Re: [CentOS] Re: OT: anything in CentOS 5.2 that uses opendns.com when browsing web?
On Mon, Jul 14, 2008 at 12:19 PM, Scott Silva [EMAIL PROTECTED] wrote: I just played with one of my test vmware ipcop images and set it to dhcp on our internal network (which should simulate your natted connection through your adsl modem) for the red interface and I was able to dig +trace google.com with proper answers. So it is possible to get it working unless your ISP blocks DNS queries to anywhere else but their own servers. snip Just played with the vmware box again. It won't resolve to itself, so forget putting the localhost address in the dns servers box. The other box I played with had a secondary address as a fallback and that is why it was working. I think for the dig +trace to work for you you need a box that will do full recursion as your upstream DNS server. I had mine pointed to our caching resolver and I saw the queries log there. I would forget about setting nameservers in your adsl modem as I doubt it has a very large cache so it will expire entries quickly. If you point your ipcop's dns entries to opendns or another free resolver you should be good to go. I have it working, with one glitch (cannot get to the IPCop web interface from my Desktop) in the Backup IPCop box. Yesterday, I installed a different HD, ran Diagnostics on that, ran Memtest 86 and then did a clean install of IPCop 1.4.16 from the CD I made last year. Last night, with some difficulty, I was able to connect to the IPCop box with the web browser, change the settings for SSH in it, but I could not browse. There was no resolution. This morning, I noticed when it booted there was a message, Bad Default Gateway. Previously, Default Gateway was blank. In the IPCop box, where it has DNS Gateway settings, I have the 2 IP addresses to access the opendns.com DNS service (they have DNS servers in 4 U.S. cities and in London as I recall) and after I changed Default Gateway to 192.168.1.1 (the ADSL modem) I was online.:-) Not sure why I am not able to get to it via the web browser on my Desktop. Also, last night, when I was able to access the IPCop box with the web browser, I noticed that it is on IPCop v.1.4.16, but it said that there are no updates available. I know there are two (2) updates available, to bring it up to 1.4.18. So, with your help and the help of others, all greatly appreciated, I have a Caching DNS Server working on my IPCop box and I have also discontinued using the problematic DNS Servers at my ISP. :-) Thanks much, to everyone who provided ideas. and guidance! It's running Headless now and I think the HW in that box is OK, with the probable exception of the Floppy Drive. Once I can get to it via the web browser, I can backup to my Desktop. dig +trace does not work the same for me as it does for you, per your explanation. [EMAIL PROTECTED]:~ # dig +trace gmail.com ; DiG 9.4.0 +trace gmail.com ;; global options: printcmd ;; Received 17 bytes from 127.0.0.1#53(127.0.0.1) in 118 ms [EMAIL PROTECTED]:~ # [EMAIL PROTECTED]:~ # dig gmail.com ; DiG 9.4.0 gmail.com ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 27531 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;gmail.com. IN A ;; ANSWER SECTION: gmail.com. 30 IN A 209.85.171.83 gmail.com. 30 IN A 64.233.171.83 gmail.com. 30 IN A 64.233.161.83 ;; Query time: 170 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Tue Jul 15 07:34:22 2008 ;; MSG SIZE rcvd: 75 [EMAIL PROTECTED]:~ # ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: OT: anything in CentOS 5.2 that uses opendns.com when browsing web?
On Tue, 2008-07-15 at 07:41 -0500, Lanny Marcus wrote: snip I have it working, with one glitch (cannot get to the IPCop web interface from my Desktop) in the Backup IPCop box. Did you remember to use the alternate port? E.g on my local net https://homegroanfirewall:445/cgi-bin/index.cgi I think the cgi... stuff is not needed, but that's where I bookmarked at for fast access. snip -- Bill ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: OT: anything in CentOS 5.2 that uses opendns.com when browsing web?
