Your Freedom - How to tunnel through DNS (2024)

"DNS mode" is one of many ways to connect to the Your Freedom servers. It makes use of the DNS (domain name service) system available to most people (if not everybody) everywhere and tunnels ordinary traffic through it. Even if normal Internet connections are not possible in your place, you will probably be able to resolve names to IP addresses. Unless your provider interfers with this name resolution (for example, by resolving all names to the IP address of some access control web server) you should be able to get connected to the Internet using the Your Freedom client in "DNS mode".

DNS tunneling is most useful in places that offer paid WLAN access, like hotels or airports. Paid WLAN access is great when you use it extensively, but if you only need basic Internet access, a DNS tunnel will likely be able to get you connected to the Internet without registering and logging in. This is because many places will allow your web browser to resolve web site names in URLs to make it initialize a connection that can then be hi-jacked to display their login page.

Pros:

  • DNS mode will likely get you connected in places and situations where no other mode works.
  • It might put your traffic in a better traffic class and thus give you better performance than other modes in places where traffic is prioritized and where lines are overutilized.
  • Works on Windows PC, Mac OSX, Linux and Android.
  • All applications work!
  • Like with all other connection modes of Your Freedom, the tunnel is securely encrypted.

Cons:

  • DNS mode is -- by nature! -- less stable and performant than other connection modes.
  • It will work well with many nameservers, but not with all of them.
  • To make matters more complicated, it will work well with many of our servers, but not with all of them. It all depends on the provider's protective measures.
  • Not suitable for real-time applications (like VoIP).

If you are using the YF client for the first time or you would like to have things done automatically for you, just run the connection wizard. Tick "DNS" and untick every other connection method, then let it search for servers.

If you prefer to set things up manually, open the configuration window and go to the connection panel (that's the one that opens when you open the window). Set mode to "DNS" and configure the server as "emsXX.your-freedom.de" (with XX being the server's number). The port number should be 53, but actually it is ignored anyway. That's all you have to do!

When you fire up the connection, the YF client will try to connect directly to the server (if that works, it is the best way to do it; you can disable it if you like, see below). Failing to establish a connection this way, it will try to use your PC's configured or learned DNS servers to connect. If you need to use a particular name server instead of your system's server, append it to the server name using a semicolon (e.g. ems03.your-freedom.de;141.1.1.1); if you want to use more than one nameserver, append more separated by comma. Please note that if you have ticked "avoid DNS" the YF client will not use your system's configured DNS servers to establish the connection.

Depending on your nameserver's abilities, you should expect download rates between 200 kbit/s and up to 6 Mbit/s, but more typically around 1 Mbit/s. The uplink path will be much slower. That's the nature of the beast... you just cannot tunnel data more quickly and still make it look like ordinary DNS lookups. The speed will not depend on the upgrade type you purchase unless you hit a server imposed limit; an upgrade only raises the upper limit imposed by our servers.

Some nameservers will work better than others. Generally, nameservers that speak EDNS will be much better than nameservers that don't (most notably, Google's nameservers), and if you can use query types like NULL and WKS and TXT, that will be better than CNAME or MX. However, if you've got a choice to use any nameserver you like, the YF client will probably use a direct connection anyway, and in all other cases you'll probably have to stick with what your provider -- well, provides.

Try different Your Freedom servers. Some providers mess with DNS traffic, probably in an attempt to protect their network. This is why many of our servers in the US and all of our servers in the UK are not good choices.

There are some more things you can try to improve performance. On the server connection configuration panel there are a few configurable options which you may want to fine-tune. The relevant ones are:

Option name

Description

Default value

Useful values

UDP srcport

Port on which your local systems queries are being sent from.

Ephemeral (i.e. randomly chosen) port.

1-65535

Try 53

UDP srcport change rate

Automatically use a new source port every this many datagrams.

0 (Always use the same port.)

1-MAX_INT

Try 10 for example.

UDP srcport change interval

Automatically use a new source port every this many milliseconds.

0 (Always use the same port.)

1-MAX_INT

Try 500.

DNS max tx interval

Maximum number of milliseconds between two DNS queries.

1000

1-5000

Be careful, don't set this too low.

DNS min tx interval

Minimum number of milliseconds between two DNS queries.

1/1000th of max

0.1-max

Lower = faster, too low = slower

DNS tx adaption factor

Aggressiveness of speed adaption.

1.5

1.1-5.0

Lower = more conservative, higher = more aggressive

DNS mode: no direct conn.

Force tunneling through DNS servers, even if a direct connection would work.

false

Enable this if you encounter stability problems and your connection is direct.

We encourage you to play with these parameters, but you should probably only modify DNS min tx interval unless you have to adjust the other values to get a stable connection.

Please do not expect miracles. DNS mode is meant to help you out at times when and in places where nothing else works; DNS servers do their very best to make this kind of use impossible. And our default values are already pretty good.

To see expert settings, please enable them in the General Settings section of the app (mobile devices only).

  • Try ticking case-insensitive DNS.
  • Try disabling EDNS. (This should rarely be necessary.)
  • Try changing the domain.
  • Try different query types. Generally, NULL, WKS and TXT are fastest, but CNAME and MX work more reliably. Use CNAME if in doubt.
  • Set UDP change rate to a low number, e.g. 5. You can go as low as 1, but this will waste some battery, and it will significantly increase the memory footprint of the app. Obviously, you couldn't care less on desktop devices. :-)
  • If you know that a particular name server works, append it to the Your Freedom server name using a semicolon, and if there is more than one server, append them using a comma. An example would be:ems03.your-freedom.de;8.8.8.8,141.1.1.1
Your Freedom - How to tunnel through DNS (2024)
Top Articles
Latest Posts
Recommended Articles
Article information

Author: Rubie Ullrich

Last Updated:

Views: 5983

Rating: 4.1 / 5 (52 voted)

Reviews: 91% of readers found this page helpful

Author information

Name: Rubie Ullrich

Birthday: 1998-02-02

Address: 743 Stoltenberg Center, Genovevaville, NJ 59925-3119

Phone: +2202978377583

Job: Administration Engineer

Hobby: Surfing, Sailing, Listening to music, Web surfing, Kitesurfing, Geocaching, Backpacking

Introduction: My name is Rubie Ullrich, I am a enthusiastic, perfect, tender, vivacious, talented, famous, delightful person who loves writing and wants to share my knowledge and understanding with you.