This tool is for penetration testing only. Never use a DNS resolver connected to the Internet on your IS.
Our VPN infrastructure is hosted on the Amazon EC2 & OVH clouds
open-source software: Java server, Flex client for Adobe AIR and Perl client are available on GitHub
DNS tunneling is simply encapsulating data over DNS queries and answers, to let two parties communicate across a network of DNS resolvers and servers. IP over DNS tunneling is simply encapsulating IP datagrams over a DNS tunnel. Encapsulated inside those IP datagrams, you will often find TCP packets. Those TCP packets can also encapsulate application layer data, like HTTP for web traffic or SMTP for routing mails over the Internet, for instance. So, here is the layer stack: Http or Smtp, on top of Tcp, on top of Ip, on top of Dns queries and answers, on top of Udp, on top of Ip again, on top of some network layer two. Using such a stack, you get a very, very poor HTTP or SMTP traffic bandwidth. For this reason, few people use this technology.
VPN-over-DNS is DNS tunneling, but it is not IP over DNS tunneling. It is directly application data (mail content or web pages) on top of Dns queries and answers. Far less layers. Moreover, data is GZIP-compressed before going to the network. Also, data is parsed and filtered to remove non-informational content: MIME attachments and HTML MIME parts inside mails, images, JavaScript, Cascading Style Sheets and Cookies on web pages are all deleted just before data is sent on the network. Such a way, traffic bandwidth is increased a lot. Every people can now use this technology.
To perform this direct encapsulation of application data on top of DNS queries, we have had to develop and integrate an optimized native browser and an optimized simple Mail User Agent in our VPN-over-DNS application. This was the hard thing to do, because on the contrary, implementing IP over DNS wouldn't have needed us to implement any user agent. To get bandwidth and create an application that you can simply configure and use even if you are not a geek or a network engineer, we needed to re-implement user agents. That was the challenge.
From end 2012 to december 2015, our production tunnel endpoints and development servers were hosted at the Amazon Web Services compute cloud, inside us-east-1c availability zone. On december 2015, we moved our production servers from Amazon Web Services to OVH cloud services. Our development servers still stay at Amazon Web Services. As you can see on the following pictures, the average RTT is better while tunneling to the OVH datacenter. Moreover, OVH is cheaper than AWS for the kind and volume of traffic we generate. With DNS tunneling, low RTT is a major contribution to higher speed. This is the two reasons that explain this move from AWS to OVH cloud services.
RIPE Atlas real-time measurements from 50 probes to the VPN-over-DNS tunnel server endpoints at OVH are taken every two hours. Click here to access the probe results and choose your time destination with the slider.
New mobile app from the same developer See our new amazing app for iOS: WiFi Map Explorer
Server and clients are now open-source: GPLv3 Explore the source tree on GitHub