Re: Force DNS queries over TCP?

Jorgeley Junior <jorgeley@xxxxxxxxx> · Thu, 30 Jun 2016 16:26:05 -0300

I'm not sure, but, if your ISP is intercepting your DNS queries, maybe you could use the mangle netfilter table to change your DNS queries and so deceive your ISP, but I'm almost sure that the root servers will not recognize. It was just an idea.

2016-06-30 16:16 GMT-03:00 Yuri Voinov <yvoinov@xxxxxxxxx>:

    -----BEGIN PGP SIGNED MESSAGE----- 

    Hash: SHA256 

    Consider TCP/UDP/53 Cisco interception + Unbound + dnscrypt. And
    127.0.0.1:53 as your squid's DNS resolver finally.

    01.07.2016 1:07, Chris Horry пишет:

    >

      >

      > On 06/30/2016 14:55, Alex Crow wrote:

      >>

      >>

      >> On 30/06/16 19:40, brendan kearney wrote:

      >>>

      >>> Nscd or name server caching daemon may be of help.  I
      believe you can

      >>> run your own bind instqnce and point it at the roots,
      instead of using

      >>> your isp's broken implementation

      >>>

      >>> On Jun 30, 2016 2:21 PM, "Chris Horry"
      <zerbey@xxxxxxxxx

      >>> <mailto:zerbey@xxxxxxxxx>> wrote:

      >>

      >> If the ISP is intercepting and redirecting all
      connections to UDP/53,

      >> which seems to be the case, I'm not sure this would help,
      unless the

      >> roots support TCP access.

      >>

      >> Chris, can you confirm this seems to be your ISP's
      behaviour? If so,

      >> avoiding sending *any* queries in cleartext via UDP/53 is
      the only way

      >> to do it.

      >

      > That is indeed my ISP's behaviour, they force redirect UDP/53
      to their

      > broken implementation so the only option I have is to use
      TCP.

      >

      > Chris

      >

      >

      >

      > _______________________________________________

      > squid-users mailing list

      > squid-users@xxxxxxxxxxxxxxxxxxxxx

      > http://lists.squid-cache.org/listinfo/squid-users

    -----BEGIN PGP SIGNATURE-----

    Version: GnuPG v2

    iQEcBAEBCAAGBQJXdXAkAAoJENNXIZxhPexGYlAH/A8NZGERE0+0i6N3IWQsvR1o

    LV9GIrmHZ6fBuMTgYWdul7YUDcUV5OT1kZ6GslbHdG/cfT7EqXDmWEUOy36kdTc6

    50sIDLDGgD4XU3J0AFDyKV+yma1kuO8D3ZcE3nYMbSveX/MmdSZkoatIKwVKJkIP

    W1DFWFhHICC9Xzxia2t+qnRQ3TpXNnTEQbg2j4uMVbgeeYqOWkjg2VG/RcaxIrk6

    AQsXfPzwHC4Dy1GmDSEEEzu2+Q5lfL/IXStLENi9x4izmy+236/5ZOybv3Co6NRG

    2EQdOoSeLvz2MgEbrNbHYABDkqt4Pjo7JKjONdAbnEBAAIgNKwW5pUSCBQok5+4=

    =paVE

    -----END PGP SIGNATURE-----

_______________________________________________

squid-users mailing list

squid-users@xxxxxxxxxxxxxxxxxxxxx

http://lists.squid-cache.org/listinfo/squid-users

-- 

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users