[dns-operations] Force TCP for external quereis to Open Resolvers?

Paul Wouters paul at nohats.ca
Mon Apr 1 19:09:26 UTC 2013


On Mon, 1 Apr 2013, Xun Fan wrote:
> 
> Hi Stephane, thanks for setting up the TCP open reolver, I just tried, it
> works great!
> I think for researchers, DNS looking glasses + TCP-only open resolvers would
> be enough. 
> The TC=1 hack I proposed is just a workaround for normal off-net users.

You can also configure dnssec-trigger to use these. I've listed more
public servers below (AFAIK only mine also allows udp)

The Fedora Project runs with the following options in /etc/dnssec-triggerd.conf:

login-location: "http://hotspot-nocache.fedoraproject.org/"
url: "http://fedoraproject.org/static/hotspot.txt OK"
(These options are to facilate hotspot detection)

# Provided by fedoraproject.org, #fedora-admin
# It is provided on a best effort basis, with no service guarantee.
ssl443: 80.239.156.220 A8:3E:DA:F0:12:82:55:7E:60:B5:B5:56:F1:66:BB:13:A8:BD:FC:B4:51:41:C0:F2:E7:8E:7B:64:AA:87:E6:F2
tcp80:  80.239.156.220
ssl443: 66.35.62.163 A8:3E:DA:F0:12:82:55:7E:60:B5:B5:56:F1:66:BB:13:A8:BD:FC:B4:51:41:C0:F2:E7:8E:7B:64:AA:87:E6:F2
tcp80:  66.35.62.163
ssl443: 152.19.134.150 A8:3E:DA:F0:12:82:55:7E:60:B5:B5:56:F1:66:BB:13:A8:BD:FC:B4:51:41:C0:F2:E7:8E:7B:64:AA:87:E6:F2
tcp80:  152.19.134.150
ssl443: 2610:28:3090:3001:dead:beef:cafe:fed9 A8:3E:DA:F0:12:82:55:7E:60:B5:B5:56:F1:66:BB:13:A8:BD:FC:B4:51:41:C0:F2:E7:8E:7B:64:AA:87:E6:F2
tcp80:  2610:28:3090:3001:dead:beef:cafe:fed9

Additionally, I run:

tcp80:  193.110.157.123
tcp80:  2001:888:2003:1004::123
ssl443: 193.110.157.123 16:41:49:E0:9D:62:CD:DB:79:A7:2B:71:58:C4:D5:E8:70:FA:BF:4D:6D:36:CC:07:35:33:C0:16:17:1B:61:E7
ssl443: 2001:888:2003:1004::123 16:41:49:E0:9D:62:CD:DB:79:A7:2B:71:58:C4:D5:E8:70:FA:BF:4D:6D:36:CC:07:35:33:C0:16:17:1B:61:E7

And NLnetlabs runs:

tcp80: 213.154.224.3
tcp80: 2001:7b8:206:1:bb::
ssl443: 213.154.224.3 DC:22:7B:1C:00:1A:CE:C5:48:49:B1:E3:30:DE:61:93:61:12:4E:CB:5C:B4:33:C4:BC:75:8C:D6:16:9D:F0:9F
ssl443: 2001:7b8:206:1:bb:: DC:22:7B:1C:00:1A:CE:C5:48:49:B1:E3:30:DE:61:93:61:12:4E:CB:5C:B4:33:C4:BC:75:8C:D6:16:9D:F0:9F

Paul



More information about the dns-operations mailing list