dns interceptors

Patrick W. Gilmore patrick at ianai.net
Sun Feb 14 17:56:25 UTC 2010

On Feb 14, 2010, at 12:53 PM, Jason Frisvold wrote:
> On Feb 14, 2010, at 12:42 PM, Patrick W. Gilmore wrote:
>> How does that help?  It still sends port 53 requests to the authorities, which will be intercepted.
> Hrm..  Maybe I misunderstood.  Are the packets being intercepted, or is the problem the local resolvers?

While I admit I have not read every post in the thread, I note the subject line. :)

> Well, in either case, another option would be to use something like openvpn, cisco vpn, etc. with very limited routes.  Set it up so only your dns traffic is sent over the tunnel.  Then you can still use the local network, crappy as it may be, without having to deal with the added overhead of ssh and the like.

ISTM Randy's comment about SSH tunnels would have the same effect.


More information about the NANOG mailing list