4
0
I want to use TCP for DNS, to bypass my ISP's slow and broken DNS servers. I'm not using (and don't want to use) a proxy.
Note: I want to use DNS over TCP because if I use it over udp, no matter what server I set, I get answers from my ISP's DNS.
Notice that I will fiercely downvote whoever suggests:
- programs to do TCP over DNS,
- the setting in
about:config
to make DNS go over the proxy too: I'm not using a proxy, - use another DNS: I've already set up Google as my DNS, but I get intercepted.
Example of what I mean by saying intercept:
$ dig @8.8.8.8 thepiratebay.se
; <<>> DiG 9.8.1 <<>> @8.8.8.8 thepiratebay.se
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24385
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;thepiratebay.se. IN A
;; ANSWER SECTION:
thepiratebay.se. 28800 IN A 83.224.65.41
;; Query time: 50 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sun Sep 16 22:51:06 2012
;; MSG SIZE rcvd: 49
$ dig +tcp @8.8.8.8 thepiratebay.se
; <<>> DiG 9.8.1 <<>> +tcp @8.8.8.8 thepiratebay.se
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15131
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;thepiratebay.se. IN A
;; ANSWER SECTION:
thepiratebay.se. 436 IN A 194.71.107.15
;; Query time: 61 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sun Sep 16 22:51:10 2012
;; MSG SIZE rcvd: 49
If it matters, I'm using Firefox 14 on Gentoo Linux.
Is this from a fixed network? Eg. a home network? If so, have you tried running your own DNS?
– Julian Knight – 2012-09-16T19:58:04.9301
Not really an answer for you so I'll leave it as a comment. OpenDNS offer a Windows and Mac client DnsCrypt that should fix this
– Julian Knight – 2012-09-16T20:01:58.153@JulianKnight yeah, it is. Running my own DNS could be an idea. If you write it as an answer I'll upvote and eventually accept as answer if no better ideas are found – miniBill – 2012-09-16T20:13:42.207
Firefox may be using the OS'es socket interface for DNS resolution as well, so it may not even control how DNS is done. – billc.cn – 2012-09-16T20:24:53.217
@JulianKnight: also, are there specific settings to put in named.conf? Because with the default config it keeps getting intercepted... – miniBill – 2012-09-16T20:35:37.763
@billc.cn Firefox can control how it does DNS, for example when you use a proxy – miniBill – 2012-09-16T20:36:30.947
You won't be able to do this since most DNS servers don't listen on TCP. It's mostly used only for large zone transfers. Your best bet would be to run a local, caching name server (e.g. dnsmasq) and set up your hosts to use that server. – Keith – 2012-09-17T03:11:03.443
@Keith google's does. Let's say that I use dnsmasq, my ISP will still intercept dns requests and route them to their server... – miniBill – 2012-09-17T09:07:28.807
Not an answer:
I want to use DNS over TCP because if I use it over udp, no matter what server I set, I get answers from my ISP's DNS.
Your ISP is horrible, please switch it or complain to them. – Bobby – 2012-09-17T09:36:39.817@miniBill Can you point me to a reference explaining how Google DNS uses TCP? And how to configure it? Thanks. – Keith – 2012-09-17T14:00:45.770
Change ISPs to one that actually gives you Internet access. DNS servers are part of the Internet and you are entitled to access them. – David Schwartz – 2013-01-29T19:19:27.930
@Bobby well, I'd do it, but as this is almost my only complaint and I can easily route around it, I'm keeping them :) – miniBill – 2013-01-29T19:39:39.413
@Keith almost every DNS server will answer TCP queries. Personally, I was able to use Frank's answer for me ^^ – miniBill – 2013-01-29T19:40:51.050
@miniBill: Your "only" complaint is that they don't actually give you Internet access? That's their only job, and they don't do it. – David Schwartz – 2013-01-29T19:42:20.393
@miniBill If they didn't I wouldn't be here speaking with you :D Besides, I can route around their limitations and, notwithstanding them, they have a pretty nice bang for the buck – miniBill – 2013-01-29T19:45:03.577
You should report your ISP behavior to the internet authority in your country. Unless you're @ China, I believe EFF can help you with that.
– jweyrich – 2013-01-30T03:36:52.117