Yet another Quadruple DNS?

• Previous message (by thread): Yet another Quadruple DNS?
• Next message (by thread): Yet another Quadruple DNS?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>
>
> Technically, tweaking your DNS resolver to lie (and/or to log) is much
> easier and faster (and waaaaay less expensive) than setting up a
> packet interception and rewriting device at line rate.
>

It is just a static /32 route for well known DNS resolvers to the ISP
resolver. It is free and trivial. To make your resolver reply with the
correct IP you simply add all the well known /32 addresses to the localhost
interface.

To get any service instead of just well known ones, you can use source
routing based on the port nummer 53. Direct this to a Linux server that
will NAT the traffic towards the ISP DNS. This is also trivial and free,
provided your routers support source routing (ours do).

Detectable yes, but also hard to escape for the average user. They will
need to go full VPN. Running your own resolver will not work.

Regards

Baldur

• Previous message (by thread): Yet another Quadruple DNS?
• Next message (by thread): Yet another Quadruple DNS?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]