William L. Maltby wrote: On Tue, 2008-07-15 at 07:41 -0500, Lanny Marcus wrote: snip I have it working, with one glitch (cannot get to the IPCop web interface from my Desktop) in the Backup IPCop box. Did you remember to use the alternate port? E.g on my local net https://homegroanfirewall:445/cgi-bin/index.cgi I think the cgi... stuff is not needed, but that's where I bookmarked at for fast access. Also, on most ipcop setups, port 81 redirects to the ssh port as well: http://name:81/ signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: OT: anything in CentOS 5.2 that uses opendns.com when browsing web?
On Tue, Jul 15, 2008 at 8:08 AM, William L. Maltby [EMAIL PROTECTED] wrote: On Tue, 2008-07-15 at 07:41 -0500, Lanny Marcus wrote: snip I have it working, with one glitch (cannot get to the IPCop web interface from my Desktop) in the Backup IPCop box. Did you remember to use the alternate port? E.g on my local net https://homegroanfirewall:445/cgi-bin/index.cgi I think the cgi... stuff is not needed, but that's where I bookmarked at for fast access. Yes, I have been using it with Port 445 and couldn't get into it. But, after reading your post, I tried it again and I am connected to the new IPCop box. :-) It may be an intermittent problem. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: OT: anything in CentOS 5.2 that uses opendns.com when browsing web?
On Tue, Jul 15, 2008 at 8:24 AM, Johnny Hughes [EMAIL PROTECTED] wrote: William L. Maltby wrote: On Tue, 2008-07-15 at 07:41 -0500, Lanny Marcus wrote: I have it working, with one glitch (cannot get to the IPCop web interface from my Desktop) in the Backup IPCop box. Did you remember to use the alternate port? E.g on my local net https://homegroanfirewall:445/cgi-bin/index.cgi I think the cgi... stuff is not needed, but that's where I bookmarked at for fast access. Also, on most ipcop setups, port 81 redirects to the ssh port as well: http://name:81/ Thanks Johnny.. I just got into it, on Port 445 and am connected to the web interface now. Question: Did you find that X crashed, in RHEL 5.2, on that SME Server documentation page, as it does in CentOS 5.2? Lanny ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: OT: anything in CentOS 5.2 that uses opendns.com when browsing web?
On Tue, Jul 15, 2008 at 8:49 AM, Lanny Marcus [EMAIL PROTECTED] wrote: I have it working, with one glitch (cannot get to the IPCop web interface from my Desktop) in the Backup IPCop box. It's working fine now!:-) I have the 2 updates installed and I backed it up to my Desktop. Trying to backup to a different floppy disk at this time. The floppy drive is probably sick. Otherwise, it is up and running! :-) I will make the changes to our other (older) IPCop box, in a day or two. Running memtest86 on that one now. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: OT: anything in CentOS 5.2 that uses opendns.com when browsing web?
On Sun, Jul 13, 2008 at 8:24 PM, Ian Blackwell [EMAIL PROTECTED] wrote: Lanny Marcus wrote: Question: The next time I connect our Backup IPCop box, should I put the 2 IP addresses for opendns.com there, or, the IP of our ADSL Modem? Which will be faster? If I understand, you have the IP addresses in your IPCop box and that bypasses your ADSL Modem. TIA, Lanny My advice is to forget DNS on the modem because it won't be more up-to-date than the cache on the IPCop server, so it won't serve any useful function. Set the IPCop box to use the IP addresses provided by opendns.com. It will cache DNS query results and contact the opendns servers when it needs to refresh expired data or get new data not already in the IPCop cache. The modem can't help in this scenario, so leave it alone and bypass it by telling IPCop to go directly to opendns for DNS queries. That is what I thought, from reading what you'd written previously, but I wanted to confirm that with you. I will try that, on our Backup IPCop box, when the other users are not online. Thanks! ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Re: OT: anything in CentOS 5.2 that uses opendns.com when browsing web?
