[tracker1]

You don't even need to setup the client, if you have control over any number of intermediate routers, you can snag/reroute port 53 tcp/udp traffic any way you like. I tend to setup my home router to do this, so that all open dns traffic goes where I tell it to.

It's also advised to do so for unauthenticated users on shared/public wifi so that you can provide an agreement page/site. Also, so that unauthenticated users can't use DNS as a tunnel method, which is pretty damned cool, but insecure.

[userbinator]

Also, so that unauthenticated users can't use DNS as a tunnel method, which is pretty damned cool, but insecure.

You can put TLS into a DNS tunnel too, it's just even slower.

[icebraining]

I've done TCP-over-SSH-over-DNS many times (using iodine and sshuttle) and it was actually surprisingly usable! I could get over 200Kbps downstream. Iodine uses NULL requests -if allowed by the recursive DNS server- which can fit 1KB+ per request/reply.

[_RPM]

I've set up my laptop to go to my home internal server (old laptop) for DNS. My quality-of-development-environment has increased because I can associate any internal in development app I want with a hostname tied to my internal DNS prefix. Very useful for setting up nginx for multiple applications.

[ersoft]

You can do it locally with dnsmasq or using xip.io, without an extra server.