[94730] in North American Network Operators' Group
Re: broken DNS proxying at public wireless hotspots
daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Sat Feb 3 15:12:35 2007
Date: Sat, 3 Feb 2007 15:11:30 -0500
From: "Steven M. Bellovin" <smb@cs.columbia.edu>
To: Carl Karsten <carl@personnelware.com>
Cc: Suresh Ramasubramanian <ops.lists@gmail.com>,
nanog list <nanog@merit.edu>
In-Reply-To: <45C4E289.7040700@personnelware.com>
Errors-To: owner-nanog@merit.edu
On Sat, 03 Feb 2007 13:29:13 -0600
Carl Karsten <carl@personnelware.com> wrote:
>
> > Sure I could route dns queries out through a ssh tunnel but the
> > latency makes this kind of thing unusable at times. instead of an
> > ssh tunnel, how about simple port forwarding?
>
> /etc/resolv.conf
> nameserver 127.0.0.1
>
> And then whatever it takes to forward 127.0.0.1:53 to a dns that is
> listing on some other port?
>
> hmm, I think running a local caching dns was mentioned, but the parts
> that may have been un-verified:
>
> man named
>
> -p port
> Listen for queries on port port. If not specified,
> the default is port 53.
>
> man named.conf
> everywhere there is an address, there is also the option to
> specify port: ( ipv4_address | * ) [ port ( integer | * ) ]
>
Right, plus 'forward only' in the config file.
--Steve Bellovin, http://www.cs.columbia.edu/~smb
