dnstt-client

command
v1.20241021.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 21, 2024 License: CC0-1.0 Imports: 29 Imported by: 0

Documentation

Overview

dnstt-client is the client end of a DNS tunnel.

Usage:

dnstt-client [-doh URL|-dot ADDR|-udp ADDR] -pubkey-file PUBKEYFILE DOMAIN LOCALADDR

Examples:

dnstt-client -doh https://resolver.example/dns-query -pubkey-file server.pub t.example.com 127.0.0.1:7000
dnstt-client -dot resolver.example:853 -pubkey-file server.pub t.example.com 127.0.0.1:7000

The program supports DNS over HTTPS (DoH), DNS over TLS (DoT), and UDP DNS. Use one of these options:

-doh https://resolver.example/dns-query
-dot resolver.example:853
-udp resolver.example:53

You can give the server's public key as a file or as a hex string. Use "dnstt-server -gen-key" to get the public key.

-pubkey-file server.pub
-pubkey 0000111122223333444455556666777788889999aaaabbbbccccddddeeeeffff

DOMAIN is the root of the DNS zone reserved for the tunnel. See README for instructions on setting it up.

LOCALADDR is the TCP address that will listen for connections and forward them over the tunnel.

In -doh and -dot modes, the program's TLS fingerprint is camouflaged with uTLS by default. The specific TLS fingerprint is selected randomly from a weighted distribution. You can set your own distribution (or specific single fingerprint) using the -utls option. The special value "none" disables uTLS.

-utls '3*Firefox,2*Chrome,1*iOS'
-utls Firefox
-utls none

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL