broken DNS proxying at public wireless hotspots
Steven M. Bellovin
smb at cs.columbia.edu
Sat Feb 3 20:11:30 UTC 2007
On Sat, 03 Feb 2007 13:29:13 -0600
Carl Karsten <carl at personnelware.com> wrote:
>
> > Sure I could route dns queries out through a ssh tunnel but the
> > latency makes this kind of thing unusable at times. instead of an
> > ssh tunnel, how about simple port forwarding?
>
> /etc/resolv.conf
> nameserver 127.0.0.1
>
> And then whatever it takes to forward 127.0.0.1:53 to a dns that is
> listing on some other port?
>
> hmm, I think running a local caching dns was mentioned, but the parts
> that may have been un-verified:
>
> man named
>
> -p port
> Listen for queries on port port. If not specified,
> the default is port 53.
>
> man named.conf
> everywhere there is an address, there is also the option to
> specify port: ( ipv4_address | * ) [ port ( integer | * ) ]
>
Right, plus 'forward only' in the config file.
--Steve Bellovin, http://www.cs.columbia.edu/~smb
More information about the NANOG
mailing list