discuss AT lists.opennicproject.org
Subject: Discuss mailing list
List archive
- From: Maximi89 <maximi89 AT gmail.com>
- To: discuss AT lists.opennicproject.org
- Subject: Re: [opennic-discuss] Alternate query methods
- Date: Sat, 17 Dec 2011 14:41:07 -0300
- List-archive: <http://lists.darkdna.net/pipermail/discuss>
- List-id: <discuss.lists.opennicproject.org>
2011/12/17 Jeff Taylor <shdwdrgn AT sourpuss.net>
> I can see 443 being more widely available, but there's also a higher
> chance of it conflicting with services that the T2 servers admins may
> already be running. Its a toss-up, for sure. Perhaps we should just go
> through and test various methods, see what works, then give the server
> operators the option of running any or all methods. From there, clients
> can choose which server they connect with based on what method they need to
> use to connect.
>
>
>
> On 12/17/2011 01:18 AM, Zach Gibbens wrote:
>
>> Been trying to apply a different concept to opennic, been studying
>> DNSCrypt
>> http://www.opendns.com/**technology/dnscrypt/<http://www.opendns.com/technology/dnscrypt/>
>> and working out how to apply it to opennic, one issue with ssh is port
>> 22 is commonly blocked/filtered/meddled with (in comparison to port
>> 443) I've found 5 hotspots that outright blocked port 22, and my
>> college was nearly the same way.
>>
>> I've got my server set to listen to both, and every time 443 is fine
>> (and it seems most dpi setups mistake ssh for ssl streams anyhow)
>> but this takes it a step further, by making it simply a ssl tunnel to
>> a dns server (I'm personally not worried about authentication at this
>> moment, as client setup& dnssec should account for most of those
>>
>> concerns at the present)
>>
>> On Sat, Dec 17, 2011 at 1:41 AM, Jeff Taylor<shdwdrgn AT sourpuss.net>
>> wrote:
>>
>>> Due to some ISPs meddling with user's DNS queries, some people have tried
>>> alternate connection methods to obtain OpenNic DNS queries. From this
>>> was
>>> born the use of port 5353 (available on a few of the T2 servers), which
>>> so
>>> far has resolved the issue for those who need it. However this will not
>>> always be the case, as many locations are already using packet
>>> inspection to
>>> filter the information.
>>>
>>> Taking this to the next step, I would like to suggest we start testing
>>> out
>>> dns-over-ssh. The server side would be set up to accept logins on port
>>> 5322
>>> (dns/ssh) using a public RSA key, and accept the queries via that port.
>>> The
>>> client side would create an ssh tunnel with a fifo to pipe the DNS
>>> queries
>>> over SSH. This is fairly easy from linux using ssh and socat, however
>>> someone else would need to do the research on methods to do this in
>>> Windows.
>>> The nice thing about an SSH tunnel is that it eliminates the need for
>>> any
>>> other special software -- once the tunnel is in place, all DNS queries
>>> from
>>> all of your software will automatically be piped through the tunnel to
>>> the
>>> destination of your choice.
>>>
>>>
One problem is when you have a Cable Modem, you can´t set anything, due to
you can´t install anything on them, that happened to me with Claro, the
service of them it´s very poor, but i can use the DNS from you, but it
doesn´t have any firewall to set a rule or SSH, i believe the people who
have Cable Modem will be out from use this kind of services.
Greetings!
> This could open up OpenNic to areas that have previously been blocked by
>>> company or country-wide firewalls - for instance allowing someone in
>>> China
>>> to set up a T2 server that could freely obtain the updated zones from
>>> other
>>> locations via the ssh tunnel. Servers could control access to their DNS
>>> by
>>> only accepting ssh connections from users who have the RSA key. Creating
>>> these tunnels allows us to build customized security measures on both the
>>> server and client side, designed around the specific needs of each case.
>>>
>>> Anyway, I thought I would put the idea out there. Hopefully there is
>>> some
>>> interest in the concept.
>>> ______________________________**_________________
>>> discuss mailing list
>>> discuss AT lists.opennicproject.**org <discuss AT lists.opennicproject.org>
>>> http://lists.darkdna.net/**mailman/listinfo/discuss<http://lists.darkdna.net/mailman/listinfo/discuss>
>>>
>> ______________________________**_________________
>> discuss mailing list
>> discuss AT lists.opennicproject.**org <discuss AT lists.opennicproject.org>
>> http://lists.darkdna.net/**mailman/listinfo/discuss<http://lists.darkdna.net/mailman/listinfo/discuss>
>>
> ______________________________**_________________
> discuss mailing list
> discuss AT lists.opennicproject.**org <discuss AT lists.opennicproject.org>
> http://lists.darkdna.net/**mailman/listinfo/discuss<http://lists.darkdna.net/mailman/listinfo/discuss>
>
--
Maximiliano Augusto Castañón Araneda
Santiago, Chile
Linux user # 394821
Skype: maximi89
MSN: maximi89 AT gmail.com
XMPP/Jabber: maximi89 AT gmail.com
- [opennic-discuss] Alternate query methods, Jeff Taylor, 12/17/2011
- Re: [opennic-discuss] Alternate query methods, Zach Gibbens, 12/17/2011
- Re: [opennic-discuss] Alternate query methods, Jeff Taylor, 12/17/2011
- Re: [opennic-discuss] Alternate query methods, Maximi89, 12/17/2011
- Re: [opennic-discuss] Alternate query methods, Jeff Taylor, 12/17/2011
- Re: [opennic-discuss] Alternate query methods, Maximi89, 12/18/2011
- Re: [opennic-discuss] Alternate query methods, Killman Hack, 12/18/2011
- Re: [opennic-discuss] Alternate query methods, Jeff Taylor, 12/18/2011
- Re: [opennic-discuss] Alternate query methods, Maximi89, 12/18/2011
- Re: [opennic-discuss] Alternate query methods, Jeff Taylor, 12/17/2011
- Re: [opennic-discuss] Alternate query methods, Maximi89, 12/17/2011
- Re: [opennic-discuss] Alternate query methods, Jeff Taylor, 12/17/2011
- Re: [opennic-discuss] Alternate query methods, Amrit Panesar, 12/17/2011
- Re: [opennic-discuss] Alternate query methods, Zach Gibbens, 12/17/2011
Archive powered by MHonArc 2.6.19.