Recently I stumbled over this article on slashdot. I must admit that the article is 5 years old, so I’m probably not really up to date but perhaps I’m not the last to learn about this technology.

The author describes how he managed to encapsulate HTTP requests in the DNS protocol and thus was able to surf the net via a microsoft toll-free number that should limit users to update downloads. The basis is, that many networks prohibit all kinds of external traffic but don’t limit dns requests. As dns servers relay requests to external servers you can get out of a secured network by sending dns requests about uncached hosts. The nstx software does this by encapsulating http requests so that they look like a hostname (e.g. “”). As the dns server doesn not know the ip address of that host it will relay the request to the main dns server for - in this example - On this endpoint you need to run a special nstx dns server that will not lookup ip-addresses but instead decode the dns request, fetch the requested website and then return the answer as dns payload.

Tunneling ip over dns this way will enable full web access on almost any internet line, even many wlan access point that are not wep- oder wpa-secured but only require a browser login. I haven’t tried that yet because I don’t know about the legal situation.
Someone over at slashdot mentioned, that nstx might also be a good workaround to government proxy servers in countries without free internet access.