|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 I've google-fu for you: ! http://serverfault.com/questions/295819/cisco-router-redirect-any-dns-request-to-my-own-dns-server ip access-list extended transparent_dns permit udp any any eq 53 route-map redirect_dns permit 10 match ip address transparent_dns set ip next-hop ip.of.your.server route-map redirect_dns permit 20 interface fax/x ip address xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx ip policy route-map redirect_dns 01.07.2016 1:29, Yuri Voinov пишет: > > Just no forward queries to roots, what's the problem with Unbound? > > 01.07.2016 1:26, Jorgeley Junior пишет: > > I'm not sure, but, if your ISP > is intercepting your DNS queries, maybe you could use the mangle > netfilter table to change your DNS queries and so deceive your > ISP, but I'm almost sure that the root servers will not recognize. > It was just an idea. > > > > > 2016-06-30 16:16 GMT-03:00 Yuri Voinov <yvoinov@xxxxxxxxx > <mailto:yvoinov@xxxxxxxxx>>: > > > > > > > Consider TCP/UDP/53 Cisco interception + Unbound + dnscrypt. > And 127.0.0.1:53 <http://127.0.0.1:53> as your squid's DNS > resolver finally. > > > > > > > 01.07.2016 1:07, Chris Horry пишет: > > > > > > > > > > > > On 06/30/2016 14:55, Alex Crow wrote: > > > > > >> > > > > > >> > > > > > >> On 30/06/16 19:40, brendan kearney wrote: > > > > > >>> > > > > > >>> Nscd or name server caching daemon may be > of help. I > > > believe you can > > > > > >>> run your own bind instqnce and point it at > the roots, > > > instead of using > > > > > >>> your isp's broken implementation > > > > > >>> > > > > > >>> On Jun 30, 2016 2:21 PM, "Chris Horry" > > > <zerbey@xxxxxxxxx <mailto:zerbey@xxxxxxxxx> > > > > > >>> <mailto:zerbey@xxxxxxxxx> > <mailto:zerbey@xxxxxxxxx>> wrote: > > > > > >> > > > > > >> If the ISP is intercepting and redirecting all > > > connections to UDP/53, > > > > > >> which seems to be the case, I'm not sure this > would help, > > > unless the > > > > > >> roots support TCP access. > > > > > >> > > > > > >> Chris, can you confirm this seems to be your > ISP's > > > behaviour? If so, > > > > > >> avoiding sending *any* queries in cleartext > via UDP/53 is > > > the only way > > > > > >> to do it. > > > > > > > > > > That is indeed my ISP's behaviour, they force > redirect UDP/53 > > > to their > > > > > > broken implementation so the only option I have is > to use > > > TCP. > > > > > > > > > > Chris > > > > > > > > > > > > > > > > > > _______________________________________________ > > > > > > squid-users mailing list > > > > > > squid-users@xxxxxxxxxxxxxxxxxxxxx > <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx> > > > > > > http://lists.squid-cache.org/listinfo/squid-users > > > > > > > > > _______________________________________________ > > > squid-users mailing list > > > squid-users@xxxxxxxxxxxxxxxxxxxxx > <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx> > > > http://lists.squid-cache.org/listinfo/squid-users > > > > > > > > > > > -- > > > *_ > > > _* > > > *_ > > > _* > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJXdXNSAAoJENNXIZxhPexGsAQH/iBYOYkDKok5CHsQsjQ8HLZX bgm7Lj8Ivcn2oa0jRlh5JAMbqYvzDgBvryPR/9Hz2B1rOggNpdK70W7q3+DLhjRU TKC7+TlyklLy9TEjGl0ntAXT9s/zetr6Y47FgCOycqxE6jEByZcbnwkch/jnACGz /qRa1P9nLop7cAXU7Lo1be27tDatYbhBXuhHsyUVKLnmyTRUbC/wtRGtYZ6gsxU1 Clp6sIhM656SVK79cN2JGQCEuECtalGIuJsi5DpmdlUJrizEStc7IfJKznyKVaAs ATh5VmTCERuzylzSd5rsGOw6wkKwN/zfbuS9DwzUFgLyT2aeJhm7djsJjVNO3I4= =lZ7H -----END PGP SIGNATURE----- |
Attachment:
0x613DEC46.asc
Description: application/pgp-keys
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
