DNS tunneling?

  • Posted February 2, 2014


I live in Canada and I recently spun up a CentOS droplet configured in NYC2. With my Netflix account, I’m restricted in what I can view by my location. I was wondering if I can use my droplet to tunnel packets (DNS, etc.) so that I can get access to US content. From the research I did, I think I could setup an SSH tunnel, but I’m not quite sure I have a complete handle on what I need to do to make this work. My successful “end state” is that for any device within my house, I can just change the DNS server (to an IP of a computer in my house, or my droplet’s IP) and then get US Netflix content…like other providers of that type of service advertise. Can someone give me advice on how I can accomplish what I’m trying to do? Thanks…



Hello Kevin,

This is a common issue people want to get around but i would recommend against using a DNS tunnel as the protocol and thru put would not allow for effective streaming netflix only basic web browsing.

In order to effectively use ssh tunnels , you will need to setup an http/s proxy on your droplet running on localhost. Something like privoxy will work well and have very low memory storage overhead. Then simply create the ssh tunnel from your workstation to your droplet and point your browser at the local proxy port you sre utilizing.

SSH tunnels map local ports/interface IP to a remote interface ip/port. For more information run man ssh on your droplets console. For a simple example of the above configuration, use a command like this from your local linux/osx terminal: ssh -L 8118: user@droplet -N

This tells ssh to open up a tunnel from localhost port 8118 to remote localhost 8118 and to login using user at the droplets hostname and finally -N tells ssh not to spawn a shell upon login.

The alternative would be to configure the openvpn service on your droplet and use your droplet as a vpn server. This will add additional masking of your client as all traffic would be tunneled thru your droplets ip location. For more information on this setup, check out our community section and search openvpn or vpn to find instructions for your specific distribution.

Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Hi everyone, I live in Singapore and i’ve already configured my openvpn on an Ubuntu droplet. The vpn is working fine but i still cant get it to stream my Hulu or Netflix US content despite my server IP being in the US.

I’ve tried re configuring multiple times but i cant get it to work like how Nord VPN services allow me to stream my Hulu or Netflix US contents…

I just want to know what makes the difference in the configuration to make it work?? What can i do to my openvpn configuration to get it to work? Any help from anyone who has came across this issue will be much appreciated …

OpenVPN seems to be working out fine…thanks for the suggestion! I should have taken your suggestion earlier! <br>I just have one more issue to overcome: <br>

Thanks for the advice…my reason for wanting to only change DNS settings and nothing else is because not all my devices (i.e. PS3) can connect to a VPN, but they can all receive manual DNS settings. <br> <br>Also, I posted a question on the dnscapy forum and they advised that for my scenario, dnscapy is not the right solution.

I don’t think you will be able to watch US-only content if you just route the DNS packets through a VPS. OpenVPN shouldn’t have any overhead on the speed at all, probably a few ms of latency but that’s it. Give it a shot :]

But if I use OpenVPN, then I don’t achieve my goal state of just changing some DNS settings…right? And I think connecting through a VPN is going to be slower than just re-routing/manipulating the DNS packets, right? <br>Has anyone tried using dnscapy for my scenario? I find the dnscapy documentation a little light…

Thanks, have you tried this for the scenario I’m suggesting?