Different forwarder for cerain response ip (result ip )

Reindl Harald h.reindl at thelounge.net
Sat Sep 16 12:31:29 UTC 2017



Am 16.09.2017 um 14:26 schrieb Alberto Colosi:
>>your answer to "Actually my situation is a bit strange . But as
>>explanation i can say that our upstream provider do dns manipulation on 
>>normal ports 53 tcp/udp" coming with "port 53 is only open directed to 
>>forwarders" and "I think u should read how DNS works, TLD and so on 
>>simply drop forwarders only use TLD" is nonsense
> 
> nonsense ? :O I use from tons of years and even on single computers

that has no meaning in any language, but if you want to play the 
expierience card i play mine: professional dns/network admin for some 
hundret domains including write named backends....

> *_forwarders are not a needed stuff even for caching even for 
> authoritative_*
> 
> use only TLD but if port 53 is closed you have no "normal" way to gain 
> access to root TLD DNS engines

and *hence* he wants to forward the traffic to a dns server on port 443 
*which has access and can do recursion* - so just stop it - none of your 
responses is helpful for anybody, it's just noise

> ------------------------------------------------------------------------
> *From:* bind-users <bind-users-bounces at lists.isc.org> on behalf of 
> Reindl Harald <h.reindl at thelounge.net>
> *Sent:* Saturday, September 16, 2017 2:12 PM
> *To:* bind-users at lists.isc.org
> *Subject:* Re: Different forwarder for cerain response ip (result ip )
> 
> 
> Am 16.09.2017 um 13:30 schrieb Alberto Colosi:
>> I read so well your answer and wasn't an answer to you
>> 
>> 
>> in all case ,                who said I can't use port 53 if blocked ? 
>> 😲         are many ways       without a VPN that usually is a paid 
>> service or a company service for who have it.
>> 
>> 
>> In all case even VPN even 443 is open, can be dropped 😲 ... pass 443 
>> (browser) but not VPN.
>> 
>> 
>> In all case here wasn't a discussion on hacking or bypassing protections 
>> or limitations! So I'll quit any other answer on this topic over the 
>> real question.
> 
> jesus fix your quoting style and english - non of your responses was in
> any case helpful and other than you people with expierience guess what
> the reason for somenon.default configs likely is
> 
> your answer to "Actually my situation is a bit strange . But as
> explanation i can say that our upstream provider do dns manipulation on
> normal ports 53 tcp/udp" coming with "port 53 is only open directed to
> forwarders" and "I think u should read how DNS works, TLD and so on
> simply drop forwarders only use TLD" is nonsense
> 
> when the ISP of his upstream internet connection mangles traffic on port
> 53 and you still recommend drop forwarders and use port 53 who is the
> one which don't undertand DNS or the topic
> 
> can you please refrain from answering to each and every post in a thread
> you obvisouly don't understand?
> 
>> ------------------------------------------------------------------------
>> *From:* bind-users <bind-users-bounces at lists.isc.org> on behalf of 
>> Reindl Harald <h.reindl at thelounge.net>
>> *Sent:* Saturday, September 16, 2017 12:59 PM
>> *To:* bind-users at lists.isc.org
>> *Subject:* Re: Different forwarder for certain response ip (result ip )
>> 
>> 
>> Am 16.09.2017 um 12:50 schrieb Alberto Colosi:
>>> even on hotel ......... why not to use a BIND on unix or window on ur 
>>> box u r using ?
>> 
>> did you read what i repsoned and too and did you try to understand my
>> answer?
>> 
>> a default bind with recursion won't work when it can't connect to the
>> world in case it is redirected to a hotel nameserver and when you can
>> only connect to 80/443, well then your BIND on the box you are using may
>> use a nameserver you own in the web running on 443
>> 
>>> ------------------------------------------------------------------------
>>> *From:* bind-users <bind-users-bounces at lists.isc.org> on behalf of 
>>> Reindl Harald <h.reindl at thelounge.net>
>>> *Sent:* Saturday, September 16, 2017 12:46 PM
>>> *To:* bind-users at lists.isc.org
>>> *Subject:* Re: Different forwarder for certain response ip (result ip )
>>> 
>>> 
>>> Am 16.09.2017 um 12:32 schrieb Matus UHLAR - fantomas:
>>>> 1. who runs DNS servers on port 443?
>>> 
>>> likely people which where bitten by hotel access points where 53 is
>>> catched to a internal nameserver and outgoing only 80/443 are possible,
>>> the same reason many people have a VPN server on 443
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to 
> unsubscribe from this list
> bind-users Info Page - lists.isc.org Mailing Lists 
> <https://lists.isc.org/mailman/listinfo/bind-users>
> lists.isc.org
> To see the collection of prior postings to the list, visit the 
> bind-users Archives. Using bind-users: To post a message to all the list 
> members, send ...


More information about the bind-users mailing list