FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 07-10-2008, 09:01 PM
Scott Silva
 
Default OT: anything in CentOS 5.2 that uses opendns.com when browsing web?

on 7-10-2008 1:55 PM Lanny Marcus spake the following:

On 7/10/08, Rob Townley <rob.townley-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:

why not use the dig command to query your isp dns system to see if
they forward requests to opendns. By the way, OpenDNS is a great way
to help prevent phishing attacks.


Rob: What other parameters or arguments I should add onto the dig
command, to see if they use opendns.com ? I don't see opendns.com in
the below, but probably that is not the correct dig command.

[lanny@dell2400 ~]$ dig emcali.net

; <<>> DiG 9.3.4-P1 <<>> emcali.net
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41909
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 3, ADDITIONAL: 0

;; QUESTION SECTION:
;emcali.net. IN A

;; ANSWER SECTION:
emcali.net. 3600 IN A 66.45.254.245
emcali.net. 3600 IN A 66.45.254.244

;; AUTHORITY SECTION:
emcali.net. 172800 IN NS ns3.hostingchange.net.
emcali.net. 172800 IN NS ns2.hostingchange.net.
emcali.net. 172800 IN NS ns1.hostingchange.net.

;; Query time: 1100 msec
;; SERVER: 192.168.10.1#53(192.168.10.1)
;; WHEN: Thu Jul 10 15:46:18 2008
;; MSG SIZE rcvd: 128

[lanny@dell2400 ~]$


Lastly, you should use this opp to create a opendns signon, this will
give you control over your dns request options. You could block any
domain via dns quikly.


I will look at the opendns.com web site. I just cannot imagine that
the Firefox browser is ending up at opendns.com (intermittently) on
it's own. It must be coming from the DNS we are using. Thanks much!
Lanny

Try dig +trace emcali.net
It should show all servers "your" query goes through.

--
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 07-10-2008, 09:16 PM
Scott Silva
 
Default OT: anything in CentOS 5.2 that uses opendns.com when browsing web?

on 7-10-2008 2:04 PM Lanny Marcus spake the following:

On 7/10/08, Lanny Marcus <lmmailinglists-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
<snip>

I think I saw a reference, in a thread yesterday, about not having a
package with "caching" in it's name, if one also has BIND installed. I
am going to try to locate that thread and find out about that package.
Possibly it can do what I need to do.


OK. I found it. Tru wrote this, in a thread yesterday:


If you have the caching-nameserver package, it's the expected behaviour:

> /etc/named.conf is "owned" and labelled as "config file" for
caching-nameserver.
> The regular bind/bind-chroot don't provide named.conf.
>You should not install the caching-nameserver package if you are

indeed providing DNS services with bind...


I'm wondering if caching-nameserver will do the Caching DNS for me, if
I use CentOS 3.x or 4.x. Also need the box to do Routing and
Masquerading. Would that be done by IPTables? Or, if I shoud use
dnscache, which is apparently much more secure than BIND, or something
else, that is easier for a newbie to get configured properly. TIA!
Lanny

Bind as a caching nameserver is dead easy to install.
Just run "yum install caching-nameserver" and it will pull everything in.
Then "chkconfig named on & service named start"

--
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 07-10-2008, 09:53 PM
Scott Silva
 
Default OT: anything in CentOS 5.2 that uses opendns.com when browsing web?

on 7-10-2008 2:32 PM Lanny Marcus spake the following:

On 7/10/08, Scott Silva <ssilva@sgvwater.com> wrote:
<snip>

Try dig +trace emcali.net
It should show all servers "your" query goes through.


Scott: Please note that I added ".co" (for Colombia) emcali.net.co
Is this showing which DNS Servers my DNS requests use, or, which DNS
Servers serve their web site? Also note that when I tried "dig
+trace" or "dig trace" I got very abbreviated answers. Probably I
don't have the syntax correct. Question: Is there another command I
can use, to another web site (irs.gov or something) that shows which
DNS Servers I am using, to get to that web site? My wife is
complaining, again, as I write this, so getting our own Caching DNS
Server, ASAP, has become a priority. When Colombian women are mad...
:-) TIA, Lanny

When you set up your connection to your provider, do you have a static address
or dynamic? If static, you had to set your next step resolver in the config.
If you are dynamic, you get what your provider sends with the dhcp request.
Since you said you have an ipcop box for your router you should be able to ssh
into it and run setup and change your nameserver setting to 127.0.0.1 and your
ipcop should be a caching nameserver. If you have another address there it
will query to that server.


