RE: broken DNS proxying at public wireless hotspots
If so, how do you configure your client operating system of choice to use the novel, un-proxied ports instead of using port 53?
* Set up the profile, to your house/work/etc, of your favorite SSH client to forward port 53 local to port 53 on your remote machine. * Make sure your SSH Profile connects to your house/work/etc via IP, not name * make sure there is some sort of DNS server running on the target of your SSH session * make sure your SSH server supports forwarded ports * connect to your house/work/etc. * repoint your local DNS client config to 127.0.0.1 * browse at will * (don't forget to undo this later or risk losing your sanity....) Same type of config works great for HTTP (with squid, and browser proxy settings) etc..
On Sat, Feb 03, 2007 at 09:22:30PM -0800, Lasher, Donn wrote:
If so, how do you configure your client operating system of choice to use the novel, un-proxied ports instead of using port 53?
* Set up the profile, to your house/work/etc, of your favorite SSH client to forward port 53 local to port 53 on your remote machine.
<snip>
Same type of config works great for HTTP (with squid, and browser proxy settings) etc..
The flaw here is that DNS operates over 53(UDP), last time I checked SSH doesn't do UDP port forwarding? Cheers, Trent
On 4-Feb-2007, at 00:58, Trent Lloyd wrote:
The flaw here is that DNS operates over 53(UDP), last time I checked SSH doesn't do UDP port forwarding?
In the interests of dispelling a common myth, DNS operates over both 53/udp and 53/tcp. However, given that a substantial portion of most clients' queries will likely use UDP transport, your fundamental point stands. Joe
Hi Joe, On Sun, Feb 04, 2007 at 01:30:58AM -0500, Joe Abley wrote:
On 4-Feb-2007, at 00:58, Trent Lloyd wrote:
The flaw here is that DNS operates over 53(UDP), last time I checked SSH doesn't do UDP port forwarding?
In the interests of dispelling a common myth, DNS operates over both 53/udp and 53/tcp. However, given that a substantial portion of most clients' queries will likely use UDP transport, your fundamental point stands.
Sorry, yes, you are 100% correct in that, but as you say in practice all client resolver queries are most likely to be over UDP :) Cheers, Trent
Trent Lloyd wrote:
On Sat, Feb 03, 2007 at 09:22:30PM -0800, Lasher, Donn wrote:
If so, how do you configure your client operating system of choice to
use the novel, un-proxied ports instead of using
port 53?
* Set up the profile, to your house/work/etc, of your favorite SSH client to forward port 53 local to port 53 on your remote machine.
<snip>
Same type of config works great for HTTP (with squid, and browser proxy settings) etc..
The flaw here is that DNS operates over 53(UDP), last time I checked SSH doesn't do UDP port forwarding?
Cheers, Trent
Looks like someone already has this exact case figured out http://zarb.org/~gc/html/udp-in-ssh-tunneling.html
Once upon a time, Trent Lloyd <lathiat@bur.st> said:
The flaw here is that DNS operates over 53(UDP), last time I checked SSH doesn't do UDP port forwarding?
It doesn't forward UDP ports, but you can set up a full IP tunnel with it now. -- Chris Adams <cmadams@hiwaay.net> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
Once upon a time, Chris Adams <cmadams@hiwaay.net> said:
Once upon a time, Trent Lloyd <lathiat@bur.st> said:
The flaw here is that DNS operates over 53(UDP), last time I checked SSH doesn't do UDP port forwarding?
It doesn't forward UDP ports, but you can set up a full IP tunnel with it now.
Sorry to follow up to my own message, but by "it" I mean OpenSSH. You do have to be running *BSD or Linux on both ends to do this. -- Chris Adams <cmadams@hiwaay.net> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
http://www.isc.org/index.pl?/sources/network/utils/ien116.php Shows how to implement the good old ien 116 nameserver and how to query it. It runs from the inetd. No need to have it waste memory and cpu all the time. Run an ien 116 nameserver at home and query it, using your laptop. Next maintain your /etc/hosts I hope your laptop reads /etc/hosts or the windows hosts file before querying DNS. Mine do. Except for the Mac there is no way short from a firewall to convince your laptop to use another port than 53 for DNS. But why not run your personal dns-server, bind or djbdns. they both can use other ports than 53. Kind regards Peter and Karin Lasher, Donn wrote:
If so, how do you configure your client operating system of choice to
use the novel, un-proxied ports instead of using
port 53?
* Set up the profile, to your house/work/etc, of your favorite SSH client to forward port 53 local to port 53 on your remote machine. * Make sure your SSH Profile connects to your house/work/etc via IP, not name * make sure there is some sort of DNS server running on the target of your SSH session * make sure your SSH server supports forwarded ports * connect to your house/work/etc. * repoint your local DNS client config to 127.0.0.1 * browse at will * (don't forget to undo this later or risk losing your sanity....)
Same type of config works great for HTTP (with squid, and browser proxy settings) etc..
-- Peter and Karin Dambier Cesidian Root - Radice Cesidiana Rimbacher-Strasse 16 D-69509 Moerlenbach-Bonsweiher +49(6209)795-816 (Telekom) +49(6252)750-308 (VoIP: sipgate.de) mail: peter@peter-dambier.de mail: peter@echnaton.serveftp.com http://iason.site.voila.fr/ https://sourceforge.net/projects/iason/ http://www.cesidianroot.com/
participants (6)
-
Chris Adams -
Joe Abley -
Lasher, Donn -
Peter Dambier -
Roy -
Trent Lloyd