[squid-users] Force DNS queries over TCP?

Yuri Voinov yvoinov at gmail.com
Thu Jun 30 19:29:04 UTC 2016 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
 
Just no forward queries to roots, what's the problem with Unbound?

01.07.2016 1:26, Jorgeley Junior пишет:
> I'm not sure, but, if your ISP is intercepting your DNS queries, maybe you could use the mangle
netfilter table to change your DNS queries and so deceive your ISP, but
I'm almost sure that the root servers will not recognize. It was just an
idea.
>
> 2016-06-30 16:16 GMT-03:00 Yuri Voinov <yvoinov at gmail.com
<mailto:yvoinov at gmail.com>>:
>
>
> Consider TCP/UDP/53 Cisco interception + Unbound + dnscrypt. And
127.0.0.1:53 <http://127.0.0.1:53> as your squid's DNS resolver finally.
>
>
> 01.07.2016 1:07, Chris Horry пишет:
>
>
>
>
>       > On 06/30/2016 14:55, Alex Crow wrote:
>
>       >>
>
>       >>
>
>       >> On 30/06/16 19:40, brendan kearney wrote:
>
>       >>>
>
>       >>> Nscd or name server caching daemon may be of help.  I
>       believe you can
>
>       >>> run your own bind instqnce and point it at the roots,
>       instead of using
>
>       >>> your isp's broken implementation
>
>       >>>
>
>       >>> On Jun 30, 2016 2:21 PM, "Chris Horry"
>       <zerbey at gmail.com <mailto:zerbey at gmail.com>
>
>       >>> <mailto:zerbey at gmail.com> <mailto:zerbey at gmail.com>> wrote:
>
>       >>
>
>       >> If the ISP is intercepting and redirecting all
>       connections to UDP/53,
>
>       >> which seems to be the case, I'm not sure this would help,
>       unless the
>
>       >> roots support TCP access.
>
>       >>
>
>       >> Chris, can you confirm this seems to be your ISP's
>       behaviour? If so,
>
>       >> avoiding sending *any* queries in cleartext via UDP/53 is
>       the only way
>
>       >> to do it.
>
>
>
>       > That is indeed my ISP's behaviour, they force redirect UDP/53
>       to their
>
>       > broken implementation so the only option I have is to use
>       TCP.
>
>
>
>       > Chris
>
>
>
>
>
>
>
>       > _______________________________________________
>
>       > squid-users mailing list
>
>       > squid-users at lists.squid-cache.org
<mailto:squid-users at lists.squid-cache.org>
>
>       > http://lists.squid-cache.org/listinfo/squid-users
>
>
>
>     _______________________________________________
>     squid-users mailing list
>     squid-users at lists.squid-cache.org
<mailto:squid-users at lists.squid-cache.org>
>     http://lists.squid-cache.org/listinfo/squid-users
>
>
>
>
> --
> *_
> _*
> *_
> _*

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
 
iQEcBAEBCAAGBQJXdXMAAAoJENNXIZxhPexGzgcH/29x5bFlTT8tVo9Jer1zUehL
RekQo3cTUI7KLPm290rThIYxBsbT91YvffeJADs4cd/jlZJiZjt9HNjX694XKZVj
4goPul66CWHMdT9VkTsRrcIRaAK2eTBE3TRF8cVXv72o0Fv6bofvdVITU4ePe03t
uU6K7Sw2e2FDCjNRCNvrgPxr4/70NUK5QaRWwHEjDWABb2n+j1k9phraUqcD18w5
bWJmQkmfmZLQiDMWekOgsnk1dtNb/bMTqpyf1QccUp3ZDBMWWix0XY/6xQGWsFRw
TTVUpgM1hZMygHfOlUcb2120XRbx3OnrEOYn1rmdso68aGEM/cQ/57ocHXZAIJs=
=6MXo
-----END PGP SIGNATURE-----

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160701/b8b3da3f/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x613DEC46.asc
Type: application/pgp-keys
Size: 2437 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160701/b8b3da3f/attachment-0001.key>

More information about the squid-users mailing list