[squid-users] Force DNS queries over TCP?
Yuri Voinov
yvoinov at gmail.com
Thu Jun 30 19:30:27 UTC 2016
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
I've google-fu for you:
!
http://serverfault.com/questions/295819/cisco-router-redirect-any-dns-request-to-my-own-dns-server
ip access-list extended transparent_dns
permit udp any any eq 53
route-map redirect_dns permit 10
match ip address transparent_dns
set ip next-hop ip.of.your.server
route-map redirect_dns permit 20
interface fax/x
ip address xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
ip policy route-map redirect_dns
01.07.2016 1:29, Yuri Voinov пишет:
>
> Just no forward queries to roots, what's the problem with Unbound?
>
> 01.07.2016 1:26, Jorgeley Junior пишет:
> > I'm not sure, but, if your ISP
> is intercepting your DNS queries, maybe you could use the mangle
> netfilter table to change your DNS queries and so deceive your
> ISP, but I'm almost sure that the root servers will not recognize.
> It was just an idea.
>
>
>
> > 2016-06-30 16:16 GMT-03:00 Yuri Voinov <yvoinov at gmail.com
> <mailto:yvoinov at gmail.com>>:
>
>
>
>
>
> > Consider TCP/UDP/53 Cisco interception + Unbound + dnscrypt.
> And 127.0.0.1:53 <http://127.0.0.1:53> as your squid's DNS
> resolver finally.
>
>
>
>
>
> > 01.07.2016 1:07, Chris Horry пишет:
>
>
>
>
>
>
>
>
>
> > > On 06/30/2016 14:55, Alex Crow wrote:
>
>
>
> > >>
>
>
>
> > >>
>
>
>
> > >> On 30/06/16 19:40, brendan kearney wrote:
>
>
>
> > >>>
>
>
>
> > >>> Nscd or name server caching daemon may be
> of help. I
>
> > believe you can
>
>
>
> > >>> run your own bind instqnce and point it at
> the roots,
>
> > instead of using
>
>
>
> > >>> your isp's broken implementation
>
>
>
> > >>>
>
>
>
> > >>> On Jun 30, 2016 2:21 PM, "Chris Horry"
>
> > <zerbey at gmail.com <mailto:zerbey at gmail.com>
>
>
>
> > >>> <mailto:zerbey at gmail.com>
> <mailto:zerbey at gmail.com>> wrote:
>
>
>
> > >>
>
>
>
> > >> If the ISP is intercepting and redirecting all
>
> > connections to UDP/53,
>
>
>
> > >> which seems to be the case, I'm not sure this
> would help,
>
> > unless the
>
>
>
> > >> roots support TCP access.
>
>
>
> > >>
>
>
>
> > >> Chris, can you confirm this seems to be your
> ISP's
>
> > behaviour? If so,
>
>
>
> > >> avoiding sending *any* queries in cleartext
> via UDP/53 is
>
> > the only way
>
>
>
> > >> to do it.
>
>
>
>
>
>
>
> > > That is indeed my ISP's behaviour, they force
> redirect UDP/53
>
> > to their
>
>
>
> > > broken implementation so the only option I have is
> to use
>
> > TCP.
>
>
>
>
>
>
>
> > > Chris
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> > > _______________________________________________
>
>
>
> > > squid-users mailing list
>
>
>
> > > squid-users at lists.squid-cache.org
> <mailto:squid-users at lists.squid-cache.org>
>
>
>
> > > http://lists.squid-cache.org/listinfo/squid-users
>
>
>
>
>
>
>
> > _______________________________________________
>
> > squid-users mailing list
>
> > squid-users at lists.squid-cache.org
> <mailto:squid-users at lists.squid-cache.org>
>
> > http://lists.squid-cache.org/listinfo/squid-users
>
>
>
>
>
>
>
>
>
> > --
>
> > *_
>
> > _*
>
> > *_
>
> > _*
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJXdXNSAAoJENNXIZxhPexGsAQH/iBYOYkDKok5CHsQsjQ8HLZX
bgm7Lj8Ivcn2oa0jRlh5JAMbqYvzDgBvryPR/9Hz2B1rOggNpdK70W7q3+DLhjRU
TKC7+TlyklLy9TEjGl0ntAXT9s/zetr6Y47FgCOycqxE6jEByZcbnwkch/jnACGz
/qRa1P9nLop7cAXU7Lo1be27tDatYbhBXuhHsyUVKLnmyTRUbC/wtRGtYZ6gsxU1
Clp6sIhM656SVK79cN2JGQCEuECtalGIuJsi5DpmdlUJrizEStc7IfJKznyKVaAs
ATh5VmTCERuzylzSd5rsGOw6wkKwN/zfbuS9DwzUFgLyT2aeJhm7djsJjVNO3I4=
=lZ7H
-----END PGP SIGNATURE-----
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160701/0a035046/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x613DEC46.asc
Type: application/pgp-keys
Size: 2437 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160701/0a035046/attachment.key>
More information about the squid-users
mailing list