DNS Tunneling iodine 0.6.0-rc1 iOS version – IPv4 over DNS tunnel on your iPhone/iPad/iPod Touch

Thireus Repository

The famous DNS tunneling client, iodine 0.6.0-rc1 for iOS 6.1! Available on Thireus Cydia Repository

Like me, you may have faced this situation when you really need Internet but only have access to non-free WiFi hotspots (in an airport, tube, train, etc.). And even worst, when you cannot establish a single SSH connexion nor VPN proxy because the firewall is blocking everything. Fortunately, DNS tunneling is here to save us!

One of the most famous DNS tunneling tool is iodine, which is quite easy to setup. Unfortunately the latest client version (0.6.0-rc1) was not available for iOS, until I decided to compile it and push it on my Cydia Repository. So you can now enjoy DNS tunneling on your jailbroken iPhone, iPad or iPod Touch!


The package “iodine 0.6.0-rc1 (IPv4 over DNS tunnel)” installs the latest and patched version of iodine on your iDevice. This tool lets you tunnel IPv4 data through a DNS server. This can be usable in different situations where internet access is firewalled, but DNS queries are allowed.

iodine 0.6.0-rc1 iodine on iOS 6.1.2

How do I install this package?

Add Thireus Repository https://repo.thireus.com/ to Cydia and install the package named "iodine 0.6.0-rc1 (IPv4 over DNS tunnel)".

Is it safe?

The iodine client should be safe to use. The most dangerous aspect of DNS tunneling is that anyone can see your traffic and do nasty things with it. Nothing is encrypted. So if you really wish to do DNS tunneling you should use a SSH tunnel inside the DNS tunnel.

I recommend you to read those lines carefully. They have been extracted from the manpage:

Login is a relatively secure challenge-response MD5 hash, with the password never passing the wire. However, all other data is NOT encrypted in any way. The DNS traffic is also vulnerable to replay, injection and man-in-the-middle attacks, especially when iodined is used with the -c option. Use of ssh or vpn tunneling is strongly recommended. On both server and client, use iptables, pf or other firewalls to block all traffic coming in from the tun interfaces, except to the used ssh or vpn ports.

What about performances?

DNS tunneling is very slow. But you have to understand that using such a trick allows you to have Internet in the worst scenario, just by accessing a WiFi hotspot that performs DNS queries (most of them do). Depending of the payload size you can pipe into the DNS tunnel, you can have very bad performances such as 5kb/s but that can go up to 200kb/s.

Enjoy Internet everywhere!
Big thanks to Kryo, yarrick, Doorman, D4rkM4t3r and all iodine contributors.


Related terms:

Mobile Application Security Engineering Lead & SME | 0076 7E64 293A E3EC 542B 9C72 3A11 417C B43F DB1A