I just tried it from one of my ipcop boxes and got a query all the way to the
root servers;


dig +trace gmail.com

; <<>> DiG 9.3.4-P1 <<>> +trace gmail.com
;; global options: printcmd
. 353305 IN NS E.ROOT-SERVERS.NET.
. 353305 IN NS F.ROOT-SERVERS.NET.
. 353305 IN NS G.ROOT-SERVERS.NET.
. 353305 IN NS H.ROOT-SERVERS.NET.
. 353305 IN NS I.ROOT-SERVERS.NET.
. 353305 IN NS J.ROOT-SERVERS.NET.
. 353305 IN NS K.ROOT-SERVERS.NET.
. 353305 IN NS L.ROOT-SERVERS.NET.
. 353305 IN NS M.ROOT-SERVERS.NET.
. 353305 IN NS A.ROOT-SERVERS.NET.
. 353305 IN NS B.ROOT-SERVERS.NET.
. 353305 IN NS C.ROOT-SERVERS.NET.
. 353305 IN NS D.ROOT-SERVERS.NET.
;; Received 376 bytes from 127.0.0.1#53(127.0.0.1) in 0 ms

com. 172800 IN NS G.GTLD-SERVERS.NET.
com. 172800 IN NS D.GTLD-SERVERS.NET.
com. 172800 IN NS H.GTLD-SERVERS.NET.
com. 172800 IN NS J.GTLD-SERVERS.NET.
com. 172800 IN NS F.GTLD-SERVERS.NET.
com. 172800 IN NS B.GTLD-SERVERS.NET.
com. 172800 IN NS A.GTLD-SERVERS.NET.
com. 172800 IN NS E.GTLD-SERVERS.NET.
com. 172800 IN NS C.GTLD-SERVERS.NET.
com. 172800 IN NS K.GTLD-SERVERS.NET.
com. 172800 IN NS I.GTLD-SERVERS.NET.
com. 172800 IN NS M.GTLD-SERVERS.NET.
com. 172800 IN NS L.GTLD-SERVERS.NET.
;; Received 499 bytes from 192.203.230.10#53(E.ROOT-SERVERS.NET) in 23 ms

gmail.com. 172800 IN NS ns1.google.com.
gmail.com. 172800 IN NS ns2.google.com.
gmail.com. 172800 IN NS ns3.google.com.
gmail.com. 172800 IN NS ns4.google.com.
;; Received 170 bytes from 192.42.93.30#53(G.GTLD-SERVERS.NET) in 22 ms

gmail.com. 60 IN A 209.85.171.83
gmail.com. 60 IN A 64.233.171.83
gmail.com. 60 IN A 64.233.161.83
gmail.com. 345600 IN NS ns1.google.com.
gmail.com. 345600 IN NS ns2.google.com.
gmail.com. 345600 IN NS ns3.google.com.
gmail.com. 345600 IN NS ns4.google.com.
;; Received 218 bytes from 216.239.32.10#53(ns1.google.com) in 44 ms



--
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 07-10-2008, 10:23 PM
Scott Silva
 
Default OT: anything in CentOS 5.2 that uses opendns.com when browsing web?

on 7-10-2008 2:50 PM Lanny Marcus spake the following:

On 7/10/08, Scott Silva <ssilva@sgvwater.com> wrote:
<snip>

Bind as a caching nameserver is dead easy to install.
Just run "yum install caching-nameserver" and it will pull everything in.
Then "chkconfig named on & service named start"


Scott: Thanks! I just began a text file: "Caching DNS Server" and
copied the above into it. Questions: (a) Is caching-nameserver
completely standalone or do I need anything else with it? (Sound like
yum will install everything it needs) (b) How to configure it? (c)
Easier for me to get that configured properly than dnscache from
djbdns? (d) If I do a minimal CentOS 3.x or 4.x install, would I do
the Routing & Masquerading with IPTables or something else? If I can
get this to work, on a CentOS box, that would be great. Lots of
questions! Your time and help is much appreciated! Lanny

Do you want to install a complete router using CentOS?
Is your ipcop box not adequate for your needs?



