North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: broken DNS proxying at public wireless hotspots

  • From: Peter Dambier
  • Date: Sat Feb 03 04:53:09 2007

I am running djbdns and my own root-server (tinydns) on my laptop. To axfr the root and some other zones, I use port 3001 (Cesidian Root). With cloned (not actually slaved) zones I have no problem at all but others might still get me.

I have seen the Mac can use things like


in his /etc/resolv.conf, linux cannot. That is why I have not
tried. Anyhow there are not many open resolvers on port 3001.

You can run bind on your laptop (even with windows). I dont
know if you can tell it to use other ports than 53 for the
forwarders - but you have the source. Dig can do it.

In case you need ip-addresses for djbdns, try

ifconfig lo:1 netmask
ifconfig lo:1 netmask

Now you have enough ip-addresses to run dnscache, tinydns and
axfrdns on one and the same laptop, even when your ip-address
to the wlan is constantly changeing.

Peter and Karin

Suresh Ramasubramanian wrote:

Right now, I'm on a swisscom eurospot wifi connection at Paris airport, and this - yet again - has a DNS proxy setup so that the first few queries for a host will return some nonsense value like, or will return the records for com instead. Some 4 or 5 minutes later, the dns server might actually return the right dns record.

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25634
;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 11
;               IN      A
com.                    172573  IN      NS
com.                    172573  IN      NS

;; Query time: 1032 msec
;; WHEN: Sat Feb  3 11:33:07 2007
;; MSG SIZE  rcvd: 433

They're not the first provider I've seen doing this, and the obvious
workarounds (setting another NS in resolv.conf, or running a local dns
caching resolver) dont work either as all dns traffic is proxied.
Sure I could route dns queries out through a ssh tunnel but the
latency makes this kind of thing unusable at times.   I'm then reduced
to hardwiring some critical work server IPs into /etc/hosts

What do nanogers usually do when caught in a situation like this?


Peter and Karin Dambier
Cesidian Root - Radice Cesidiana
Rimbacher-Strasse 16
D-69509 Moerlenbach-Bonsweiher
+49(6209)795-816 (Telekom)
+49(6252)750-308 (VoIP:
mail: [email protected]
mail: [email protected]