dns interceptors

Justin Krejci jkrejci at usinternet.com
Thu Feb 18 17:51:02 CST 2010


While not covering all apps you may want to use, it does work for at least
Firefox when web browsing (works on non-windows too) when using an ssh socks
proxy

Go to the address
about:config

filter for "dns"

toggle "network.proxy.socks_remote_dns" to "true" and then firefox will send
its own DNS queries over the socks proxy.



-----Original Message-----
From: Patrick W. Gilmore [mailto:patrick at ianai.net] 
Sent: Sunday, February 14, 2010 11:42 AM
To: North American Network Operators Group
Subject: Re: dns interceptors

On Feb 14, 2010, at 12:37 PM, Jason Frisvold wrote:
> On Feb 13, 2010, at 4:58 PM, Randy Bush wrote:
>> i am often on funky networks in funky places.  e.g. the wireless in
>> changi really sucked friday night.  if i ssh tunneled, it would multiply
>> the suckiness as tcp would have puked at the loss rate.
> 
> You can always run your own local resolver...  Or is there a reason that's
unacceptable?

How does that help?  It still sends port 53 requests to the authorities,
which will be intercepted.

-- 
TTFN,
patrick


>> smb whacked me that i should use non-tcp tunnels.
>> 
>> randy
>> 
> 
> -- 
> Jason 'XenoPhage' Frisvold
> XenoPhage0 at gmail.com
> http://blog.godshell.com
> 
> 






More information about the NANOG mailing list