RE: dns interceptors

["Justin Krejci" <jkrejci () usinternet com>]

While not covering all apps you may want to use, it does work for at least
Firefox when web browsing (works on non-windows too) when using an ssh socks
proxy

Go to the address
about:config

filter for "dns"

toggle "network.proxy.socks_remote_dns" to "true" and then firefox will send
its own DNS queries over the socks proxy.



-----Original Message-----
From: Patrick W. Gilmore [mailto:patrick () ianai net] 
Sent: Sunday, February 14, 2010 11:42 AM
To: North American Network Operators Group
Subject: Re: dns interceptors

On Feb 14, 2010, at 12:37 PM, Jason Frisvold wrote:
> On Feb 13, 2010, at 4:58 PM, Randy Bush wrote:
> > i am often on funky networks in funky places.  e.g. the wireless in
> > changi really sucked friday night.  if i ssh tunneled, it would multiply
> > the suckiness as tcp would have puked at the loss rate.
>
> You can always run your own local resolver...  Or is there a reason that's
unacceptable?

How does that help?  It still sends port 53 requests to the authorities,
which will be intercepted.

-- 
TTFN,
patrick


> > smb whacked me that i should use non-tcp tunnels.
> >
> > randy
>
> -- 
> Jason 'XenoPhage' Frisvold
> XenoPhage0 () gmail com
> http://blog.godshell.com