Different forwarder for certain response ip (result ip )
Sten Carlsen
stenc at s-carlsen.dk
Sat Sep 16 14:50:41 UTC 2017
On 16-09-2017 16.01, Omid Kosari via bind-users wrote:
> 2nd scenario is mine . Upstream manipulated everything on 53 tcp/udp . Even
> if i query a non-existent dns-server it returns result ;)
>
> C:\WINDOWS\system32>nslookup newsroom.fb.com 8.8.8.254
> Server: UnKnown
> Address: 8.8.8.254
>
> Non-authoritative answer:
> Name: newsroom.fb.com
> Addresses: 1.2.3.4
> 1.2.3.4
>
> Note:1.2.3.4 is not what they really return . I've changed it for privacy .
> But it is one fixed ip address which returns in case of manipulation occurs
> .
>
>
>
> Sten Carlsen wrote
>> In case 2) something like your solution is needed. The use of port 443
>> is an obvious idea, however DNS uses UDP and HTTPS uses TCP. Your ISP
>> appears to be paranoid enough to block also port 443 UDP, so that might
>> be one issue.
> FYI https://en.wikipedia.org/wiki/QUIC uses udp 443 . Also i try to reduce
> the queries over 443 with the way i asked in my first post .
The fact that QUIC exists does not necessarily mean that the port is
open for you, it is still experimental.
As Harald mentioned DNS will fall back to TCP but the time to do that
may provide too long delay for your connection to work.
I guess you will have to investigate exactly what prevents your
connection, Wireshark is a good tool.
I have no other ideas to offer.
>
> Thanks
>
>
>
>
>
>
> --
> Sent from: http://bind-users-forum.2342410.n4.nabble.com/
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Best regards
Sten Carlsen
No improvements come from shouting:
"MALE BOVINE MANURE!!!"
More information about the bind-users
mailing list