<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
-----BEGIN PGP SIGNED MESSAGE----- <br>
Hash: SHA256 <br>
<br>
I've google-fu for you:<br>
<br>
!
<a class="moz-txt-link-freetext" href="http://serverfault.com/questions/295819/cisco-router-redirect-any-dns-request-to-my-own-dns-server">http://serverfault.com/questions/295819/cisco-router-redirect-any-dns-request-to-my-own-dns-server</a><br>
<br>
ip access-list extended transparent_dns<br>
permit udp any any eq 53<br>
<br>
route-map redirect_dns permit 10<br>
match ip address transparent_dns<br>
set ip next-hop ip.of.your.server<br>
route-map redirect_dns permit 20<br>
<br>
interface fax/x<br>
ip address xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx<br>
ip policy route-map redirect_dns<br>
<br>
<br>
01.07.2016 1:29, Yuri Voinov пишет:<br>
<span style="white-space: pre;">><br>
> Just no forward queries to roots, what's the problem with
Unbound?<br>
><br>
> 01.07.2016 1:26, Jorgeley Junior пишет:<br>
> > I'm not sure, but, if your ISP<br>
> is intercepting your DNS queries, maybe you could use
the mangle<br>
> netfilter table to change your DNS queries and so
deceive your<br>
> ISP, but I'm almost sure that the root servers will not
recognize.<br>
> It was just an idea.<br>
><br>
><br>
><br>
> > 2016-06-30 16:16 GMT-03:00 Yuri Voinov
<<a class="moz-txt-link-abbreviated" href="mailto:yvoinov@gmail.com">yvoinov@gmail.com</a><br>
> <a class="moz-txt-link-rfc2396E" href="mailto:yvoinov@gmail.com"><mailto:yvoinov@gmail.com></a>>:<br>
><br>
><br>
><br>
><br>
><br>
> > Consider TCP/UDP/53 Cisco interception + Unbound +
dnscrypt.<br>
> And 127.0.0.1:53 <a class="moz-txt-link-rfc2396E" href="http://127.0.0.1:53"><http://127.0.0.1:53></a> as your
squid's DNS<br>
> resolver finally.<br>
><br>
><br>
><br>
><br>
><br>
> > 01.07.2016 1:07, Chris Horry пишет:<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > > On 06/30/2016 14:55, Alex Crow wrote:<br>
><br>
><br>
><br>
> > >><br>
><br>
><br>
><br>
> > >><br>
><br>
><br>
><br>
> > >> On 30/06/16 19:40, brendan kearney
wrote:<br>
><br>
><br>
><br>
> > >>><br>
><br>
><br>
><br>
> > >>> Nscd or name server caching
daemon may be<br>
> of help. I<br>
><br>
> > believe you can<br>
><br>
><br>
><br>
> > >>> run your own bind instqnce and
point it at<br>
> the roots,<br>
><br>
> > instead of using<br>
><br>
><br>
><br>
> > >>> your isp's broken
implementation<br>
><br>
><br>
><br>
> > >>><br>
><br>
><br>
><br>
> > >>> On Jun 30, 2016 2:21 PM, "Chris
Horry"<br>
><br>
> > <<a class="moz-txt-link-abbreviated" href="mailto:zerbey@gmail.com">zerbey@gmail.com</a>
<a class="moz-txt-link-rfc2396E" href="mailto:zerbey@gmail.com"><mailto:zerbey@gmail.com></a><br>
><br>
><br>
><br>
> > >>> <a class="moz-txt-link-rfc2396E" href="mailto:zerbey@gmail.com"><mailto:zerbey@gmail.com></a><br>
> <a class="moz-txt-link-rfc2396E" href="mailto:zerbey@gmail.com"><mailto:zerbey@gmail.com></a>> wrote:<br>
><br>
><br>
><br>
> > >><br>
><br>
><br>
><br>
> > >> If the ISP is intercepting and
redirecting all<br>
><br>
> > connections to UDP/53,<br>
><br>
><br>
><br>
> > >> which seems to be the case, I'm not
sure this<br>
> would help,<br>
><br>
> > unless the<br>
><br>
><br>
><br>
> > >> roots support TCP access.<br>
><br>
><br>
><br>
> > >><br>
><br>
><br>
><br>
> > >> Chris, can you confirm this seems
to be your<br>
> ISP's<br>
><br>
> > behaviour? If so,<br>
><br>
><br>
><br>
> > >> avoiding sending *any* queries in
cleartext<br>
> via UDP/53 is<br>
><br>
> > the only way<br>
><br>
><br>
><br>
> > >> to do it.<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > > That is indeed my ISP's behaviour, they
force<br>
> redirect UDP/53<br>
><br>
> > to their<br>
><br>
><br>
><br>
> > > broken implementation so the only
option I have is<br>
> to use<br>
><br>
> > TCP.<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > > Chris<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > >
_______________________________________________<br>
><br>
><br>
><br>
> > > squid-users mailing list<br>
><br>
><br>
><br>
> > > <a class="moz-txt-link-abbreviated" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br>
> <a class="moz-txt-link-rfc2396E" href="mailto:squid-users@lists.squid-cache.org"><mailto:squid-users@lists.squid-cache.org></a><br>
><br>
><br>
><br>
> > >
<a class="moz-txt-link-freetext" href="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</a><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> >
_______________________________________________<br>
><br>
> > squid-users mailing list<br>
><br>
> > <a class="moz-txt-link-abbreviated" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br>
> <a class="moz-txt-link-rfc2396E" href="mailto:squid-users@lists.squid-cache.org"><mailto:squid-users@lists.squid-cache.org></a><br>
><br>
> >
<a class="moz-txt-link-freetext" href="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</a><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > --<br>
><br>
> > *_<br>
><br>
> > _*<br>
><br>
> > *_<br>
><br>
> > _*<br>
><br>
></span><br>
<br>
-----BEGIN PGP SIGNATURE-----
<br>
Version: GnuPG v2
<br>
<br>
iQEcBAEBCAAGBQJXdXNSAAoJENNXIZxhPexGsAQH/iBYOYkDKok5CHsQsjQ8HLZX
<br>
bgm7Lj8Ivcn2oa0jRlh5JAMbqYvzDgBvryPR/9Hz2B1rOggNpdK70W7q3+DLhjRU
<br>
TKC7+TlyklLy9TEjGl0ntAXT9s/zetr6Y47FgCOycqxE6jEByZcbnwkch/jnACGz
<br>
/qRa1P9nLop7cAXU7Lo1be27tDatYbhBXuhHsyUVKLnmyTRUbC/wtRGtYZ6gsxU1
<br>
Clp6sIhM656SVK79cN2JGQCEuECtalGIuJsi5DpmdlUJrizEStc7IfJKznyKVaAs
<br>
ATh5VmTCERuzylzSd5rsGOw6wkKwN/zfbuS9DwzUFgLyT2aeJhm7djsJjVNO3I4=
<br>
=lZ7H
<br>
-----END PGP SIGNATURE-----
<br>
<br>
</body>
</html>