Re: broken DNS proxying at public wireless hotspots
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Use OpenDNS? - - ferg - -- "Suresh Ramasubramanian" <ops.lists@gmail.com> wrote: Right now, I'm on a swisscom eurospot wifi connection at Paris airport, and this - yet again - has a DNS proxy setup so that the first few queries for a host will return some nonsense value like 1.2.3.4, or will return the records for com instead. Some 4 or 5 minutes later, the dns server might actually return the right dns record. ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25634 ;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 11 ;; QUESTION SECTION: ;www.kcircle.com. IN A ;; AUTHORITY SECTION: com. 172573 IN NS j.gtld-servers.net. com. 172573 IN NS k.gtld-servers.net. [etc] ;; Query time: 1032 msec ;; SERVER: 192.168.48.1#53(192.168.48.1) ;; WHEN: Sat Feb 3 11:33:07 2007 ;; MSG SIZE rcvd: 433 They're not the first provider I've seen doing this, and the obvious workarounds (setting another NS in resolv.conf, or running a local dns caching resolver) dont work either as all dns traffic is proxied. Sure I could route dns queries out through a ssh tunnel but the latency makes this kind of thing unusable at times. I'm then reduced to hardwiring some critical work server IPs into /etc/hosts What do nanogers usually do when caught in a situation like this? thanks srs - -- Suresh Ramasubramanian (ops.lists@gmail.com) -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) wj8DBQFFxCmJq1pz9mNUZTMRAhCBAKCpmCoKnQ09hCF+uwAfnF/Ht5VQ8wCfXykH ATEHEAwCnErNlgbZHYAmF+M= =V8Zf -----END PGP SIGNATURE-----
On Sat, 3 Feb 2007, Fergie wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Use OpenDNS?
- - ferg
How can that make a difference when he already said that setting NS in "resolv.conf" does not help. BTW - personally if name resolution at hotspot is not working (and sometimes even if it is) I connect by ssh to my "home system" using its public ip address and then tunnel X11 and call broswer and other programs there.
- -- "Suresh Ramasubramanian" <ops.lists@gmail.com> wrote:
Right now, I'm on a swisscom eurospot wifi connection at Paris airport, and this - yet again - has a DNS proxy setup so that the first few queries for a host will return some nonsense value like 1.2.3.4, or will return the records for com instead. Some 4 or 5 minutes later, the dns server might actually return the right dns record.
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25634 ;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 11 ;; QUESTION SECTION: ;www.kcircle.com. IN A ;; AUTHORITY SECTION: com. 172573 IN NS j.gtld-servers.net. com. 172573 IN NS k.gtld-servers.net.
[etc] ;; Query time: 1032 msec ;; SERVER: 192.168.48.1#53(192.168.48.1) ;; WHEN: Sat Feb 3 11:33:07 2007 ;; MSG SIZE rcvd: 433
They're not the first provider I've seen doing this, and the obvious workarounds (setting another NS in resolv.conf, or running a local dns caching resolver) dont work either as all dns traffic is proxied. Sure I could route dns queries out through a ssh tunnel but the latency makes this kind of thing unusable at times. I'm then reduced to hardwiring some critical work server IPs into /etc/hosts
What do nanogers usually do when caught in a situation like this?
thanks srs
- -- Suresh Ramasubramanian (ops.lists@gmail.com)
-----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003)
wj8DBQFFxCmJq1pz9mNUZTMRAhCBAKCpmCoKnQ09hCF+uwAfnF/Ht5VQ8wCfXykH ATEHEAwCnErNlgbZHYAmF+M= =V8Zf -----END PGP SIGNATURE-----
On 3-Feb-2007, at 06:20, Fergie wrote:
Use OpenDNS?
OpenDNS provides service on other than 53/tcp and 53/udp? If so, how do you configure your client operating system of choice to use the novel, un-proxied ports instead of using port 53? Joe
On Sat, 3 Feb 2007, Fergie wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Use OpenDNS?
- -- "Suresh Ramasubramanian" <ops.lists@gmail.com> wrote:
Right now, I'm on a swisscom eurospot wifi connection at Paris airport, and this - yet again - has a DNS proxy setup so that the
<snip>
They're not the first provider I've seen doing this, and the obvious workarounds (setting another NS in resolv.conf, or running a local dns caching resolver) dont work either as all dns traffic is proxied.
see where it says: "all dns traffic is proxied"... :(
participants (4)
-
Chris L. Morrow -
Fergie -
Joe Abley -
william(at)elan.net