on 7-13-2008 10:06 AM Lanny Marcus spake the following: On 7/11/08, Scott Silva [EMAIL PROTECTED] wrote: snip I just played with one of my test vmware ipcop images and set it to dhcp on our internal network (which should simulate your natted connection through your adsl modem) for the red interface and I was able to dig +trace google.com with proper answers. So it is possible to get it working unless your ISP blocks DNS queries to anywhere else but their own servers. Scott: There are probably one or two configuration settings that I do not have correct at this time. That is why I am testing this on our Backup IPCop box. You got this to work, so it will work for me, if when I get the configuration settings correct. Question: Do I need to put something in the hosts file? At the moment, I cannot use that IPCop box to surf, because there is no name resolution. TIA! Lanny The hosts file should only require the basics like the FQDN of the ipcop box mapped to its green address and 127.0.0.1 mapped to localhost.localdomain. I'll poke at a virtual ipcop box again this afternoon. My boss is out of town for the week, so my load has doubled. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Re: OT: anything in CentOS 5.2 that uses opendns.com when browsing web?
on 7-13-2008 10:06 AM Lanny Marcus spake the following: On 7/11/08, Scott Silva [EMAIL PROTECTED] wrote: snip I just played with one of my test vmware ipcop images and set it to dhcp on our internal network (which should simulate your natted connection through your adsl modem) for the red interface and I was able to dig +trace google.com with proper answers. So it is possible to get it working unless your ISP blocks DNS queries to anywhere else but their own servers. Scott: There are probably one or two configuration settings that I do not have correct at this time. That is why I am testing this on our Backup IPCop box. You got this to work, so it will work for me, if when I get the configuration settings correct. Question: Do I need to put something in the hosts file? At the moment, I cannot use that IPCop box to surf, because there is no name resolution. TIA! Lanny Just played with the vmware box again. It won't resolve to itself, so forget putting the localhost address in the dns servers box. The other box I played with had a secondary address as a fallback and that is why it was working. I think for the dig +trace to work for you you need a box that will do full recursion as your upstream DNS server. I had mine pointed to our caching resolver and I saw the queries log there. I would forget about setting nameservers in your adsl modem as I doubt it has a very large cache so it will expire entries quickly. If you point your ipcop's dns entries to opendns or another free resolver you should be good to go. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: OT: anything in CentOS 5.2 that uses opendns.com when browsing web?
On Fri, Jul 11, 2008 at 12:36 PM, Scott Silva [EMAIL PROTECTED] wrote: snip On 7/10/08, Scott Silva [EMAIL PROTECTED] wrote: No !!! Don't change it there. That is the IP address sent to your dhcp clients for them to use for dns. If you set that to 127.0.0.1, no one will find anything. You need to run setup either from a terminal window on the ipcop box or by ssh. About halfway down is Networking which you select, and in that menu is Dns and Gateway Settings. You would set the primary dns to 127.0.0.1 and if you want set the secondary dns to what your primary dns was set at. You might have to play with the options to have dhcp assigned red and still be able to set your nameserver settings. The ipcop boxes I have are all on static ip's, on either T1's or business class DSL, so the settings are a little different. Whatever you do, write down the original settings of anything you change so you can restore it if it horribly breaks. Progress this morning! On our backup IPCop box (the one with much better HW) I updated IPCop and the Snort definitions and backed up that IPCop box to the HD on my Desktop. Then, I had a problem, when I tried to SSH into it. I got an Error, because the /root/.ssh/Known Hosts has the RSA Key for the IPCop box we normally use. I made a backup of that file and put the RSA Key for the Backup IPCop box there and then I was able to SSH into it. I put 127.0.0.1 for the Primary DNS and also for the Secondary DNS and tried to surf the web. No go. Playing with the IPCop options you suggested might be something I need to do. In DHCP Server configuration, the Primary DNS was set to 192.168.10.1 I tried changing that to 127.0.0.1 but I had the same problem. When I tried to ping one of my web sites by the domain name, it came back ping: unknown host I am up and running on our normal IPCop box again. Last night, I changed the DNS Settings in the ADSL Modem, from using the DNS Servers at our local ISP, to those of opendns.com and that probably will help a lot, until I can get IPCop configured properly for the Caching DNS Server. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: OT: anything in CentOS 5.2 that uses opendns.com when browsing web?
