[94719] in North American Network Operators' Group
Re: broken DNS proxying at public wireless hotspots
daemon@ATHENA.MIT.EDU (Trent Lloyd)
Sat Feb 3 01:31:32 2007
Date: Sat, 3 Feb 2007 15:25:33 +0900
From: Trent Lloyd <lathiat@bur.st>
To: Suresh Ramasubramanian <ops.lists@gmail.com>
Cc: nanog list <nanog@merit.edu>
In-Reply-To: <bb0e440a0702022208p4728fd30j62c88534f3029cdd@mail.gmail.com>
Errors-To: owner-nanog@merit.edu
One thing I have noticed to be unfortunately more common that I would
like is routers that misunderstand IPv6 AAAA requests and return an
A record of 0.0.0.1
So if you are using (for the most part) anything other than windows, or
Windows Vista, this may be related to what you are seeing.
Cheers,
Trent
On Sat, Feb 03, 2007 at 11:38:26AM +0530, Suresh Ramasubramanian wrote:
>
> Right now, I'm on a swisscom eurospot wifi connection at Paris
> airport, and this - yet again - has a DNS proxy setup so that the
> first few queries for a host will return some nonsense value like
> 1.2.3.4, or will return the records for com instead. Some 4 or 5
> minutes later, the dns server might actually return the right dns
> record.
>
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25634
> ;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 11
> ;; QUESTION SECTION:
> ;www.kcircle.com. IN A
> ;; AUTHORITY SECTION:
> com. 172573 IN NS j.gtld-servers.net.
> com. 172573 IN NS k.gtld-servers.net.
>
> [etc]
> ;; Query time: 1032 msec
> ;; SERVER: 192.168.48.1#53(192.168.48.1)
> ;; WHEN: Sat Feb 3 11:33:07 2007
> ;; MSG SIZE rcvd: 433
>
> They're not the first provider I've seen doing this, and the obvious
> workarounds (setting another NS in resolv.conf, or running a local dns
> caching resolver) dont work either as all dns traffic is proxied.
> Sure I could route dns queries out through a ssh tunnel but the
> latency makes this kind of thing unusable at times. I'm then reduced
> to hardwiring some critical work server IPs into /etc/hosts
>
> What do nanogers usually do when caught in a situation like this?
>
> thanks
> srs
>
> --
> Suresh Ramasubramanian (ops.lists@gmail.com)
