Now that the mitigations suggested in RFC 2488 are in wide deployment, VPNs should work just fine (at least IPSec).
-----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of James M. Pulver Sent: Friday, January 22, 2016 3:42 PM To: [email protected] Subject: Re: [NTSysADM] HughesNet and AWS Use a VPN maybe? Would that actually be able to hold a connection over the satallite latencies? James Pulver CLASSE Computer Group Cornell University On 01/22/2016 03:21 PM, Charles F Sullivan wrote: > DNS Acceleration = Ignore TTL > > Brilliant concept! > > *From:*[email protected] > <mailto:[email protected]> > [mailto:[email protected] > <mailto:[email protected]>] *On Behalf Of *Damien Solodow > *Sent:* Friday, January 22, 2016 1:44 PM > *To:* [email protected] > <mailto:[email protected]> > *Subject:* RE: [NTSysADM] HughesNet and AWS > > Yeah, I’d thought (and hoped) it was their DNS server doing it, but > when even ‘nslookup saasapp.com <http://saasapp.com> 8.8.8.8’ came > back wrong (and different from the results on my PC) I knew something > was rotten. J > > DAMIEN SOLODOW > > Senior Systems Engineer > > 317.447.6033 (office) > > 317.447.6014 (fax) > > HARRISON COLLEGE > > *From:*[email protected] > <mailto:[email protected]> > [mailto:[email protected]] *On Behalf Of *Richard Stovall > *Sent:* Friday, January 22, 2016 1:40 PM > *To:* [email protected] > <mailto:[email protected]> > *Subject:* Re: [NTSysADM] HughesNet and AWS > > That's friggin awesome, but it doesn't hurt. :-) > > On Fri, Jan 22, 2016 at 1:33 PM, Michael B. Smith > <[email protected] <mailto:[email protected]>> wrote: > > Both Comcast and CenturyLink have similar “features” if you use > their DNS servers. But they don’t override you if you choose another > DNS server… > > *From:*[email protected] > <mailto:[email protected]> > [mailto:[email protected] > <mailto:[email protected]>] *On Behalf Of *Richard Stovall > *Sent:* Friday, January 22, 2016 12:48 PM > *To:* [email protected] <mailto:[email protected]> > *Subject:* Re: [NTSysADM] HughesNet and AWS > > That is so friggin' awesome it hurts. > > On Fri, Jan 22, 2016 at 12:19 PM, Damien Solodow > <[email protected] <mailto:[email protected]>> > wrote: > > Having a fun issue, and figured I’d see if anyone else has run into > something like it and has a solution. J > > One of our SaaS apps is hosted on AWS, and AWS has the lovely habit > of using very short DNS TTLs and changing IPs frequently. Normally > not that big a deal. > > However, it looks like a satellite provider used by a number of our > users (HughesNet) has a wonderful little “feature” called DNS > Acceleration. > > This looks to be a local DNS caching server (which ignores the > provided TTL) that runs on their modem. This means that the user > almost always gets outdated information from DNS for this SaaS app, > which prevents them from accessing it. > > There doesn’t appear to be a way in the modem UI to turn off this > “feature”, and it looks to intercept **all** outbound DNS traffic, > so even if I set the client or their router to use a different DNS > server it still gets intercepted. > > Anyone run into this or have a useful contact at HughesNet to sort > this out? > > DAMIEN SOLODOW > > Senior Systems Engineer > > 317.447.6033 <tel:317.447.6033> (office) > > 317.447.6014 <tel:317.447.6014> (fax) > > HARRISON COLLEGE > > 500 North Meridian St > > Suite 500 > > Indianapolis, IN 46204-1213 > > www.harrison.edu <http://www.harrison.edu/> >