On Sat, 2008-07-12 at 17:23 -0500, Lanny Marcus wrote: On 7/12/08, Ralph Angenendt [EMAIL PROTECTED] wrote: Lanny Marcus wrote: [240kB png] DON'T EVER DO THAT AGAIN. You just sent out ~1GB of data. As of now (as that already happened last week), the maximum message size for this list is 50kB. So people: Trim your mails :) To: Ralph and everyone on the list: I apologize, sincerely. Bill sent a .png attachment of the screen in his IPCop box and I sent mine back. Please forgive me. I will not send an attachment like that to the list again. Lanny FYI: When you have a large thing to post publicly there are sites such as http://pastebin.com/ and others. Googling will get you some. snip -- Bill ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: OT: anything in CentOS 5.2 that uses opendns.com when browsing web?
On 7/13/08, William L. Maltby [EMAIL PROTECTED] wrote: again. Lanny FYI: When you have a large thing to post publicly there are sites such as http://pastebin.com/ and others. Googling will get you some. Bill Bill: You'd attached your file, Friday night. I attached mine, when I replied. That was a *bad* thing to do and if I need to post something public in the future, I will try to remember pastebin. Lanny I've attached a partial snapshot of what you should see in your browser when you got into IPCop. System-updates. IPCopSnap.png ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: OT: anything in CentOS 5.2 that uses opendns.com when browsing web?
On 7/11/08, Scott Silva [EMAIL PROTECTED] wrote: snip I just played with one of my test vmware ipcop images and set it to dhcp on our internal network (which should simulate your natted connection through your adsl modem) for the red interface and I was able to dig +trace google.com with proper answers. So it is possible to get it working unless your ISP blocks DNS queries to anywhere else but their own servers. Scott: There are probably one or two configuration settings that I do not have correct at this time. That is why I am testing this on our Backup IPCop box. You got this to work, so it will work for me, if when I get the configuration settings correct. Question: Do I need to put something in the hosts file? At the moment, I cannot use that IPCop box to surf, because there is no name resolution. TIA! Lanny ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: OT: anything in CentOS 5.2 that uses opendns.com when browsing web?
On Sun, 2008-07-13 at 11:57 -0500, Lanny Marcus wrote: On 7/13/08, William L. Maltby [EMAIL PROTECTED] wrote: again. Lanny FYI: When you have a large thing to post publicly there are sites such as http://pastebin.com/ and others. Googling will get you some. Bill Bill: You'd attached your file, Friday night. I attached mine, when I replied. That was a *bad* thing to do and if I need to post something public in the future, I will try to remember pastebin. Lanny It wasn't a bad thing to do. IMO the bad thing to do was for someone to rebuke you in such a short manner when you had made the list aware of your noobiness. But that's really irrelevant and I'm not in the habit of telling others how to behave. Their mommies raised them, not me. Their personal problems are theirs and will not become mine. Having said that, I sense an emotional current underlying your reply, so I'll offer the below. If I read incorrectly I apologize in advance for the below. First, *I* had no problem with your post and was not aware that you would post back with a snapshot, regardless of size. So don't take umbrage at my suggestion. It was in good spirit and posted so that you wouldn't have to hear posts from Ralph et al in the future, but could still make large attachments available to the community as the need arises. Second, my post of the attachment has nothing to do with the response from the list. Mine was much smaller (appx. 100K, which I checked first). Generally the list has not expressed problems in the past with smaller attachments and it never occurred to me that a problem would result or I would have warned you. Being a *long* time user of various net-centric resources, I already knew to check my size first and that is why I sent only a partial snapshot of the whole screen. Typically users, like myself, forget that other newer users need to be advised of such things. *shrug* I will say that my style often varies from theirs when I feel the need to help a newer user learn the ropes. I have more I could say, but I'll just end it with this. Chalk it up to learning curve, let the emotional aspects of the *apparent* rebuke slide and sailor on. No harm done unless you let it eat at you. Remember there are brusque personalities generally associated with lists such as this. Keep the emotional responses reserved for those who matter - the VIPs - not the folks on lists such as this. I've attached a partial snapshot of what you should see in your browser when you got into IPCop. System-updates. IPCopSnap.png snip sig stuff -- Bill ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: OT: anything in CentOS 5.2 that uses opendns.com when browsing web?
