broken DNS proxying at public wireless hotspots
John van Oppen
john at vanoppen.com
Sat Feb 3 18:42:57 UTC 2007
My experience with swisscom's "eurospot" hotspots ended up involving my
tunneling everything over my VPN.
John
-----Original Message-----
From: owner-nanog at merit.edu [mailto:owner-nanog at merit.edu] On Behalf Of
Suresh Ramasubramanian
Sent: Friday, February 02, 2007 10:08 PM
To: nanog list
Subject: broken DNS proxying at public wireless hotspots
Right now, I'm on a swisscom eurospot wifi connection at Paris
airport, and this - yet again - has a DNS proxy setup so that the
first few queries for a host will return some nonsense value like
1.2.3.4, or will return the records for com instead. Some 4 or 5
minutes later, the dns server might actually return the right dns
record.
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25634
;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 11
;; QUESTION SECTION:
;www.kcircle.com. IN A
;; AUTHORITY SECTION:
com. 172573 IN NS j.gtld-servers.net.
com. 172573 IN NS k.gtld-servers.net.
[etc]
;; Query time: 1032 msec
;; SERVER: 192.168.48.1#53(192.168.48.1)
;; WHEN: Sat Feb 3 11:33:07 2007
;; MSG SIZE rcvd: 433
They're not the first provider I've seen doing this, and the obvious
workarounds (setting another NS in resolv.conf, or running a local dns
caching resolver) dont work either as all dns traffic is proxied.
Sure I could route dns queries out through a ssh tunnel but the
latency makes this kind of thing unusable at times. I'm then reduced
to hardwiring some critical work server IPs into /etc/hosts
What do nanogers usually do when caught in a situation like this?
thanks
srs
--
Suresh Ramasubramanian (ops.lists at gmail.com)
More information about the NANOG
mailing list