Documentation
¶
Overview ¶
dnstt-client is the client end of a DNS tunnel.
Usage:
dnstt-client [-doh URL|-dot ADDR|-udp ADDR] -pubkey-file PUBKEYFILE DOMAIN LOCALADDR
Examples:
dnstt-client -doh https://resolver.example/dns-query -pubkey-file server.pub t.example.com 127.0.0.1:7000 dnstt-client -dot resolver.example:853 -pubkey-file server.pub t.example.com 127.0.0.1:7000
The program supports DNS over HTTPS (DoH), DNS over TLS (DoT), and UDP DNS. Use one of these options:
-doh https://resolver.example/dns-query -dot resolver.example:853 -udp resolver.example:53
You can give the server's public key as a file or as a hex string. Use "dnstt-server -gen-key" to get the public key.
-pubkey-file server.pub -pubkey 0000111122223333444455556666777788889999aaaabbbbccccddddeeeeffff
DOMAIN is the root of the DNS zone reserved for the tunnel. See README for instructions on setting it up.
LOCALADDR is the TCP address that will listen for connections and forward them over the tunnel.
In -doh and -dot modes, the program's TLS fingerprint is camouflaged with uTLS by default. The specific TLS fingerprint is selected randomly from a weighted distribution. You can set your own distribution (or specific single fingerprint) using the -utls option. The special value "none" disables uTLS.
-utls '3*Firefox,2*Chrome,1*iOS' -utls Firefox -utls none