Skip to content

Instantly share code, notes, and snippets.

@nukeador
Last active October 28, 2024 11:53
Show Gist options
  • Save nukeador/7483958 to your computer and use it in GitHub Desktop.
Save nukeador/7483958 to your computer and use it in GitHub Desktop.
How to install and use iodine for DNS tunneling.

This guide provides detailed steps for setting up DNS records, configuring a DNS tunneling server and client, and setting up a browser for secure proxy connections.

Why iodine?

  • Bypassing Network Restrictions: iodine excels in environments with strict network restrictions. It utilizes DNS queries, which are typically allowed through firewalls, to tunnel data where traditional methods like VPNs might be blocked.
  • Efficient for Limited Bandwidth: Ideal for situations with bandwidth limitations, iodine requires less bandwidth compared to standard VPNs, making it a practical choice for networks with restricted data flow.
  • Customizability and Open Source: As an open-source tool, iodine offers extensive customization options. Users with specific technical needs or those interested in a hands-on approach to network tunneling can tailor iodine to their requirements.

Prerequisites

  • A domain (e.g., mydomain.com)
  • Access to the domain's DNS settings
  • A server with root access
  • A Linux client machine
  • Basic understanding of DNS records and SSH

Domain Configuration

Steps:

  1. Add DNS Records:
    • Navigate to your domain's DNS settings.

    • Add the following records:

      t1              IN      NS      t1ns.mydomain.com.  # Note the final dot
      t1ns            IN      A       YOUR_SERVER_IP
      
    • t1 is a subdomain used for the DNS tunneling service.

    • t1ns points to the IP address of your server (YOUR_SERVER_IP).

Best Practices:

  • Use of CNAME Records: For aliases or subdomains that point to the same server, consider using CNAME records for easier management.
  • Security: Ensure all records are correctly configured to prevent DNS spoofing or hijacking.

Server Setup

Steps:

  1. Install iodine:

    • Connect to your server via SSH.

    • Install the iodine package:

      sudo apt install iodine
      
  2. Configure and Run iodine:

    • Start the iodine server with a secure password and an appropriate IP range:

      sudo iodined -f -c -P YOUR_PASSWORD 10.0.1.1 t1.mydomain.com &
      
    • Replace YOUR_PASSWORD with a strong password.

    • 10.0.1.1 is the IP range for the DNS tunnel.

Best Practices:

  • Security: Use a strong, unique password for iodine.
  • Logging: Enable logging for iodine to monitor connections and troubleshoot issues.

Linux Client Configuration

Steps:

  1. Install iodine:

    • On your Linux client, install iodine:

      sudo apt install iodine
      
  2. Establish a Connection:

    • Connect to the iodine server:

      sudo iodine -f -P YOUR_PASSWORD t1.mydomain.com &
      
    • Forward port 9999 via SSH for a proxy connection:

      ssh user@10.0.1.1 -D 9999
      

Best Practices:

  • Network Security: Ensure your client's network is secure when establishing the tunnel.
  • Password Protection: Use the same strong password as set on the server.

Browser Configuration

Steps:

  1. Set Up Proxy:
    • Configure your browser to use a SOCKS5 proxy.
    • Set the proxy address to localhost and the port to 9999.

Best Practices:

  • Proxy Verification: Verify the proxy settings to ensure traffic is correctly routed through the tunnel.
  • Regular Updates: Keep your browser updated to the latest version for security and compatibility.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment