[squid-users] Force DNS queries over TCP?

Chris Horry zerbey at gmail.com
Thu Jun 30 18:20:53 UTC 2016



On 06/30/2016 13:34, Alex Crow wrote:
> I'd suggest changing IP as this practice is
> 
> a) a violation of trust, forcing you to use a potentially compromised
> resource you have no control over
> b) a clear violation of net-neutrality
> c) a violation of standards (as it's probably one of those that instead
> of returning NXDOMAIN as required sends you to an advertising page.
> )

Tell me about it.  My ISP and I are having a pitched battle about it
now.  Unfortunately my options are limited in my current area but at
least it's not Comcast!

> I'm pretty sure you /can/ configure BIND to work like that. I should
> imagine you could set up forwarders to TCP-based DNS servers.
> 
> The other option is to get a DNS server set up on a VPS and tunnel your
> requests to it via IPSEC.

Sounds like a good idea, time to learn IPSEC!

Thanks,

Chris

-- 
Chris Horry
zerbey at gmail.com
http://www.twitter.com/zerbey
PGP:638C3E7A

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160630/4f375a87/attachment-0001.sig>


More information about the squid-users mailing list