Re: [gentoo-user] DNS from dialup or wifi for broadband connection?

2017-03-12 Thread Alarig Le Lay 
Hi,

On dim. 12 mars 03:18:59 2017, Walter Dnes wrote:
> * Another option, if you know the alternate DNS server address in
>   advance, set up routing of the /32 (for the alternate DNS server)
>   to ppp0 or wlan0 with higher priority than the default route.  This
>   doesn't require any iptables magic.

Why do you want to set a higher priority? /32 is by design more specific
than the default route, so it will be used before.
As a good DNS resolver, you can use 2a00:5884:8218::1 / 89.234.186.18

-- 
alarig


signature.asc
Description: PGP signature

Re: [gentoo-user] DNS from dialup or wifi for broadband connection?

2017-03-11 Thread Herminio Hernandez, Jr. 
Or you can use dnscrypt-proxy see here
https://github.com/jedisct1/dnscrypt-proxy It is BSD licensed and encrypts
DNS requests. I have set it on an OpenBSD router and it works well.

On Sun, Mar 12, 2017 at 12:18 AM, Walter Dnes  wrote:

>   Starting a separate topic, rather than hijack the main thread...
>
> On Fri, Mar 10, 2017 at 01:50:26PM -0600, Corbin Bird wrote
> >
> > 6 # : ISP is starting to filter customers web access. The ISP is
> > deciding what sites customers are allowed to see. ( look up the
> > practice called "ransom" ).
>
>   Does this consist of grabbing outbound traffic to port 53?  If so, I
> wonder if the following is possible...
>
> * Can a POTS dialup or a wifi connection co-exist with a broadband
>   connection?  It would make the network config and route config more
>   complex.
>
> * If yes, can iptables be used to redirect only outbound-to-port-53
>   traffic to the dialup/wifi connection, with everything else going to
>   the broadband connection?
>
> * Another option, if you know the alternate DNS server address in
>   advance, set up routing of the /32 (for the alternate DNS server)
>   to ppp0 or wlan0 with higher priority than the default route.  This
>   doesn't require any iptables magic.
>
> * Can the standard linux network stack handle this properly, and use
>   incoming DNS responses from the dialup/wifi connection for the IP
>   addresses of websites, etc to be accessed via broadband?
>
>   DNS traffic is low volume, usually fitting into 1 packet.  So it
> would be feasible to divert DNS requests to a lower-speed connection.
> The broadband ISP would handle all the highspeed website, etc, traffic
> but it would not see any DNS traffic, and would not be able to intercept
> it.
>
> --
> Walter Dnes 
> I don't run "desktop environments"; I run useful applications
>
>