True, but a little correction: name-based virtual host is no problem; http-client allows specifying the IP address and the Host header separately. Fortunately they are not using 'other very common modern HTTP features'. But yes, the problem persists. On Thu, Apr 23, 2015 at 5:46 PM, Brandon Allbery wrote:

On Thu, Apr 23, 2015 at 6:41 AM, Erik Dominikus wrote:

...

Bad news: ISP is intercepting packets to UDP port 53.

Good news: There is DNS resolution over HTTP (http://www.statdns.com/api/

).

Bad news: you're going to be trusting your ISP's DNS to get there, unless they can guarantee their IPv4 and/or IPv6 addresses won't change *and* you can remember those addresses *and* they're not using name based virtual hosts or other very common modern HTTP features.

-- brandon s allbery kf8nh sine nomine associates allbery.b@gmail.com ballbery@sinenomine.net unix, openafs, kerberos, infrastructure, xmonad http://sinenomine.net

That is exactly the reason why I made it. I did this to avoid spending $10/month to rent an Indonesian VPS to run dnsmasq to proxy Google DNS. The present value of that spending would be about $1779 assuming that the policy is forever and that the compound yearly inflation rate is 7%. (No credit card; can't rent US VPS or get AWS free tier.) On Thu, Apr 23, 2015 at 7:32 PM, Kim-Ee Yeoh wrote:

On Thu, Apr 23, 2015 at 5:46 PM, Brandon Allbery wrote:

...

Bad news: you're going to be trusting your ISP's DNS to get there, unless they can guarantee their IPv4 and/or IPv6 addresses won't change *and* you can remember those addresses *and* they're not using name based virtual hosts or other very common modern HTTP features.

Erik didn't quite spell out the use-case. My guess is that it's to deal with national policies that restrict access to certain sites by blanking out at the ISP DNS level.

So trusting the ISP to get to statdns.com should be fine, assuming that the ISP is only doing the barest minimum to obey the law.

Certainly, given the scenario, there are multiple ways to route around the firewall. But Erik's is a cost-effective, low-maintenance solution.

-- Kim-Ee

You're welcome! It's my pleasure. I'm aware of the naming issue. Actually, I had an actual DNS server in mind. This package would then be a library for making a DNS server where StatDNS is just one back-end among many (such as a hosts file or a SQL server). It's still a long way to that. This package is not yet good for Hackage. Best, Erik On Thu, Apr 23, 2015 at 6:49 PM, Ertugrul Söylemez wrote:

...

https://github.com/edom/dns-server

Good news: It makes me happy each time I see a new Haskell package against any kind of oppression. Thanks for the initial work!

Bad news: At some point someone might want to develop an actual DNS server rather than a proxy, and a really appropriate name will be already taken, if you upload your package to Hackage.

Greets, Ertugrul

Hi Joe, I picked that name because I'm writing a library for writing DNS servers (where StatDNS is just a backend besides plain text files and SQL databases). The forwarder is just one use case of this more general library. That being said, I don't plan to put it on Hackage. Feel free to upload yours. I'll think of a better name in the meanwhile. Good luck with your project! Best, Erik (Perhaps I made this ANN too early.) On Fri, Apr 24, 2015 at 12:30 AM, Joe Hillenbrand wrote:

Could you please change the name to something more specific to your use case? I've considered writing an actual fully-featured DNS server in haskell and that is not what you've built.

On Thu, Apr 23, 2015 at 3:41 AM, Erik Dominikus wrote:

...

Bad news: ISP is intercepting packets to UDP port 53.

Good news: There is DNS resolution over HTTP (http://www.statdns.com/api/).

Bad news: The software bridging DNS clients and that HTTP service is missing.

Good news: I made (a small but working part of) it.

I've been using it on my computer.

The code is here:

https://github.com/edom/dns-server _______________________________________________ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe