<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
-----BEGIN PGP SIGNED MESSAGE----- <br>
Hash: SHA256 <br>
<br>
This is no f*cking problem. Intercept DNS queries first, resolve it
by DNSCrypt, output for your users. Viola, profit!<br>
<br>
01.07.2016 1:26, Jorgeley Junior пишет:<br>
<span style="white-space: pre;">> I'm not sure, but, if your ISP
is intercepting your DNS queries, maybe you could use the mangle
netfilter table to change your DNS queries and so deceive your
ISP, but I'm almost sure that the root servers will not recognize.
It was just an idea.<br>
><br>
> 2016-06-30 16:16 GMT-03:00 Yuri Voinov <<a class="moz-txt-link-abbreviated" href="mailto:yvoinov@gmail.com">yvoinov@gmail.com</a>
<a class="moz-txt-link-rfc2396E" href="mailto:yvoinov@gmail.com"><mailto:yvoinov@gmail.com></a>>:<br>
><br>
><br>
> Consider TCP/UDP/53 Cisco interception + Unbound + dnscrypt.
And 127.0.0.1:53 <a class="moz-txt-link-rfc2396E" href="http://127.0.0.1:53"><http://127.0.0.1:53></a> as your squid's DNS
resolver finally.<br>
><br>
><br>
> 01.07.2016 1:07, Chris Horry пишет:<br>
><br>
><br>
><br>
><br>
> > On 06/30/2016 14:55, Alex Crow wrote:<br>
><br>
> >><br>
><br>
> >><br>
><br>
> >> On 30/06/16 19:40, brendan kearney wrote:<br>
><br>
> >>><br>
><br>
> >>> Nscd or name server caching daemon may be
of help. I<br>
> believe you can<br>
><br>
> >>> run your own bind instqnce and point it at
the roots,<br>
> instead of using<br>
><br>
> >>> your isp's broken implementation<br>
><br>
> >>><br>
><br>
> >>> On Jun 30, 2016 2:21 PM, "Chris Horry"<br>
> <<a class="moz-txt-link-abbreviated" href="mailto:zerbey@gmail.com">zerbey@gmail.com</a> <a class="moz-txt-link-rfc2396E" href="mailto:zerbey@gmail.com"><mailto:zerbey@gmail.com></a><br>
><br>
> >>> <a class="moz-txt-link-rfc2396E" href="mailto:zerbey@gmail.com"><mailto:zerbey@gmail.com></a>
<a class="moz-txt-link-rfc2396E" href="mailto:zerbey@gmail.com"><mailto:zerbey@gmail.com></a>> wrote:<br>
><br>
> >><br>
><br>
> >> If the ISP is intercepting and redirecting all<br>
> connections to UDP/53,<br>
><br>
> >> which seems to be the case, I'm not sure this
would help,<br>
> unless the<br>
><br>
> >> roots support TCP access.<br>
><br>
> >><br>
><br>
> >> Chris, can you confirm this seems to be your
ISP's<br>
> behaviour? If so,<br>
><br>
> >> avoiding sending *any* queries in cleartext
via UDP/53 is<br>
> the only way<br>
><br>
> >> to do it.<br>
><br>
><br>
><br>
> > That is indeed my ISP's behaviour, they force
redirect UDP/53<br>
> to their<br>
><br>
> > broken implementation so the only option I have is
to use<br>
> TCP.<br>
><br>
><br>
><br>
> > Chris<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > _______________________________________________<br>
><br>
> > squid-users mailing list<br>
><br>
> > <a class="moz-txt-link-abbreviated" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a>
<a class="moz-txt-link-rfc2396E" href="mailto:squid-users@lists.squid-cache.org"><mailto:squid-users@lists.squid-cache.org></a><br>
><br>
> > <a class="moz-txt-link-freetext" href="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</a><br>
><br>
><br>
><br>
> _______________________________________________<br>
> squid-users mailing list<br>
> <a class="moz-txt-link-abbreviated" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a>
<a class="moz-txt-link-rfc2396E" href="mailto:squid-users@lists.squid-cache.org"><mailto:squid-users@lists.squid-cache.org></a><br>
> <a class="moz-txt-link-freetext" href="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</a><br>
><br>
><br>
><br>
><br>
> -- <br>
> *_<br>
> _*<br>
> *_<br>
> _*</span><br>
<br>
-----BEGIN PGP SIGNATURE-----
<br>
Version: GnuPG v2
<br>
<br>
iQEcBAEBCAAGBQJXdXK0AAoJENNXIZxhPexG18QIALd3PhGiRehrvqSEVE+x7i29
<br>
VNLJzkAgswlKB5HSIkyF1LPwFzJ5hErfdN8gEY/QAyEEi7XbDLN63CzKmMHfuwJY
<br>
LxGWEYlWN26eciJtchpA7wM3s1yGDXRO7jnsGPwUV6Ctm5g72Q/Hpyr5Lr5dUZX5
<br>
6zdNCKnMlbO//PS943YBJHCAUbl1xxgQwGIowDYjUnEcXhuMBGZXqrErNQfNFAoi
<br>
ymoKleAmqOb2BAlvCloo2ZyLIzsoslWxhKktNEnfPb5hBh9XXGRmrRQ3ikSyKXKW
<br>
nSbhQlwXbu/GJJQkmuXEvKS/WfaAjDzggBX4j7+4APnmfxQTriVB4VJ3iTEXk3A=
<br>
=XMR0
<br>
-----END PGP SIGNATURE-----
<br>
<br>
</body>
</html>