North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: broken DNS proxying at public wireless hotspots

  • From: Mark Foster
  • Date: Sun Feb 04 02:59:50 2007




On Sun, 4 Feb 2007, Peter J. Cherny wrote:



At 04:58 PM 4/2/07, Trent Lloyd <[email protected]> wrote:
* Set up the profile, to your house/work/etc, of your favorite SSH
client to forward port 53 local to port 53 on your remote machine.
The flaw here is that DNS operates over 53(UDP), last time I checked >SSH
doesn't do UDP port forwarding?

At the risk of stating the obvious ...

Whats wrong with using an OpenVPN tunnel with appropriate acls ?
(It works for me !)



1) SSH out, by IP, to a known-useful host.
2) Resolve all IPs required there / use it as a proxy if feasible.

Depends on what you're trying to do over a public wlan, of course.

VPN solutions are indeed obvious, and are the other work around.

Suprised noones mentioned yet...

I hope the wireless you're using is free!!! If not, well, I wouldn't be paying for an obviously broken service. (And would be making all appropriate noises to the provider).

I would imagine the average NANOGer is going to be quite capable to get around the problem, as long as theres the ability to go out via known-IP (assuming no more strict filtering than that..). But obviously some people are going to struggle, and frankly, service providers who provide 'broken' services (and still charge for it) really get on my nerves....


Mark.