Note: This page is quite old and is likely out of date. My opinions may have also changed dramatically since this was written. It is here as a reference until I get around to updating it.

On the server side:

yum install iodine-server -y

Edit the /etc/sysconfig/iodine-server file and put the following options in:

OPTIONS="-P somepassword"

Create an A or CNAME record for pointing at the FQDN of the server running iodine and a NS record pointing at for the domain (shorter is better, allows for higher speed).

And firewall rules…

filter table:

# Allow access to the iodine server
-A INPUT -i eth0 -m udp -p udp --dport 53 -j ACCEPT
-A INPUT -i eth0 -m tcp -p tcp --dport 53 -j ACCEPT

# Accept tunneled traffic from iodine
-A FORWARD -i dns+ -o eth0 -j ACCEPT
-A FORWARD -i eth0 -o dns+ -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

nat table: