNS queries are allowed.
Description
Iodine is a piece of software that lets you tunnel IPv4 data through a DNS server. This can be useful in situations where regular internet access is blocked by firewalls, but DNS queries are permitted, allowing covert data transmission via DNS protocols.
The tool includes client and server components: iodine for client-side tunneling, iodined for server-side, and iodine-client-start for automated client setup. It supports various encoding and DNS record types to optimize connectivity and evade restrictions.
Common use cases involve bypassing network restrictions in restricted environments, such as corporate networks or censored internet connections, by leveraging allowed DNS traffic.
How It Works
Iodine tunnels IPv4 traffic over DNS by encoding data into DNS queries (upstream) and responses (downstream) using types like NULL, PRIVATE, TXT, SRV, MX, CNAME, A. Downstream encoding options include Base32, Base64, Base64u, Base128, or Raw for TXT. The client sends data via short hostnames (upstream, max ~100-255 bytes), while the server responds with larger payloads in DNS records. Features like lazy mode (-L 1), max fragment sizes (-m, -M), and intervals (-I) manage latency, timeouts, and packet constraints. Raw UDP mode is attempted by default unless skipped (-r).
Installation
sudo apt install iodineFlags
Examples
iodine -hiodine [nameserver] topdomainiodine-client-start -hiodine-client-startenv subdomain=xxx passwd=xxx iodine-client-startiodined -hiodined tunnel_ip[/netmask] topdomain