DNS tunneling?

February 2, 2014 6.1k views
Hi, I live in Canada and I recently spun up a CentOS droplet configured in NYC2. With my Netflix account, I'm restricted in what I can view by my location. I was wondering if I can use my droplet to tunnel packets (DNS, etc.) so that I can get access to US content. From the research I did, I think I could setup an SSH tunnel, but I'm not quite sure I have a complete handle on what I need to do to make this work. My successful "end state" is that for any device within my house, I can just change the DNS server (to an IP of a computer in my house, or my droplet's IP) and then get US Netflix content...like other providers of that type of service advertise. Can someone give me advice on how I can accomplish what I'm trying to do? Thanks... Kevin
1 comment
  • Hello Kevin,

    This is a common issue people want to get around but i would recommend against using a DNS tunnel as the protocol and thru put would not allow for effective streaming netflix only basic web browsing.

    In order to effectively use ssh tunnels , you will need to setup an http/s proxy on your droplet running on localhost. Something like privoxy will work well and have very low memory storage overhead. Then simply create the ssh tunnel from your workstation to your droplet and point your browser at the local proxy port you sre utilizing.

    SSH tunnels map local ports/interface IP to a remote interface ip/port. For more information run man ssh on your droplets console. For a simple example of the above configuration, use a command like this from your local linux/osx terminal:
    ssh -L 8118: user@droplet -N

    This tells ssh to open up a tunnel from localhost port 8118 to remote localhost 8118 and to login using user at the droplets hostname and finally -N tells ssh not to spawn a shell upon login.

    The alternative would be to configure the openvpn service on your droplet and use your droplet as a vpn server. This will add additional masking of your client as all traffic would be tunneled thru your droplets ip location. For more information on this setup, check out our community section and search openvpn or vpn to find instructions for your specific distribution.

7 Answers
Hope it helps :)
Thanks, have you tried this for the scenario I'm suggesting?
But if I use OpenVPN, then I don't achieve my goal state of just changing some DNS settings...right? And I think connecting through a VPN is going to be slower than just re-routing/manipulating the DNS packets, right?
Has anyone tried using dnscapy for my scenario? I find the dnscapy documentation a little light...
I don't think you will be able to watch US-only content if you just route the DNS packets through a VPS. OpenVPN shouldn't have any overhead on the speed at all, probably a few ms of latency but that's it. Give it a shot :]
Thanks for the advice...my reason for wanting to only change DNS settings and nothing else is because not all my devices (i.e. PS3) can connect to a VPN, but they can all receive manual DNS settings.

Also, I posted a question on the dnscapy forum and they advised that for my scenario, dnscapy is not the right solution.
OpenVPN seems to be working out fine...thanks for the suggestion! I should have taken your suggestion earlier!
I just have one more issue to overcome:
Have another answer? Share your knowledge.