[122658] in North American Network Operators' Group
RE: dns interceptors
daemon@ATHENA.MIT.EDU (Justin Krejci)
Thu Feb 18 18:52:01 2010
From: "Justin Krejci" <jkrejci@usinternet.com>
To: "'Patrick W. Gilmore'" <patrick@ianai.net>,
"'North American Network Operators Group'" <nanog@merit.edu>
Date: Thu, 18 Feb 2010 17:51:02 -0600
In-Reply-To: <25869BF9-2879-46F0-9D67-38AEC742A40B@ianai.net>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
While not covering all apps you may want to use, it does work for at least
Firefox when web browsing (works on non-windows too) when using an ssh socks
proxy
Go to the address
about:config
filter for "dns"
toggle "network.proxy.socks_remote_dns" to "true" and then firefox will send
its own DNS queries over the socks proxy.
-----Original Message-----
From: Patrick W. Gilmore [mailto:patrick@ianai.net]
Sent: Sunday, February 14, 2010 11:42 AM
To: North American Network Operators Group
Subject: Re: dns interceptors
On Feb 14, 2010, at 12:37 PM, Jason Frisvold wrote:
> On Feb 13, 2010, at 4:58 PM, Randy Bush wrote:
>> i am often on funky networks in funky places. e.g. the wireless in
>> changi really sucked friday night. if i ssh tunneled, it would multiply
>> the suckiness as tcp would have puked at the loss rate.
>
> You can always run your own local resolver... Or is there a reason that's
unacceptable?
How does that help? It still sends port 53 requests to the authorities,
which will be intercepted.
--
TTFN,
patrick
>> smb whacked me that i should use non-tcp tunnels.
>>
>> randy
>>
>
> --
> Jason 'XenoPhage' Frisvold
> XenoPhage0@gmail.com
> http://blog.godshell.com
>
>
