
Performance of Iodine over DNS-over-HTTPS - gehaxelt
https://0day.work/performance-of-iodine-over-dns-over-https/
======
eridius
What's the purpose of doing this? If you're using Iodine it's presumably
because normal HTTPS traffic won't work (e.g. captive portal), so tunneling
your DNS back over HTTPS again is bound to fail in this scenario. It seems to
me this would only work if the captive portal whitelisted known DoH servers
(which seems rather unlikely).

~~~
gehaxelt
Yup, you're right on that one.

I don't think I explicitly said that one should use iodine + DoH to bypass
captive portals, but sorry if that somehow was implied.

The blogpost was just intended to be an experiment to compare the performance
:-)

------
dbt00
TCP over TCP has always had serious performance issues, because the congestion
controls combine in toxic ways. SSH tunnels that connect to something other
than localhost on the remote end have similar problems (i.e. ssh -D 1080 as a
SOCKS proxy).

~~~
LukeShu
ssh -D doesn't do TCP over TCP, its performance issues are fore different
reasons.

------
onesmallcoin
I've found some mobile carriers still let you query external dns servers when
you have a $0 balance, They were man in the middling the http traffic to
present the 'You have no balance' page. Iodine and it's android fork andiodine
became very useful tools- Facebook Messinger inside links over ssh\mosh via
TCP over DNS = Free Phone

------
peterwwillis
If you can't send DNS packets directly to a remote resolver, do not expect
bandwidth or stability for normal applications like a web browser. Use it for
something like IMAP/SMTP, or browsing with lynx/links/w3m, or one-shot ssh
commands, rsync, git, etc.

~~~
Scoundreller
Opera Mini mode (where they proxy everything and cut out ads and resize
images) might be viable when necessary.

Would a ride-sharing app or navigation work?

I’m guessing there’s too much jitter/lag for a 9.6kbps phone call.

------
tlrobinson
Aside from it not working very well for the reason dbt00 mentioned, wouldn't
it only work on captive portals that don't block a DoH server? That seems
unlikely, at least until DoH is much more widespread.

------
jedisct1
I've been using iodine over DNSCrypt for years, since iodine doesn't encrypt
anything. That was one of the motivation for developing it.

