Hi All,
I have an ISP who has started NATting inbound traffic and has screwed DNS resolution. Is there a way to bind DNS requests to use a specific IP address (Have multiple) that is not affected with this NATting problem.
Paul
609662E824251C283164243846C035C803940378
Paul Templeton:
Hi All,
I have an ISP who has started NATting inbound traffic and has screwed DNS resolution. Is there a way to bind DNS requests to use a specific IP address (Have multiple) that is not affected with this NATting problem.
Can you elaborate on your network topology and NAT?
With more information it will become easier for people to help you.
Can you elaborate on your network topology and NAT?
Out bound traffic from 95.130.9.210 goes via 95.130.9.1 then 95.130.8.1 then out to the real world. In bound traffic comes via 95.130.8.11 then 9.130.8.120
It's NATted at 95.130.8.11 and all I see is this address connected to the system(ie all connections show as 95.130.8.11).
My /etc/network/interface - the DNS server is temporary for testing.
auto lo iface lo inet loopback
auto enp4s0 iface enp4s0 inet static address 95.130.9.210 netmask 255.255.255.255 network 95.130.9.210 broadcast 95.130.9.210 dns-nameservers 95.130.8.8 95.130.8.9 #Route statique vers la passerelle up ip route add 95.130.9.1 dev enp4s0 up ip route add default via 95.130.9.1
up ip addr add 95.130.12.251/24 dev enp4s0 up ip addr add 95.130.12.252/24 dev enp4s0
# iface enp4s0 inet6 static # address 2a02:a80:0:1210::2 # netmask 64 # gateway 2a02:a80:0:1210::1
609662E824251C283164243846C035C803940378
Can you elaborate on your network topology and NAT?
Out bound traffic from 95.130.9.210 goes via 95.130.9.1 then 95.130.8.1 then out to the real world.
outbound: [ 95.130.9.210 ] --> [outbound gw 95.130.9.1 ] --> [2th hop 95.130.8.1 ] --> inet
In bound traffic comes via 95.130.8.11 then 9.130.8.120
inbound: [ 95.130.9.210 ] <-- [ 9.130.8.120 ] <-- [SNAT:95.130.8.11 ] <-- inet
It's NATted at 95.130.8.11 and all I see is this address connected to the system(ie all connections show as 95.130.8.11).
My /etc/network/interface - the DNS server is temporary for testing.
If I understood you correctly and they are simply replacing the source IP of all incoming packets I'd say this is broken network and ask them to fix it. (it will break more than just DNS resolution unless they are NATing only on specific protocols [udp] and ports [53]).
auto enp4s0 iface enp4s0 inet static address 95.130.9.210 netmask 255.255.255.255 network 95.130.9.210 broadcast 95.130.9.210 dns-nameservers 95.130.8.8 95.130.8.9 #Route statique vers la passerelle up ip route add 95.130.9.1 dev enp4s0 up ip route add default via 95.130.9.1
up ip addr add 95.130.12.251/24 dev enp4s0 up ip addr add 95.130.12.252/24 dev enp4s0
Thanks nusenu
I'd say this is broken network and ask them to fix it.
Ticket has been lodge but it takes for ever to get something done - The node has been off line for two weeks now (After a power issue in the rack). There has been issue after issue getting the system up again and now this. Was just wondering if you can force DNS requests on ip's 95.130.12.251 and/or 95.130.12.252 as they are not affected.
If not I can run it as a middle for now... SIGH
Paul
609662E824251C283164243846C035C803940378
On 14 Mar 2018, at 01:28, Paul Templeton paul@coffswifi.net wrote:
Thanks nusenu
I'd say this is broken network and ask them to fix it.
Ticket has been lodge but it takes for ever to get something done - The node has been off line for two weeks now (After a power issue in the rack). There has been issue after issue getting the system up again and now this. Was just wondering if you can force DNS requests on ip's 95.130.12.251 and/or 95.130.12.252 as they are not affected.
Tor doesn't have a DNS OutboundBindAddress, but there are two ways you can do it: * change the default route to one of these IP addresses * run a caching resolver, and tell it to bind to one of these IP addresses
I would recommend using a caching resolver, it puts much less load on the remote resolvers you are using.
T
tor-relays@lists.torproject.org
-
nusenu -
Paul Templeton -
teor