<div dir="ltr">I'm not sure, but, if your ISP is intercepting your DNS queries, maybe you could use the mangle netfilter table to change your DNS queries and so deceive your ISP, but I'm almost sure that the root servers will not recognize. It was just an idea.<br></div><div class="gmail_extra"><br><div class="gmail_quote">2016-06-30 16:16 GMT-03:00 Yuri Voinov <span dir="ltr"><<a href="mailto:yvoinov@gmail.com" target="_blank">yvoinov@gmail.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<br>
-----BEGIN PGP SIGNED MESSAGE----- <br>
Hash: SHA256 <br>
<br>
Consider TCP/UDP/53 Cisco interception + Unbound + dnscrypt. And
<a href="http://127.0.0.1:53" target="_blank">127.0.0.1:53</a> as your squid's DNS resolver finally.<br>
<br>
<br>
01.07.2016 1:07, Chris Horry пишет:<br>
<span style="white-space:pre-wrap"><span class="">><br>
><br>
> On 06/30/2016 14:55, Alex Crow wrote:<br>
>><br>
>><br>
>> On 30/06/16 19:40, brendan kearney wrote:<br>
>>><br>
>>> Nscd or name server caching daemon may be of help. I
believe you can<br>
>>> run your own bind instqnce and point it at the roots,
instead of using<br>
>>> your isp's broken implementation<br>
>>><br>
>>> On Jun 30, 2016 2:21 PM, "Chris Horry"
<<a href="mailto:zerbey@gmail.com" target="_blank">zerbey@gmail.com</a><br>
>>> <a href="mailto:zerbey@gmail.com" target="_blank"><mailto:zerbey@gmail.com></a>> wrote:<br>
>><br>
>> If the ISP is intercepting and redirecting all
connections to UDP/53,<br>
>> which seems to be the case, I'm not sure this would help,
unless the<br>
>> roots support TCP access.<br>
>><br>
>> Chris, can you confirm this seems to be your ISP's
behaviour? If so,<br>
>> avoiding sending *any* queries in cleartext via UDP/53 is
the only way<br>
>> to do it.<br>
><br>
> That is indeed my ISP's behaviour, they force redirect UDP/53
to their<br>
> broken implementation so the only option I have is to use
TCP.<br>
><br>
> Chris<br>
><br>
><br>
><br></span><span class="">
> _______________________________________________<br>
> squid-users mailing list<br>
> <a href="mailto:squid-users@lists.squid-cache.org" target="_blank">squid-users@lists.squid-cache.org</a><br>
> <a href="http://lists.squid-cache.org/listinfo/squid-users" target="_blank">http://lists.squid-cache.org/listinfo/squid-users</a></span></span><br>
<br>
-----BEGIN PGP SIGNATURE-----
<br>
Version: GnuPG v2
<br>
<br>
iQEcBAEBCAAGBQJXdXAkAAoJENNXIZxhPexGYlAH/A8NZGERE0+0i6N3IWQsvR1o
<br>
LV9GIrmHZ6fBuMTgYWdul7YUDcUV5OT1kZ6GslbHdG/cfT7EqXDmWEUOy36kdTc6
<br>
50sIDLDGgD4XU3J0AFDyKV+yma1kuO8D3ZcE3nYMbSveX/MmdSZkoatIKwVKJkIP
<br>
W1DFWFhHICC9Xzxia2t+qnRQ3TpXNnTEQbg2j4uMVbgeeYqOWkjg2VG/RcaxIrk6
<br>
AQsXfPzwHC4Dy1GmDSEEEzu2+Q5lfL/IXStLENi9x4izmy+236/5ZOybv3Co6NRG
<br>
2EQdOoSeLvz2MgEbrNbHYABDkqt4Pjo7JKjONdAbnEBAAIgNKwW5pUSCBQok5+4=
<br>
=paVE
<br>
-----END PGP SIGNATURE-----
<br>
<br>
</div>
<br>_______________________________________________<br>
squid-users mailing list<br>
<a href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br>
<a href="http://lists.squid-cache.org/listinfo/squid-users" rel="noreferrer" target="_blank">http://lists.squid-cache.org/listinfo/squid-users</a><br>
<br></blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div style="text-align:left"><font size="4"><b><u><br></u></b></font></div><div style="text-align:left"><font size="4"><b><u><img src="https://lh6.googleusercontent.com/-xODPvbH2piQ/T6RqD0dqXjI/AAAAAAAAAPk/0I8Y3aq0mYM/h120/linuxano+assinatura+e-mail.png"><br></u></b></font></div></div>
</div>