William L. Maltby wrote: It wasn't a bad thing to do. IMO the bad thing to do was for someone to rebuke you in such a short manner when you had made the list aware of your noobiness. Had I seen your attachement first (which somehow got around me), you would have gotten the notice. That has nothing to do with noobiness or not, just with common sense: One does not send large mails/files to thousands of users. At least not via public mailing lists. And yes, I was astonished that the list even allowed mails that large. Ralph pgpbDaiIyM4iB.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: OT: anything in CentOS 5.2 that uses opendns.com when browsing web?
On Sun, 2008-07-13 at 21:41 +0200, Ralph Angenendt wrote: William L. Maltby wrote: It wasn't a bad thing to do. IMO the bad thing to do was for someone to rebuke you in such a short manner when you had made the list aware of your noobiness. Had I seen your attachement first (which somehow got around me), you would have gotten the notice. That has nothing to do with noobiness or not, just with common sense: One does not send large mails/files to thousands of users. At least not via public mailing lists. Common sense is almost always derived from the experience of those who have it. Some things a plumber would consider common sense would be beyond the ken of you and me, I imagine. Same here in the virtual world. In fact, probably worse. A plumber has a relatively smaller knowledge base to digest. And a relatively smaller selection of sources for that knowledge. So I take the approach that unless someone is an obvious repeat offender, or just doesn't care, I cut them some slack and approach them as I would like to be approached if I was new to the venue. But that's just me. I don't expect others to adhere to my standards. And yes, I was astonished that the list even allowed mails that large. *chuckle* That large? I'd *almost* bet I'd seen regular posts in some of our longer threads (mostly careening OT severely) that were larger just because folks are too damn lazy to snip. Q: since you have seen me on here for a long time and know that I am generally observant of the courtesies, would you have shouted at me in the same way? Your answer should provide insight to future hapless victims of your wrath. :-) Ralph snip sig stuff -- Bill ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: OT: anything in CentOS 5.2 that uses opendns.com when browsing web?
William L. Maltby wrote: Q: since you have seen me on here for a long time and know that I am generally observant of the courtesies, would you have shouted at me in the same way? Yes, sure. Your answer should provide insight to future hapless victims of your wrath. :-) Ah, wrath would have been removal from the list without notice :) Ralph pgpPvxw05MC8E.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: OT: anything in CentOS 5.2 that uses opendns.com when browsing web?
Lanny Marcus wrote: I am up and running on our normal IPCop box again. Last night, I changed the DNS Settings in the ADSL Modem, from using the DNS Servers at our local ISP, to those of opendns.com http://opendns.com and that probably will help a lot, until I can get IPCop configured properly for the Caching DNS Server. My understanding is that IPCop provides a Caching DNS *Proxy*, not a Caching Name Server. Being a proxy means it forwards any queries that it can't answer from it's own cache to full DNS Servers (caching or not). Once it knows the answer it will cache it locally and return that answer to local users without contacting the DNS server again - as long as it is valid to do so based on the cache time set for that particular domain. For exmaple, my domain's cache time is short because my server lives on a dynamic IP address, but google's cache time is long because their servers are on static IP addresses and caching for a long time is safe for the DNS client to do (no need to query often because the servers aren't moving). If your ADSL modem can act as a DNS server, then you can point IPCop to that for DNS, but you can't point IPCop to itself (127.0.0.1) because it is only a proxy - not a full DNS server. In my view, for DNS your IPCop box should be directed to:- 1) your ISP's DNS servers; or 2) public DNS servers; or 3) your ADSL modem which is using either of the above. As I've already mentioned in other replies on this topic, my IPCop server uses my ISP for DNS requests. This means my ADSL modem is bypassed for DNS queries, but I'm not even sure if it could respond to DNS queries. Even if it could, since the IPCop is a caching proxy, it will keep the query results as long as it is entitled to before re-querying the real DNS server again. Using the ADSL modem won't help here because it can't cache any longer than the IPCop box can, so it will have to query the real DNS server in this situation. My view is you might as well make the IPCop do that in one step - why involve the modem? Regards, Ian smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: OT: anything in CentOS 5.2 that uses opendns.com when browsing web?
