Re: Different forwarder for cerain response ip (result ip )

Sat, 16 Sep 2017 05:33:12 -0700 


Am 16.09.2017 um 14:26 schrieb Alberto Colosi:

your answer to "Actually my situation is a bit strange . But as

explanation i can say that our upstream provider do dns manipulation on 
normal ports 53 tcp/udp" coming with "port 53 is only open directed to 
forwarders" and "I think u should read how DNS works, TLD and so on 
simply drop forwarders only use TLD" is nonsense


nonsense ? :O I use from tons of years and even on single computers



that has no meaning in any language, but if you want to play the 
expierience card i play mine: professional dns/network admin for some 
hundret domains including write named backends....



*_forwarders are not a needed stuff even for caching even for 
authoritative_*



use only TLD but if port 53 is closed you have no "normal" way to gain 
access to root TLD DNS engines



and *hence* he wants to forward the traffic to a dns server on port 443 
*which has access and can do recursion* - so just stop it - none of your 
responses is helpful for anybody, it's just noise



------------------------------------------------------------------------

*From:* bind-users <bind-users-boun...@lists.isc.org> on behalf of 
Reindl Harald <h.rei...@thelounge.net>

*Sent:* Saturday, September 16, 2017 2:12 PM
*To:* bind-users@lists.isc.org
*Subject:* Re: Different forwarder for cerain response ip (result ip )


Am 16.09.2017 um 13:30 schrieb Alberto Colosi:

I read so well your answer and wasn't an answer to you



in all case ,                who said I can't use port 53 if blocked ? 
😲         are many ways       without a VPN that usually is a paid 
service or a company service for who have it.




In all case even VPN even 443 is open, can be dropped 😲 ... pass 443 
(browser) but not VPN.




In all case here wasn't a discussion on hacking or bypassing protections 
or limitations! So I'll quit any other answer on this topic over the 
real question.


jesus fix your quoting style and english - non of your responses was in
any case helpful and other than you people with expierience guess what
the reason for somenon.default configs likely is

your answer to "Actually my situation is a bit strange . But as
explanation i can say that our upstream provider do dns manipulation on
normal ports 53 tcp/udp" coming with "port 53 is only open directed to
forwarders" and "I think u should read how DNS works, TLD and so on
simply drop forwarders only use TLD" is nonsense

when the ISP of his upstream internet connection mangles traffic on port
53 and you still recommend drop forwarders and use port 53 who is the
one which don't undertand DNS or the topic

can you please refrain from answering to each and every post in a thread
you obvisouly don't understand?


------------------------------------------------------------------------

*From:* bind-users <bind-users-boun...@lists.isc.org> on behalf of 
Reindl Harald <h.rei...@thelounge.net>

*Sent:* Saturday, September 16, 2017 12:59 PM
*To:* bind-users@lists.isc.org
*Subject:* Re: Different forwarder for certain response ip (result ip )


Am 16.09.2017 um 12:50 schrieb Alberto Colosi:

even on hotel ......... why not to use a BIND on unix or window on ur 
box u r using ?


did you read what i repsoned and too and did you try to understand my
answer?

a default bind with recursion won't work when it can't connect to the
world in case it is redirected to a hotel nameserver and when you can
only connect to 80/443, well then your BIND on the box you are using may
use a nameserver you own in the web running on 443


------------------------------------------------------------------------

*From:* bind-users <bind-users-boun...@lists.isc.org> on behalf of 
Reindl Harald <h.rei...@thelounge.net>

*Sent:* Saturday, September 16, 2017 12:46 PM
*To:* bind-users@lists.isc.org
*Subject:* Re: Different forwarder for certain response ip (result ip )


Am 16.09.2017 um 12:32 schrieb Matus UHLAR - fantomas:

1. who runs DNS servers on port 443?


likely people which where bitten by hotel access points where 53 is
catched to a internal nameserver and outgoing only 80/443 are possible,
the same reason many people have a VPN server on 443

_______________________________________________

Please visit https://lists.isc.org/mailman/listinfo/bind-users to 
unsubscribe from this list
bind-users Info Page - lists.isc.org Mailing Lists 
<https://lists.isc.org/mailman/listinfo/bind-users>

lists.isc.org

To see the collection of prior postings to the list, visit the 
bind-users Archives. Using bind-users: To post a message to all the list 
members, send ...

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users






















					Reply via email to