Setting up a localhost DNS - resolving domainnames through a ssh-tunnel

Discussion in 'Linux Networking' started by Stormfrog, Oct 15, 2004.

  1. Stormfrog

    Stormfrog Guest


    My name is Jonas and I am on a holy mission from God! Or atleast a
    holymission to bypass my ISPs idiotic DNS server :D

    That much said I will explain what I mean with the topic and hope that
    alot of people here can give me a broader insight on this topic.

    Anyways, the isp I am currently using has limited the ability to pick
    a dns of your own chooice since it uses the dns as a messaging service
    for its customers. For normal customers this is probably just fine, it
    works like this for those of you that havent experienced this. If the
    isp wants to tell their customers of something the redirect all
    traffic from a specific ip to a page on their local servers that show
    a mesage. Once you have read it you can click "Ok, Ive read this
    message" and continue. However, if you are running a server that has
    sessions on it that connects to the internet by using domainnames it
    doesnt work well at all. My e-mail server is also affected when there
    is one of these dns messages waiting for me: all e-mail traffic is
    completely blocked. As you probably has noticed by now I am kind of
    desperate to bypass this dns.

    This is my plan:

    Setting up a DNS on my server. Then setting my dns to "localhost" in
    my network configuration. To resolve adresses I will set up a
    ssh-tunnel to my university which could resolve the adresses for me,
    it would like something like this "ssh -L53: -g".

    In theory this would work for tcp-requests. I am however told it is
    doubtful if this would work with udp-requests.

    Since I am completely inexperienced with managing dns by myself I have
    really no idea what it means to set up a dns server. I would be most
    grateful for input on this project.

    What difficulties do you think I will run into? Is there something
    specific I should be aware of? I really need alot of feedback on this
    if I am to be successfull! :) Please, keep nailing posts to this
    Stormfrog, Oct 15, 2004
    1. Advertisements

  2. How do you know that is done with DNS and not routing? When that happens
    does nslookup (or host) always return their IP for any name?
    No need to tunnel DNS, you could use most any nameservers that do not
    block public access. However, your own nameserver would be quicker,
    because repeat requests would be from local cache instead of the internet.
    Some distros have a caching nameserver package. Others are caching
    nameservers by default. The package is usually called "bind" (8 or 9), but
    the daemon is called "named". Actually any working nameserver is a
    caching nameserver, whether it does something else depends upon whether
    other zones are added. I add forward and reverse zones for my LAN IPs
    (see DNS HOWTO and use the localhost zone files as an example of how a
    zone file should be configured for your bind.
    If it is for your own private use, just make sure that any zones you add
    include "notify no;" (w/o quotes) in named.conf main options or the
    particular zone. You can also limit it to local access with listen-on
    {127/8; 192.168/16;}; (to bind to local interfaces) and allow-query
    {127/8; 192.168/16}; to only answer requests from local IPs (will still
    resolve public names).

    None of that will help your message interruptions if done with routing
    instead of DNS.
    David Efflandt, Oct 16, 2004
    1. Advertisements

  3. Stormfrog

    Retlak Guest

    Is it impossible for you to change your ISP? You have a larger problem
    with them - they obviously intend to provide a "consumer service" to
    people who just surf the web and use email. They may well have other
    limitations that haven't bitten you yet - or may introduce them in the
    future. In the long run, you don't want to waste your time trying to
    work around an ISP like this, you need a better service.
    Retlak, Oct 17, 2004
  4. Change ISP. Right now.
    Davide Bianchi, Oct 17, 2004
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.