Setting up a localhost DNS - resolving domainnames through a ssh-tunnel

Hello,

My name is Jonas and I am on a holy mission from God! Or atleast a
holymission to bypass my ISPs idiotic DNS server

That much said I will explain what I mean with the topic and hope that
alot of people here can give me a broader insight on this topic.

Anyways, the isp I am currently using has limited the ability to pick
a dns of your own chooice since it uses the dns as a messaging service
for its customers. For normal customers this is probably just fine, it
works like this for those of you that havent experienced this. If the
isp wants to tell their customers of something the redirect all
traffic from a specific ip to a page on their local servers that show
a mesage. Once you have read it you can click "Ok, Ive read this
message" and continue. However, if you are running a server that has
sessions on it that connects to the internet by using domainnames it
doesnt work well at all. My e-mail server is also affected when there
is one of these dns messages waiting for me: all e-mail traffic is
completely blocked. As you probably has noticed by now I am kind of
desperate to bypass this dns.

This is my plan:

Setting up a DNS on my server. Then setting my dns to "localhost" in
my network configuration. To resolve adresses I will set up a
ssh-tunnel to my university which could resolve the adresses for me,
it would like something like this "ssh -L53:130.239.18.145:53 -g
130.239.18.144".

In theory this would work for tcp-requests. I am however told it is
doubtful if this would work with udp-requests.

Since I am completely inexperienced with managing dns by myself I have
really no idea what it means to set up a dns server. I would be most
grateful for input on this project.

What difficulties do you think I will run into? Is there something
specific I should be aware of? I really need alot of feedback on this
if I am to be successfull! Please, keep nailing posts to this
thread!

On 15 Oct 2004 13:37:23 -0700, Stormfrog <(E-Mail Removed)> wrote:
> Anyways, the isp I am currently using has limited the ability to pick
> a dns of your own chooice since it uses the dns as a messaging service
> for its customers. For normal customers this is probably just fine, it
> works like this for those of you that havent experienced this. If the
> isp wants to tell their customers of something the redirect all
> traffic from a specific ip to a page on their local servers that show
> a mesage. Once you have read it you can click "Ok, Ive read this
> message" and continue. However, if you are running a server that has
> sessions on it that connects to the internet by using domainnames it
> doesnt work well at all. My e-mail server is also affected when there
> is one of these dns messages waiting for me: all e-mail traffic is
> completely blocked. As you probably has noticed by now I am kind of
> desperate to bypass this dns.

How do you know that is done with DNS and not routing? When that happens
does nslookup (or host) always return their IP for any name?

> This is my plan:
>
> Setting up a DNS on my server. Then setting my dns to "localhost" in
> my network configuration. To resolve adresses I will set up a
> ssh-tunnel to my university which could resolve the adresses for me,
> it would like something like this "ssh -L53:130.239.18.145:53 -g
> 130.239.18.144".
>
> In theory this would work for tcp-requests. I am however told it is
> doubtful if this would work with udp-requests.

No need to tunnel DNS, you could use most any nameservers that do not
block public access. However, your own nameserver would be quicker,
because repeat requests would be from local cache instead of the internet.

> Since I am completely inexperienced with managing dns by myself I have
> really no idea what it means to set up a dns server. I would be most
> grateful for input on this project.

Some distros have a caching nameserver package. Others are caching
nameservers by default. The package is usually called "bind" (8 or 9), but
the daemon is called "named". Actually any working nameserver is a
caching nameserver, whether it does something else depends upon whether
other zones are added. I add forward and reverse zones for my LAN IPs
(see DNS HOWTO and use the localhost zone files as an example of how a
zone file should be configured for your bind.

> What difficulties do you think I will run into? Is there something
> specific I should be aware of? I really need alot of feedback on this
> if I am to be successfull! Please, keep nailing posts to this
> thread!

If it is for your own private use, just make sure that any zones you add
include "notify no;" (w/o quotes) in named.conf main options or the
particular zone. You can also limit it to local access with listen-on
{127/8; 192.168/16;}; (to bind to local interfaces) and allow-query
{127/8; 192.168/16}; to only answer requests from local IPs (will still
resolve public names).

None of that will help your message interruptions if done with routing
instead of DNS.

(E-Mail Removed) (Stormfrog) wrote in message news:<(E-Mail Removed). com>...

> Anyways, the isp I am currently using has limited the ability to pick
> a dns of your own chooice since it uses the dns as a messaging service
> for its customers. For normal customers this is probably just fine, it
> works like this for those of you that havent experienced this. If the
> isp wants to tell their customers of something the redirect all
> traffic from a specific ip to a page on their local servers that show
> a mesage. Once you have read it you can click "Ok, Ive read this
> message" and continue.

Is it impossible for you to change your ISP? You have a larger problem
with them - they obviously intend to provide a "consumer service" to
people who just surf the web and use email. They may well have other
limitations that haven't bitten you yet - or may introduce them in the
future. In the long run, you don't want to waste your time trying to
work around an ISP like this, you need a better service.

On 2004-10-15, Stormfrog <(E-Mail Removed)> wrote:
> Anyways, the isp I am currently using has limited the ability to pick
> a dns of your own chooice

> This is my plan:

Change ISP. Right now.
Davide

--
Ah. So-called "developers" who cannot be bothered to skim an
O'Reilly book, let alone read an RFC. ... People who react to the comment,
"Check the source" with an expression suggesting I _really_ said "Shove
a weasel up your ass." --crawford