Turn any DNS server into a high-speed censorship bypass tunnel
T

Turn any DNS server into a high-speed censorship bypass tunnel

Turn any DNS server into a high-speed censorship bypass tunnel

6,529 stars
N/A forks
N/A contributors

README

Project documentation from GitHub

MasterDnsVPN: Turn Any DNS Server into a Censorship Bypass Tunnel

Introduction

You've probably heard of DNS tunneling before. It's that trick where you shove IP packets inside DNS queries to sneak data past firewalls. It's been around for ages, but most implementations are clunky, slow, or require a dedicated server.

MasterDnsVPN flips that script. Instead of needing your own infrastructure, this tool turns any ordinary DNS server into a functional VPN endpoint. Yes, the same DNS server your ISP or public resolver already gives you.

The result? A lightweight, easy to set up censorship bypass that works on almost any network with DNS access.

What It Does

At its core, MasterDnsVPN is a DNS tunnel that encapsulates your TCP and UDP traffic inside DNS queries and responses. It works in two parts:

  • Client – sits on your machine, intercepts traffic, encodes it into DNS queries, and sends them to a DNS server
  • Server – runs on a machine you control, receives those queries, decodes the real data, and routes it to the internet

The magic is that the "server" part doesn't need a static IP, can run on a cheap VPS, and the client can use any recursive DNS resolver as a relay.

Why It's Cool

There are three things that make MasterDnsVPN stand out from other DNS tunneling tools:

1. No special DNS server required
You don't need a custom DNS software. Any standard DNS server (BIND, Unbound, CoreDNS, even Cloudflare or Google Public DNS) can be the relay. The actual server component runs alongside your normal web server or on a separate port.

2. Full traffic support, not just HTTP
Unlike many DNS tunnels that only proxy HTTP or SOCKS, MasterDnsVPN creates a proper TUN interface on the client side. Your OS treats it like a real network interface, so any app (SSH, WhatsApp, Telegram, game clients) can route through it without modification.

3. Built in obfuscation
DNS queries are padded, randomized, and use the TXT record type to avoid obvious patterns. Deep packet inspection tools will have a harder time flagging them as tunneling traffic.

How to Try It

The repo is at github.com/masterking32/MasterDnsVPN. Here's the quick start:

Server setup (on your VPS):

git clone https://github.com/masterking32/MasterDnsVPN.git
cd MasterDnsVPN
pip install -r requirements.txt
python server.py --port 53 --password your_secret

Make sure port 53 is open (or use a high port and point a DNS server at it).

Did you like this issue?

Join our weekly newsletter

Love discovering amazing projects?

Help us continue bringing you the best open-source discoveries every week.

Back to Projects
Last updated: May 11, 2026