KPN Tunnel: DNS Method
Learn how to configure KPN Tunnel using the DNS method for advanced tunneling.
The DNS method in KPN Tunnel takes advantage of how DNS (Domain Name System) traffic is handled by mobile carriers. Since DNS traffic is essential for basic internet functionality, it's often less restricted or even zero-rated (not counted against your data plan) by carriers.
This method works by either tunneling your traffic through DNS servers or by using DNS-related domains in your payload to make your traffic appear to be legitimate DNS queries.
Advanced Method: The DNS method is more complex than other methods and may require more technical knowledge to set up correctly. It's best suited for advanced users.
How the DNS Method Works
This approach uses DNS-related domains (like dns.google.com or one.one.one.one) in your payload headers. Since these domains are associated with DNS services, traffic to them may be treated differently by carriers.
This involves setting specific DNS servers in KPN Tunnel that might be zero-rated or less restricted by your carrier. Common choices include Google DNS (8.8.8.8) or Cloudflare DNS (1.1.1.1).
Download and Install KPN Tunnel
If you haven't already, download and install the latest version of KPN Tunnel from a trusted source.
Open KPN Tunnel and Create a New Configuration
Launch the app and tap the "+" button to create a new configuration.
Configure Basic Settings
Enter a name for your configuration and select the connection type:
- For SSH + DNS Method: Select "SSH" as the connection type
- For Direct DNS Method: Select "Direct" as the connection type
Configuration Name: DNS Method
Connection Type: SSH or Direct
SSH Server Settings (if using SSH)
If you selected SSH as your connection type, enter your SSH server details:
- Server: Your SSH server address (IP or domain)
- Port: Usually 22, 80, or 443
- Username: Your SSH account username
- Password: Your SSH account password
Configure DNS Settings
This is the most important part for the DNS method:
- Primary DNS: 1.1.1.1 (Cloudflare) or 8.8.8.8 (Google)
- Secondary DNS: 1.0.0.1 (Cloudflare) or 8.8.4.4 (Google)
Tip: Some carriers may zero-rate specific DNS servers. Try different DNS providers to find one that works best with your carrier.
Configure DNS Payload
Create a payload that uses DNS-related domains:
- Tap on "Payload Settings" or "Advanced Settings"
- Enable "Custom Payload" or "HTTP Headers"
- Enter a DNS-focused payload (see examples below)
- Set the payload port (usually 80 for HTTP or 443 for HTTPS)
Additional Settings
Configure these optional settings for better performance:
- Connection Timeout: 60 seconds is recommended
- Enable "Auto Reconnect" for better stability
- Configure "Split Tunneling" if you want only certain apps to use the tunnel
Save and Connect
Save your configuration and tap the "Connect" button to start the connection.
Test Your Connection
Open your browser and try accessing a website to verify your connection is working.
Basic DNS Payload
Simple payload using Google DNS as the host
GET / HTTP/1.1 Host: dns.google.com X-Online-Host: dns.google.com Connection: keep-alive
Advanced DNS Payload
Uses Cloudflare DNS (1.1.1.1) as the host with multiple headers
GET / HTTP/1.1 Host: one.one.one.one X-Online-Host: one.one.one.one X-Forward-Host: one.one.one.one Connection: keep-alive
Tip: Replace "example.com" in these payloads with actual DNS service domains like "dns.google.com" or "one.one.one.one" for better results.
DNS over HTTPS (DoH)
Some carriers may allow DNS over HTTPS traffic to pass without restrictions:
- Use "https://dns.google/dns-query" or "https://cloudflare-dns.com/dns-query" in your payload
- Set the payload port to 443
- This method encrypts DNS queries and may bypass certain restrictions
DNS Server Rotation
Create multiple configurations with different DNS servers:
- Google DNS: 8.8.8.8 and 8.8.4.4
- Cloudflare DNS: 1.1.1.1 and 1.0.0.1
- Quad9: 9.9.9.9 and 149.112.112.112
- OpenDNS: 208.67.222.222 and 208.67.220.220
Switch between these configurations if one stops working.
Combining DNS Method with SSH
For maximum effectiveness, combine the DNS method with SSH tunneling:
- Use SSH for encryption and security
- Use DNS payloads and DNS server settings to bypass restrictions
- This dual approach can be more effective than either method alone
Advanced Tip: Some modified versions of KPN Tunnel support true DNS tunneling protocols like DNSCrypt or DNS2TCP. These are more advanced but can be very effective when properly configured.
Slow Connection Speeds
DNS tunneling can be slower than other methods:
- Try different DNS servers to find the fastest one
- Use the DNS method only for text-based browsing, not for streaming or downloads
- Consider switching to SSH or Direct methods for speed-intensive tasks
Connection Fails
If you can't establish a connection:
- Verify that your DNS payload is correctly formatted
- Try different DNS servers
- Check if your carrier is blocking DNS tunneling specifically
- Try combining with SSH tunneling for better results
DNS Resolution Issues
If websites don't load properly:
- Make sure your DNS settings are correct
- Try alternative DNS servers
- Check if your carrier is redirecting DNS queries
Important: The DNS method is one of the more complex approaches and may not work with all carriers. Be prepared to try alternative methods if this one doesn't work for you.