Iodine

Iodine is a DNS tunneling tool that encapsulates IPv4 traffic inside DNS queries and responses, enabling network connectivity through restrictive firewalls that only permit DNS traffic. It operates as a client-server system where the server listens for DNS queries on a delegated subdomain and creates virtual tunnel interfaces for clients, while the client establishes connections and routes traffic over the tunnel.

The project distinguishes itself through several key capabilities: it supports up to 16 simultaneous users on a single server with automatic IP assignment, secures tunnel connections using an MD5-based challenge-response authentication handshake, and optimizes downstream throughput up to 1 Mbit/s by using compressed payloads delivered via NULL-type DNS replies. It also includes automatic packet-size probing to maximize throughput without fragmentation, a raw UDP fallback mechanism when DNS queries are blocked, and the ability to change the client's default gateway to route all traffic through the tunnel.

The documentation covers server administration tasks such as verifying DNS delegation, hosting the server, and managing multi-user access, as well as client-side connection setup and throughput optimization.

Features

DNS Tunnels - Encapsulates IPv4 packets inside DNS query and response messages to bypass restrictive firewalls.

DNS - Ships a server that listens for DNS queries and creates virtual tunnel interfaces for clients.

DNS Tunnel Server Administrations - Runs a server that accepts DNS queries on a delegated subdomain and creates virtual tunnel interfaces for clients.

DNS Tunnel Server Hostings - Hosts a server that listens for DNS queries on a delegated subdomain and creates virtual tunnel interfaces for clients.

DNS Tunnel Client Connections - Establishes a client connection to a remote DNS tunnel server, falling back to raw UDP when DNS queries are blocked.

IPv4-over-DNS Encapsulations - Encapsulates IPv4 traffic inside DNS queries and responses to enable network access through restrictive firewalls.

IPv4-over-DNS Tunnels - Encapsulates IPv4 traffic inside DNS queries and responses to bypass restrictive firewalls that only allow DNS traffic.

Challenge-Response Authenticators - Secures tunnel connections with an MD5-based challenge-response handshake to verify client identity.

Tunnel - Secures tunnel setup with a challenge-response login hashed by MD5 and filters out packets from unauthorized IPs.

Authenticated Tunneling - Secures DNS tunnel setup with challenge-response login and filters unauthorized IPs.

DNS Tunnel Throughput Optimizations - Maximizes downstream throughput up to 1 Mbit/s using compressed payloads, NULL-type replies, and packet-size probing.

Multi-User Tunnel Sharing - Supports up to 16 simultaneous users on a single server with automatic IP assignment.

Automatic Packet-Size Probes - Implements automatic packet-size probing to maximize DNS tunnel throughput without fragmentation.

DNS Tunnel Full-Traffic Routers - Forwards all network traffic over the DNS tunnel by changing the default gateway and configuring NAT on the server.

Challenge-Response Authentications - Secures tunnel connections with an MD5-based challenge-response authentication handshake.

Default Gateway Redirectors - Changes the client's default gateway to route all network traffic through the DNS tunnel interface.

Multi-User - Allows up to 16 simultaneous users to connect to a single server with automatic IP assignment on each tunnel interface.

Multi-User DNS Tunnel Servers - Allows up to 16 simultaneous users to connect to a single DNS tunnel server with automatic IP assignment.

UDP Fallback Strategies - Falls back to raw UDP transport when DNS queries are blocked, maintaining tunnel connectivity.

Multi-Client Tunnel Interfaces - Assigns unique IPs to up to 16 simultaneous users on a single server-side tunnel interface.

NULL-Reply Payload Deliveries - Uses DNS NULL record type replies to carry compressed binary data for high downstream throughput.

yarrickiodine

Features

Star history