[122411] in North American Network Operators' Group
Re: dns interceptors
daemon@ATHENA.MIT.EDU (Patrick W. Gilmore)
Sun Feb 14 12:58:26 2010
From: "Patrick W. Gilmore" <patrick@ianai.net>
In-Reply-To: <6FC73C80-819A-4423-8B29-EA625023A871@gmail.com>
Date: Sun, 14 Feb 2010 12:56:25 -0500
To: North American Network Operators Group <nanog@merit.edu>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Feb 14, 2010, at 12:53 PM, Jason Frisvold wrote:
> On Feb 14, 2010, at 12:42 PM, Patrick W. Gilmore wrote:
>> How does that help? It still sends port 53 requests to the =
authorities, which will be intercepted.
>=20
> Hrm.. Maybe I misunderstood. Are the packets being intercepted, or =
is the problem the local resolvers?
While I admit I have not read every post in the thread, I note the =
subject line. :)
> Well, in either case, another option would be to use something like =
openvpn, cisco vpn, etc. with very limited routes. Set it up so only =
your dns traffic is sent over the tunnel. Then you can still use the =
local network, crappy as it may be, without having to deal with the =
added overhead of ssh and the like.
ISTM Randy's comment about SSH tunnels would have the same effect.
--=20
TTFN,
patrick
