-
Notifications
You must be signed in to change notification settings - Fork 10
VayDNS Profiles
فارسی: پروفایلهای VayDNS
Every time you click 💾 Save to VayDNS Profiles, a profile is saved in the vaydns_profiles/ folder next to the KevinNet app. The VayDNS Profiles tab lets you manage, edit, and launch any saved profile without scanning again.
| MasterDNS | VayDNS | |
|---|---|---|
| Resolvers used | Many simultaneously | One at a time |
| Fallback | Automatic balancing | Script tries next resolver after timeout |
| Encryption | XOR / AES / ChaCha20 | Noise protocol (always on) |
| Config | TOML file | Command-line flags in a shell script |
| Binary | MasterDnsVPN |
vaydns-client |
When you launch a VayDNS profile, KevinNet generates a run.sh (or run.bat) script that starts vaydns-client with all your settings. The script automatically tries each scanned resolver in order — if one fails, it moves to the next after Resolver Timeout seconds.
Iran optimal: UDP — Plaintext UDP (port 53)
How the tunnel data is carried:
| Value | Protocol | Notes |
|---|---|---|
udp |
Plaintext UDP on port 53 | Most direct from Iran — recommended |
doh |
DNS over HTTPS (port 443) | Harder for DPI to fingerprint; slightly slower |
dot |
DNS over TLS (port 853) | Harder for DPI to fingerprint; slightly slower |
The transport field is set automatically when you save a profile from a scan. If you saved from a regular UDP scan, transport is udp. If you saved from the 🔒 Scan DoH/DoT button, KevinNet creates two profiles automatically — one with transport doh and one with transport dot — based on what your scan actually found.
You can also change it manually, but you'd then need to put a matching endpoint in the Resolver field (see below).
Iran optimal: leave empty
The Resolver field is populated automatically when you save a profile from a scan. For most users there's nothing to type here — pick from your scan results and save.
What goes here when populated:
-
For UDP profiles — all scanned Iranian resolvers, one per line. The launch script tries them in order. If one gets stuck, it moves to the next after
Resolver Timeoutseconds. -
For DoH profiles — DoH URLs like
https://1.1.1.1/dns-query, one per line -
For DoT profiles — DoT addresses like
1.1.1.1:853, one per line
If you really want to hand-edit:
- Empty — uses all scanned resolvers in the profile
-
Single UDP address — e.g.
8.8.8.8:53— only that resolver is used -
DoH URL — e.g.
https://dns.google/dns-query -
DoT address — e.g.
dns.google:853
Scanned UDP resolvers are Iranian public DNS servers. They only work from inside Iran. Testing from outside Iran (Australia, Europe, etc.) will show NXDOMAIN — this is expected, not a bug. DoH/DoT endpoints are public worldwide and work from any country, which is one of the reasons they're useful for the Iran case.
Default: 7000
The local port your browser/app connects to. Set your browser proxy to SOCKS5 127.0.0.1:7000.
Iran optimal: 101
Maximum length of the DNS query name used to carry data. Lower = smaller packets.
-
101— approximately 50 bytes of upstream payload per query. Safe for most Iranian resolvers. -
253— maximum DNS spec allows. Higher throughput but some resolvers reject long names.
Default: 0 (unlimited)
Maximum number of DNS labels in the query name. 0 means unlimited. Leave at 0 unless you have a specific reason to limit it.
Iran optimal: 10s
How long a session can be idle before the client considers it dead and creates a new one.
- Must match the server's
idle-timeoutsetting - Increase to
30sif you see frequent session restarts - Keep above
keepalivevalue
Iran optimal: 2s
How often the client sends a small keepalive packet to prevent the session from going idle.
- Must be less than
idle-timeout - Must match server setting
-
2swith10sidle timeout is a reliable combination
Defaults: 1s / 30s
How long the client waits before retrying a failed connection. Starts at reconnect-min and doubles up to reconnect-max (exponential backoff).
Default: 0 (unlimited)
Maximum number of concurrent multiplexed streams. Leave at 0 for unlimited.
Iran optimal: txt
The DNS record type used to carry data.
| Value | Notes |
|---|---|
txt |
Most data per query, most compatible — recommended |
null |
Slightly higher throughput, less compatible |
cname |
Works on some resolvers |
a / aaaa
|
Low throughput |
Must match the server's record type setting.
Iran optimal: 512
Internal packet buffer size. Increase to 1024 on fast connections. Decrease to 256 if you have limited memory.
Default: 0 (= queue_size / 2)
KCP congestion window. Leave at 0 to let it be calculated automatically from queue size.
Iran optimal: 100
Number of concurrent outgoing UDP queries. Lower to 50 if you see socket errors or the app crashes.
Default: False
Whether multiple workers share a single UDP socket. Leave as False for standard operation.
Iran optimal: 60s
How many seconds to wait for a resolver to establish a working session before giving up and trying the next one in the list.
-
60sis a good balance — enough time to handle slow resolver responses - Reduce to
30sif you want faster failover - Increase to
90sif your connection is very slow
Default: 0 (unlimited)
Maximum DNS queries per second. Set to 50 if your resolver is rate-limiting you.
Iran optimal: info
| Level | Notes |
|---|---|
debug |
Every packet — very noisy |
info |
Connection events, session info |
warning |
Warnings only |
error |
Errors only |
| Option | Value | Reason |
|---|---|---|
| Transport | UDP |
Most direct from Iran |
| Resolver | (empty) | Uses all scanned resolvers |
| Listen Port | 7000 |
Default |
| Max QNAME Length | 101 |
Safe for most resolvers |
| Idle Timeout | 10s |
Must match server |
| Keepalive | 2s |
Keep below idle timeout |
| Record Type | txt |
Most compatible under DPI |
| Queue Size | 512 |
Good default |
| UDP Workers | 100 |
Reduce to 50 if socket errors |
| Resolver Timeout | 60s |
Moves to next resolver if stuck |
| Log Level | info |
Normal operation |
| Button | What it does |
|---|---|
| 💾 Save Changes | Rewrites run.sh / run.bat with current settings |
| 🚀 Launch VPN | Regenerates script and opens a terminal running vaydns-client |
| 📋 Duplicate | Copies the profile and folder — use for A/B testing |
| 🗑 Delete | Removes the profile JSON and optionally the output folder |
When you click 🚀, KevinNet generates and runs a shell script like this:
RESOLVERS=(
"1.2.3.4:53"
"5.6.7.8:53"
...all scanned resolvers...
)
RESOLVER_TIMEOUT=60
for RESOLVER in "${RESOLVERS[@]}"; do
echo "[vaydns] trying resolver: $RESOLVER"
./vaydns-client -udp "$RESOLVER" -pubkey abc123... -domain t.example.com ... &
VD_PID=$!
# Wait up to RESOLVER_TIMEOUT seconds
# If still running after timeout → stuck → kill and try next
# If exits on its own → try next
doneCtrl+C cleanly kills the current vaydns-client process.