What does HackerNews think of iodine?

Official git repo for iodine dns tunnel

Language: C

There’s a way to workaround virtually any kind of gated Internet access: DNS tunneling (https://github.com/yarrick/iodine)

It’s slow, but it works and is a handy “last resort” tool.

I've noticed that airline wifi doesn't block DNS traffic. You can likely accomplish the same thing with a DNS tunnel like Iodine (https://github.com/yarrick/iodine).
You could try iodine, which is an IP-over-DNS tunnel. This should work unless the gateway has very restrictive rules on where DNS traffic can go.


There's also iodine, a C program that tunnels IPv4 packets over DNS. Useful for bypassing captive portals on wifi, since DNS usually isn't restricted.


Regarding cloudflare DNS over HTTPS: It could be that it tries to server data encoded as JSON, which is impossible in JSON. Some control characters and bytes 128-255 cannot be represented as JSON strings.

I think that a lot of offensive tools to tunnel IP over DNS actually overcame these limitations in real time, at the expensive of throughput [1]. It obviously does require agreeing on some sort of protocol on both sides though.

[1] https://github.com/yarrick/iodine

A regular proxy on port 53 might work? Is it necessary to actually use DNS?

Otherwise there's https://github.com/yarrick/iodine

Edit: seems like others have recommended it already. I got it working in a hotel room once after giving up on the utterly broken ToS acceptance page for the WiFi.

The iodine protocol allows bi-directional ipv4 traffic over DNS.


Thanks and yeah, that's another good application of the idea. It's somewhat similar to iodine[1] in that respect. On the ground in the US, this would probably only be useful if you're hiking in a remote area or something like that, due to how cheap data plans are. It might also come in handy if your carrier doesn't charge for SMS when abroad.

[1] https://github.com/yarrick/iodine

Iodine (https://github.com/yarrick/iodine) will do this. I did it with my home Internet connection as the server and found it very useful in a pinch.

Using DNS to exfiltrate arbitrary data thru firewalls that don’t log DNS requests is handy too.

Yh it's awesome this project could run on termux without having to modify much or even iodine https://github.com/yarrick/iodine which is another awesome tool to avoid network restrictions.
Wireguard docs are useful: https://www.wireguard.com/netns/

If you want to RUN a VPN, master iptables and enterprise networking: https://www.amazon.com/Linux-Firewalls-3rd-Steve-Suehring/dp... .

If you want to WRITE a VPN, read the source of a few openly available relatively simple VPN/tunnel implementations.

https://github.com/yarrick/iodine https://github.com/jpillora/chisel

Familiarise yourself with packet layers. Fantastic resource: https://github.com/netspooky/protocols/tree/main/broadcast_b...

This still works in a lot of circumstances with iodine[0], including several US domestic flights.

[0] https://github.com/yarrick/iodine

I used to use iodine, a tunneling server which uses DNS as the transport, which would work even through captive portals at the time.


You can also use iodine (https://github.com/yarrick/iodine/) to tunnel IPv4 data through DNS (useful e.g. when on a captive portal network that doesn't block DNS requests). Performance isn't great obviously, but the concept is fascinating nonetheless.
I’ve historically used IP over DNS tunneling to pull this off.

A major advantage of this approach is that it leverages a port and protocol that’s rarely blocked, and if 53 is blocked, you can generally still use the approved local dns servers for your data-carrying queries.

These days, it looks like there are at least a few well-known pieces of software to do this, e.g. https://github.com/yarrick/iodine

Not the same thing but related for those who enjoy using/abusing dns for fun and profit:


Allows exfiltrating data using dns.

DNS tunnel "server" using iodine https://github.com/yarrick/iodine

"Free" Wifi in the whole world after that as most AP allow DNS requests.

With a DNS tunnel, you can achieve "free Wifi" almost everywhere. Iodine[0] is easy to setup.

[0] https://github.com/yarrick/iodine

Or if you need to use paid wi-fi for free, you can always use