This page describes how to set up an Iodine server to tunnel IP traffic (SSH, SOCKS) over DNS.

This guide was helpful: https://calebmadrigal.com/dns-tunneling-with-iodine/

Server Side

DNS Records

Start by creating two DNS records, one NS record and one A record.

The NS record should have a host of "tunnel" and should point to "tunnelhost.example.com"

The A record should have a host of "tunnelhost" and should point to the IP of your iodine server.

Installing Iodine

This one is easy:

sudo apt-get -y install iodine

Starting Iodine

To start by hand, first check if you have the iodine daemon iodined binary in your path:

which iodined

Now run the iodine daemon:

sudo iodined -c -f 10.200.0.1 -P YoUrSuPeRcOoLpAsSwOrD tunnel.example.com

You should see something like this:

$ sudo iodined -c -f 10.200.0.1 -P YoUrSuPeRcOoLpAsSwOrD tunnel.example.com
Opened dns0
Setting IP of dns0 to 10.200.0.1
Setting MTU of dns0 to 1130
Opened IPv4 UDP socket
Listening to dns for domain tunnel.example.com

Checking

If you run ifconfig in another shell, you should see a dns0 network device show up:

dns0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1130
        inet 10.200.0.1  netmask 255.255.255.224  destination 10.200.0.1
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 500  (UNSPEC)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

You can also visit http://code.kryo.se/iodine/check-it/ and have the site check your tunnel subdomain setup and verify iodine is set up correctly.

Client Side