On Sun, Jul 13, 2008 at 6:11 PM, Ian Blackwell [EMAIL PROTECTED] wrote: Lanny Marcus wrote: I am up and running on our normal IPCop box again. Last night, I changed the DNS Settings in the ADSL Modem, from using the DNS Servers at our local ISP, to those of opendns.com and that probably will help a lot, until I can get IPCop configured properly for the Caching DNS Server. My understanding is that IPCop provides a Caching DNS Proxy, not a Caching Name Server. You may be correct about that. Scott Silva tried this using IPCop on a VM and it did work for him. I googled for: IPCop+Caching+DNS and these are the first responses I got: 5. Services Menu As well as caching DNS information from the Internet, the DNS proxy on IPCop allows you to manually enter hosts whose address you want to maintain locally. ... www.ipcop.org/1.4.0/en/admin/html/services.html - 51k - Cached - Similar pages IPCop History :: IPCop.org :: The bad packets stop here! Digital Alpha (preliminary) - yes, IPCop runs on Alpha systems as well as Intel ... Caching DNS; TCP/UDP Port Forwarding; External Service Access Control ... www.ipcop.org/index.php?module=pnWikkatag=IPCopHistory - 26k - Cached - Similar pages More results from www.ipcop.org ยป IPCop: An Overview IPCop is a cut-down Linux distribution that is intended to operate as a ... Caching DNS; TCP/UDP port forwarding; Intrusion detection system (Snort) ... www.securityfocus.com/infocus/1556 - 38k - Cached - Similar pages [Technic] IPCOP Now, if you use Morenet's DNS system.. consider changing your DHCP to pass out the IPCOP's caching DNS server instead(but set ipcop itself to use morenet's ... lists.more.net/archives/technic/2005-July/009873.html - 10k - Cached - Similar pages 'Re: [IPCop-devel] Regarding local (green) DNS and global (red ... I flushed the local DNS cache and restarted IPCop before testing in each mode. I got identical results in all modes - the DNS lookup would be sucessfully ... marc.info/?l=ipcop-develm=105698912708708w=2 - 10k - Cached - Similar pages z o r g . o r g - IPCop Firewall Review IPCop offers an IPChains based firewall with DHCP server, caching DNS, the Squid web proxy, Snort intrusion detection system, port forwarding, ... www.zorg.org/linux/ipcop.php - 25k - Cached - Similar pages Being a proxy means it forwards any queries that it can't answer from it's own cache to full DNS Servers (caching or not). Once it knows the answer it will cache it locally and return that answer to local users without contacting the DNS server again - as long as it is valid to do so based on the cache time set for that particular domain. For exmaple, my domain's cache time is short because my server lives on a dynamic IP address, but google's cache time is long because their servers are on static IP addresses and caching for a long time is safe for the DNS client to do (no need to query often because the servers aren't moving). If your ADSL modem can act as a DNS server, I don't think so, but I will log onto it and see if I can find anything about it being able to do that. then you can point IPCop to that for DNS, but you can't point IPCop to itself (127.0.0.1) because it is only a proxy - not a full DNS server. In my view, for DNS your IPCop box should be directed to:- 1) your ISP's DNS servers; or We stopped using the DNS Servers at my ISP last night. I switched the settings in the ADSL Modem to use the DNS at opendns.com and that will eliminate the DNS problems we had, when using the DNS Servers at our ISP. 2) public DNS servers; or Now using opendns.com as I mentioned above. 3) your ADSL modem which is using either of the above. On this URL: https://www.opendns.com/start?device=ipcop They have the below informaion: Enable OpenDNS: Unix/Linux IPCop firewall Get Started Change DNS on your server Instructions Overview 1. Log in as root and run setup. 2. Select the Networking option and select OK. 3. In Network configuration menu, select DNS and Gateway settings and select OK. 4. In the DNS and Gateway settings screen, enter the OpenDNS nameserver addresses. Leave the Gateway value alone. Select OK. 5. Back on the Network Configuration menu, select Done. 6. Watch the Pushing Network down... message. 7. Watch the Pulling Network up... message. 8. At the Selection menu, press Quit to exit the setup program. They have information for bind dnscache and IPCop I think my next attempt will be to follow the above instructions and see if I then have DNS! As I've already mentioned in other replies on this topic, my IPCop server uses my ISP for DNS requests. This means my ADSL modem is bypassed for DNS queries, but I'm not even sure if it could respond to DNS queries. Even if it could, since the IPCop is a caching proxy, it will keep the query results as long as it is entitled to before re-querying the real DNS server again. Using the ADSL modem won't help here because it can't cache any longer than the
Re: [CentOS] Re: OT: anything in CentOS 5.2 that uses opendns.com when browsing web?