--
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 07-11-2008, 05:36 PM
Scott Silva
 
Default OT: anything in CentOS 5.2 that uses opendns.com when browsing web?

on 7-10-2008 5:52 PM Lanny Marcus spake the following:

On 7/10/08, Scott Silva <ssilva@sgvwater.com> wrote:
<snip>

When you set up your connection to your provider, do you have a static
address
or dynamic?


Dynamic IP


If static, you had to set your next step resolver in the config.
If you are dynamic, you get what your provider sends with the dhcp request.
Since you said you have an ipcop box for your router you should be able to
ssh
into it and run setup and change your nameserver setting to 127.0.0.1 and
your
ipcop should be a caching nameserver. If you have another address there it
will query to that server.


I never tried to SSH into the IPCop box before. I've always connected
to it via the web interface. I tried to SSH into it, but apparently I
have that Blocked, in the IPCop configuration settings.

[root@dell2400 ~]# ssh ipcop.homelan
ssh: connect to host ipcop.homelan port 22: Connection refused
[root@dell2400 ~]#

Obviously, I need to change that, so I can run Setup from a terminal
window, run the dig + trace command as you did from one of your IPCop
boxes, etc. I just turned on SSH access in IPCop. It says it uses Port
222 which is non standard for SSH....

I am looking at it from the web interface. Under DHCP, for the Green
Interface, for Primary DNS, it shows 192.168.10.1 If I change that
to 127.0.0.1 I'm done? Other than possibly needing to change a
configuration setting in the ADSL Modem, regarding DNS? Thanks much!
No !!! Don't change it there. That is the IP address sent to your dhcp clients
for them to use for dns. If you set that to 127.0.0.1, no one will find anything.

You need to run setup either from a terminal window on the ipcop box or by ssh.
About halfway down is "Networking" which you select, and in that menu is "Dns
and Gateway Settings".


You would set the primary dns to 127.0.0.1 and if you want set the secondary
dns to what your primary dns was set at. You might have to play with the
options to have dhcp assigned red and still be able to set your nameserver
settings.
The ipcop boxes I have are all on static ip's, on either T1's or business
class DSL, so the settings are a little different.


Whatever you do, write down the original settings of anything you change so
you can restore it if it horribly breaks.



--
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 07-11-2008, 11:20 PM
Scott Silva
 
Default OT: anything in CentOS 5.2 that uses opendns.com when browsing web?

on 7-11-2008 1:48 PM Lanny Marcus spake the following:

On 7/11/08, Scott Silva <ssilva@sgvwater.com> wrote:
<snip>

I am looking at it from the web interface. Under DHCP, for the Green
Interface, for Primary DNS, it shows 192.168.10.1 If I change that
to 127.0.0.1 I'm done? Other than possibly needing to change a
configuration setting in the ADSL Modem, regarding DNS? Thanks much!

No !!! Don't change it there. That is the IP address sent to your dhcp
clients
for them to use for dns. If you set that to 127.0.0.1, no one will find
anything.
You need to run setup either from a terminal window on the ipcop box or by
ssh.
About halfway down is "Networking" which you select, and in that menu is
"Dns
and Gateway Settings".

You would set the primary dns to 127.0.0.1 and if you want set the secondary
dns to what your primary dns was set at. You might have to play with the
options to have dhcp assigned red and still be able to set your nameserver
settings.
The ipcop boxes I have are all on static ip's, on either T1's or business
class DSL, so the settings are a little different.


Scott: Thank you, for the above explanation! I was able to SSH into
the IPCop box on Port 222, very early this morning (with the syntax
correct, that was easy) and I saw the Setup menu.


Whatever you do, write down the original settings of anything you change so
you can restore it if it horribly breaks.


Amen. I will write down the original settings, before I change them.
In a tiny way, the IPCop box is a "Production" Server in our house. I
have two (2) very demanding users: a wife and a 7 year old daughter
and I don't want them mad.... :-) Something like not wanting your boss
at work mad at you....

