DNS tunneling, or, how to get around Gogo

August 20, 2012

We all hate those paywalls that companies put up in airports, airplanes, lounges, or what have you. Fortunately (and thanks to kryo.se), there is a tool that can get you around that. This is a concise and easy to follow tutorial on how to set a tool called iodine up.

If you’re familiar with the terminal, this should take about five minutes.



  1. Visit code.kryo.se/iodine, and figure out what package you should install, based on your OS. I’m running Ubuntu 12.04 on my server and Linux Mint 13 on my client, so on both I used:

    sudo apt-get install iodine
  2. Open up the zone file or DNS control panel for your server and set up an NS record like this:

    proxy		IN	NS	serv.mydomain.com.

    Where mydomain.com is some domain you own, like bernsteinbear.com, and serv is the subdomain of your choice. It’ll serve as your DNS server.

  3. Set up an A record for serv.mydomain.com to point to your server’s IP.
  4. SSH into your server and run:

    sudo iodined -cP YOUR_PASSWORD proxy.mydomain.com

    If it runs correctly, you’ll see output like this:

    Opened proxy0
    Setting IP of proxy0 to
    Setting MTU of proxy0 to 1130
    Opened UDP socket
    Listening to dns for domain proxy.mydomain.com
    Detaching from terminal...

    This opens up proxy.mydomain.com to incoming requests from iodine.

  5. Open up a terminal on your local box and run:

    sudo iodine -r proxy.mydomain.com

    You’ll get first a root password prompt and then the iodine password prompt.

Now you’ll have a fully functioning device willing to tunnel all your traffic via DNS. The IP you specified in step 4 is forwarded onto your local box, so accessing should bring up the same page as accessing mydomain.com. In order to fully use this and tunnel your traffic, you can use this plain (not recommended, as it’s totally insecure), or create a secondary tunnel through it (which I did).

All you need to do is set up a SOCKS proxy through the host, which will then forward your traffic through DNS requests to your server. Neat, huh?