On Sun, Jul 13, 2008 at 6:11 PM, Ian Blackwell [EMAIL PROTECTED] wrote: snip My understanding is that IPCop provides a Caching DNS Proxy, not a Caching Name Server. Being a proxy means it forwards any queries that it can't answer from it's own cache to full DNS Servers (caching or not). I suspect you are correct, that it is a DNS Proxy and not a DNS Server. I googled site:ipcop.org caching+DNS+server and I see things that refer to DNS Server and also things that refer to DNS Proxy. In the IPCop Administrative Manual, it says, As well as Caching DNS information from the Internet, the DNS proxy on IPCop. As I wrote a few minutes ago, the next time I hook up that IPCop box, I will follow the instructions on opendns.com and see what happens. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: OT: anything in CentOS 5.2 that uses opendns.com when browsing web?
On Sun, Jul 13, 2008 at 6:11 PM, Ian Blackwell [EMAIL PROTECTED] wrote: snip If your ADSL modem can act as a DNS server, then you can point IPCop to that for DNS, but you can't point IPCop to itself (127.0.0.1) because it is only a proxy - not a full DNS server. In my view, for DNS your IPCop box should be directed to:- 1) your ISP's DNS servers; or 2) public DNS servers; or 3) your ADSL modem which is using either of the above. As I've already mentioned in other replies on this topic, my IPCop server uses my ISP for DNS requests. This means my ADSL modem is bypassed for DNS queries, but I'm not even sure if it could respond to DNS queries. Ian: This is from the web interface of our ZTE ADSL Modem: DNS Server Configuration If Enable Automatic Assigned DNS checkbox is selected, this router will accept the first received DNS assignment from the PPPoA, PPPoE or MER/DHCP enabled PVC(s) during the connection establishment. If the checkbox is not selected, enter the primary and optional secondary DNS server IP addresses. Click Apply to save it. NOTE: If changing from unselected Automatic Assigned DNS to selected Automatic Assigned DNS, you must reboot the router to get the automatic assigned DNS addresses. Enable Automatic Assigned DNS Primary DNS server: Last night, I put the IP addresses for the 2 DNS Servers at opendns.com there. Question: The next time I connect our Backup IPCop box, should I put the 2 IP addresses for opendns.com there, or, the IP of our ADSL Modem? Which will be faster? If I understand, you have the IP addresses in your IPCop box and that bypasses your ADSL Modem. TIA, Lanny ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: OT: anything in CentOS 5.2 that uses opendns.com when browsing web?
Lanny Marcus wrote: Question: The next time I connect our Backup IPCop box, should I put the 2 IP addresses for opendns.com there, or, the IP of our ADSL Modem? Which will be faster? If I understand, you have the IP addresses in your IPCop box and that bypasses your ADSL Modem. TIA, Lanny My advice is to forget DNS on the modem because it won't be more up-to-date than the cache on the IPCop server, so it won't serve any useful function. Set the IPCop box to use the IP addresses provided by opendns.com. It will cache DNS query results and contact the opendns servers when it needs to refresh expired data or get new data not already in the IPCop cache. The modem can't help in this scenario, so leave it alone and bypass it by telling IPCop to go directly to opendns for DNS queries. Cheers, Ian smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: OT: anything in CentOS 5.2 that uses opendns.com when browsing web?