I am going to be working on this, when they are not using their
Desktop boxes and I am going to do this on our Backup IPCop box, which
actually has much better HW than the one we normally use for IPCop. If
I can't get this to work on IPCop, that is the one I will install SME
Server or the CentOS 4.4 Server CD on. It sounds like this is going to
work on IPCop, which will be much easier and much faster for me to
get up and running properly.

Question: Awhile ago, I got into the configuration settings for our
ZTE ADSL Modem.
For the change to me having my own Caching DNS Server, in the settings
for the ADSL modem at this time, using the DNS servers at our ISP:
Primary DNS Server 200.29.104.22
Secondary DNS Server 200.29.96.22

When I think I am ready to test the change I make to IPCop setting(s),
should I set those to 0.0.0.0. so I can use my own DNS Server ? Or.
leave those spaces blank? Or, leave them as they are now? Thank you,
very much, for your time and help, which are greatly appreciated!
Lanny
It looks as if your ADSL modem is in NAT mode, so it is acting like a very
simple router already. What settings does it actually have?


I think you can leave those settings alone, as they only will be used if you
point DNS settings at the modems ip address. If you set your IPcop box at
127.0.0.1 it should seek out to the root servers by itself.


As I posted earlier, you will have to poke around in the ipcop setup menu to
get dhcp and custom DNS settings both working.


I just played with one of my test vmware ipcop images and set it to dhcp on
our internal network (which should simulate your natted connection through
your adsl modem) for the red interface and I was able to dig +trace google.com
with proper answers. So it is possible to get it working unless your ISP
blocks DNS queries to anywhere else but their own servers.


--
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 07-14-2008, 04:58 PM
Scott Silva
 
Default OT: anything in CentOS 5.2 that uses opendns.com when browsing web?

on 7-13-2008 10:06 AM Lanny Marcus spake the following:

On 7/11/08, Scott Silva <ssilva@sgvwater.com> wrote:
<snip>

I just played with one of my test vmware ipcop images and set it to dhcp on
our internal network (which should simulate your natted connection through
your adsl modem) for the red interface and I was able to dig +trace
google.com
with proper answers. So it is possible to get it working unless your ISP
blocks DNS queries to anywhere else but their own servers.


Scott: There are probably one or two configuration settings that I do
not have correct at this time. That is why I am testing this on our
Backup IPCop box.

You got this to work, so it will work for me, if & when I get the
configuration settings correct. Question: Do I need to put something
in the hosts file? At the moment, I cannot use that IPCop box to surf,
because there is no name resolution. TIA! Lanny
The hosts file "should" only require the basics like the FQDN of the ipcop box
mapped to its green address and 127.0.0.1 mapped to localhost.localdomain.


I'll poke at a virtual ipcop box again this afternoon. My boss is out of town
for the week, so my load has doubled.


--
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 07-14-2008, 05:19 PM
Scott Silva
 
Default OT: anything in CentOS 5.2 that uses opendns.com when browsing web?

on 7-13-2008 10:06 AM Lanny Marcus spake the following:

On 7/11/08, Scott Silva <ssilva@sgvwater.com> wrote:
<snip>

I just played with one of my test vmware ipcop images and set it to dhcp on
our internal network (which should simulate your natted connection through
your adsl modem) for the red interface and I was able to dig +trace
google.com
with proper answers. So it is possible to get it working unless your ISP
blocks DNS queries to anywhere else but their own servers.


Scott: There are probably one or two configuration settings that I do
not have correct at this time. That is why I am testing this on our
Backup IPCop box.

You got this to work, so it will work for me, if & when I get the
configuration settings correct. Question: Do I need to put something
in the hosts file? At the moment, I cannot use that IPCop box to surf,
because there is no name resolution. TIA! Lanny
Just played with the vmware box again. It won't resolve to itself, so forget
putting the localhost address in the dns servers box. The other box I played
with had a secondary address as a fallback and that is why it was working.


I think for the dig +trace to work for you you need a box that will do full
recursion as your upstream DNS server. I had mine pointed to our caching
resolver and I saw the queries log there.


I would forget about setting nameservers in your adsl modem as I doubt it has
a very large cache so it will expire entries quickly. If you point your
ipcop's dns entries to opendns or another free resolver you should be good to go.


--
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 06:16 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org