DNS for mobile devices

• Previous message (by thread): DNS for mobile devices
• Next message (by thread): Fake or Real Google servers from China Hong Kong (116.92.194.14x)?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 26 Mar 2013 13:09:53 -0400, Joe Abley said:

> What mobile devices do you support that don't acquire a suitable local DNS resolver using DHCP or PPP?

Pretty much  all devices are *able* to acquire a DNS resolver via DHCP.

> Honest question. I presume you wouldn't bring it up if it wasn't a real problem.

The problem starts when you don't *trust* DHCP to hand you a pointer to
a *working* DNS resolver (anybody who's had a hotel net hand them a DNS
that's either busted or MITMs your queries knows what I mean, and I hope
I don't have to explain about the fun involved in using wireless anywhere
near a DefCon or Black Hat conference).

And yes, unless you turn on DNSSEC you don't have much defense against
a hotel net or rogue net that decides to spoof replies to your queries
to your home DNS server

Now in day-to-day production, it's *mostly* a non-issue, because many/most of
the people who hard-code our DNS into their mobile configs will also fire up a
VPN to our campus.  Unfortunately, that leaves us a lot of interesting to
diagnose corner cases involving DNS lookups that happen between when they boot
the device and when they launch the VPN (for instance, coding a DNS name
rather than an IP for the VPN endpoint :)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 865 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20130326/154d220d/attachment.sig>

• Previous message (by thread): DNS for mobile devices
• Next message (by thread): Fake or Real Google servers from China Hong Kong (116.92.194.14x)?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]