broken DNS proxying at public wireless hotspots
william(at)elan.net
william at elan.net
Sat Feb 3 06:34:20 UTC 2007
On Sat, 3 Feb 2007, Fergie wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Use OpenDNS?
>
> - - ferg
How can that make a difference when he already said that setting NS in
"resolv.conf" does not help.
BTW - personally if name resolution at hotspot is not working (and
sometimes even if it is) I connect by ssh to my "home system" using
its public ip address and then tunnel X11 and call broswer and other
programs there.
> - -- "Suresh Ramasubramanian" <ops.lists at gmail.com> wrote:
>
> Right now, I'm on a swisscom eurospot wifi connection at Paris
> airport, and this - yet again - has a DNS proxy setup so that the
> first few queries for a host will return some nonsense value like
> 1.2.3.4, or will return the records for com instead. Some 4 or 5
> minutes later, the dns server might actually return the right dns
> record.
>
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25634
> ;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 11
> ;; QUESTION SECTION:
> ;www.kcircle.com. IN A
> ;; AUTHORITY SECTION:
> com. 172573 IN NS j.gtld-servers.net.
> com. 172573 IN NS k.gtld-servers.net.
>
> [etc]
> ;; Query time: 1032 msec
> ;; SERVER: 192.168.48.1#53(192.168.48.1)
> ;; WHEN: Sat Feb 3 11:33:07 2007
> ;; MSG SIZE rcvd: 433
>
> They're not the first provider I've seen doing this, and the obvious
> workarounds (setting another NS in resolv.conf, or running a local dns
> caching resolver) dont work either as all dns traffic is proxied.
> Sure I could route dns queries out through a ssh tunnel but the
> latency makes this kind of thing unusable at times. I'm then reduced
> to hardwiring some critical work server IPs into /etc/hosts
>
> What do nanogers usually do when caught in a situation like this?
>
> thanks
> srs
>
> - --
> Suresh Ramasubramanian (ops.lists at gmail.com)
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Desktop 9.5.3 (Build 5003)
>
> wj8DBQFFxCmJq1pz9mNUZTMRAhCBAKCpmCoKnQ09hCF+uwAfnF/Ht5VQ8wCfXykH
> ATEHEAwCnErNlgbZHYAmF+M=
> =V8Zf
> -----END PGP SIGNATURE-----
More information about the NANOG
mailing list