Sniffing & Spoofingdnstunnelingipv4firewallbypass

iodine

Tool for tunneling IPv4 data through a DNS server. Usable where internet access is firewalled but DNS queries are allowed.

Description

Iodine is a piece of software that lets you tunnel IPv4 data through a DNS server. This can be useful in situations where regular internet access is blocked by firewalls, but DNS queries are permitted, allowing covert data transmission via DNS protocols.

The tool includes client and server components: iodine for client-side tunneling, iodined for server-side, and iodine-client-start for automated client setup. It supports various encoding and DNS record types to optimize connectivity and evade restrictions.

Common use cases involve bypassing network restrictions in restricted environments, such as corporate networks or censored internet connections, by leveraging allowed DNS traffic.

How It Works

Iodine tunnels IPv4 traffic over DNS by encoding data into DNS queries (upstream) and responses (downstream) using types like NULL, PRIVATE, TXT, SRV, MX, CNAME, A. Downstream encoding options include Base32, Base64, Base64u, Base128, or Raw for TXT. The client sends data via short hostnames (upstream, max ~100-255 bytes), while the server responds with larger payloads in DNS records. Features like lazy mode (-L 1), max fragment sizes (-m, -M), and intervals (-I) manage latency, timeouts, and packet constraints. Raw UDP mode is attempted by default unless skipped (-r).

Installation

bash

sudo apt install iodine

Flags

-vprint version info and exit

-hprint this help and exit

-fkeep running in foreground

-rskip raw UDP mode attempt

-u userdrop privileges and run as user 'name'

-t chrootdirchroot to directory dir

-d deviceset tunnel device name

-P passwordpassword for tunnel

-m maxfragsizemax size of downstream fragments (default: autodetect)

-M maxlenmax size of upstream hostnames (~100-255, default: 255)

-T typeforce dns type: NULL, PRIVATE, TXT, SRV, MX, CNAME, A (default: autodetect)

-O encforce downstream encoding: Base32, Base64, Base64u, Base128, or Raw (default: autodetect)

-L 0|11: use lazy mode for low-latency (default). 0: don't (implies -I1)

-I secmax interval between requests (default 4 sec) to prevent DNS timeouts

-cdisable check of client IP/port on each request (server)

-sskip creating and configuring the tun device (server)

-Dincrease debug level (server)

-l ipip address to listen on for incoming dns traffic (default 0.0.0.0) (server)

-p portport to listen on for incoming dns traffic (default 53) (server)

Examples

Display help for iodine client

iodine -h

Start iodine client tunnel using nameserver and topdomain

iodine [nameserver] topdomain

Display help for iodine-client-start script

iodine-client-start -h

Start iodine tunnel using /etc/default/iodine-client config or query user

iodine-client-start

Start iodine tunnel with environment variables for subdomain and password

env subdomain=xxx passwd=xxx iodine-client-start

Display help for iodined server

iodined -h

Start iodined server with tunnel IP/netmask and topdomain

iodined tunnel_ip[/netmask] topdomain

Updated 2026-04-16kali.org ↗