North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

broken DNS proxying at public wireless hotspots

  • From: Suresh Ramasubramanian
  • Date: Sat Feb 03 01:12:07 2007
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=EJ4dq/8oIPMJ+PajlkYc53MhhEwS6wsGOSveUnOrxWLN72/MUpXf3y7Ta38JdGL5YiQDxVxjto6Ob4mMeEEW7igVNrUBXOiqnOhz6weRZwsdLJ0EXqbb1pd1IfS6qFS3++R3YekBxfebJXGTOh055UbJ+1357cVfIXiNnZ3tM0Q=

Right now, I'm on a swisscom eurospot wifi connection at Paris
airport, and this - yet again - has a DNS proxy setup so that the
first few queries for a host will return some nonsense value like
1.2.3.4, or will return the records for com instead.  Some 4 or 5
minutes later, the dns server might actually return the right dns
record.

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25634
;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 11
;; QUESTION SECTION:
;www.kcircle.com.               IN      A
;; AUTHORITY SECTION:
com.                    172573  IN      NS      j.gtld-servers.net.
com.                    172573  IN      NS      k.gtld-servers.net.

[etc]
;; Query time: 1032 msec
;; SERVER: 192.168.48.1#53(192.168.48.1)
;; WHEN: Sat Feb  3 11:33:07 2007
;; MSG SIZE  rcvd: 433

They're not the first provider I've seen doing this, and the obvious
workarounds (setting another NS in resolv.conf, or running a local dns
caching resolver) dont work either as all dns traffic is proxied.
Sure I could route dns queries out through a ssh tunnel but the
latency makes this kind of thing unusable at times.   I'm then reduced
to hardwiring some critical work server IPs into /etc/hosts

What do nanogers usually do when caught in a situation like this?

thanks
srs

--
Suresh Ramasubramanian ([email protected])