Lanny Marcus wrote: [240kB png] DON'T EVER DO THAT AGAIN. You just sent out ~1GB of data. As of now (as that already happened last week), the maximum message size for this list is 50kB. So people: Trim your mails :) Ralph pgpr6cPHknP7f.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: OT: anything in CentOS 5.2 that uses opendns.com when browsing web?
On 7/12/08, Ralph Angenendt [EMAIL PROTECTED] wrote: Lanny Marcus wrote: [240kB png] DON'T EVER DO THAT AGAIN. You just sent out ~1GB of data. As of now (as that already happened last week), the maximum message size for this list is 50kB. So people: Trim your mails :) To: Ralph and everyone on the list: I apologize, sincerely. Bill sent a .png attachment of the screen in his IPCop box and I sent mine back. Please forgive me. I will not send an attachment like that to the list again. Lanny ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: OT: anything in CentOS 5.2 that uses opendns.com when browsing web?
On 7/11/08, Scott Silva [EMAIL PROTECTED] wrote: snip Question: Awhile ago, I got into the configuration settings for our ZTE ADSL Modem. For the change to me having my own Caching DNS Server, in the settings for the ADSL modem at this time, using the DNS servers at our ISP: Primary DNS Server 200.29.104.22 Secondary DNS Server 200.29.96.22 When I think I am ready to test the change I make to IPCop setting(s), should I set those to 0.0.0.0. so I can use my own DNS Server ? Or. leave those spaces blank? Or, leave them as they are now? Thank you, very much, for your time and help, which are greatly appreciated! It looks as if your ADSL modem is in NAT mode, so it is acting like a very simple router already. What settings does it actually have? Scott: Which settings in the ADSL Modem are you interested in? There are quite a few settings available in the web interface. If you tell me which settings are of interest, I'll get them for you. ADSL Port Enable Downstream Line Rate 2047 Upstream Line Rate 507 LAN IP Address 192.168.1.1 Default Gateway 190.1.216.1 Primary DNS Server 200.29.104.22 Secondary DNS Server 200.29.96.22 ADSL line status Current adsl line status is as the below. Line Mode ADSL2+ Line State Show Time Line Up Time Duration 00:05:28:31 System Up Time 00:05:28:39 Line Downstream Rate 2047 Line Upstream Rate 507 Latency Type Fast Line Coding Trellis On Noise Margin 31.6 Line Attenuation 19.5 Output power 22.0 Attainable Line Rate 17628 Line Up Count 1 Status No Defect If you note any problems in the quality of the line, the phone company people were working in our subdivision a few weeks ago and they detected a problem, with a long cable we have, underground, about 100 (?) meters in the street to their box. Apparently, 2 cables are touching. They mentioned running a new cable in the air, instead of underground. I was surprised that they found this problem, because at the same time, on speedtest.net I got a Download speed of 1780 from a server in Orlando and our contract with our ISP is for 550, so I was happy with the speed they were providing to us. I think you can leave those settings alone, as they only will be used if you point DNS settings at the modems ip address. If you set your IPcop box at 127.0.0.1 it should seek out to the root servers by itself. Cool. It sounds like all I need to do is change the one setting in the IPCop box and if all goes well, my Caching DNS Server is up and running. I will try it, ASAP, on our backup IPCop box. If I get up *early* Sunday morning, I will try it then. As I posted earlier, you will have to poke around in the ipcop setup menu to get dhcp and custom DNS settings both working. That's why I want to do it on the backup IPCop box. If it stops working, my VIP users can continue using the IPCop box that works and I don't have irate users. :-) The IPCop box is our Production server. :-) I just played with one of my test vmware ipcop images and set it to dhcp on our internal network (which should simulate your natted connection through your adsl modem) for the red interface and I was able to dig +trace google.com with proper answers. So it is possible to get it working unless your ISP blocks DNS queries to anywhere else but their own servers. Hoping they are not blocking those DNS queries or any other traffic. I just SSH'd into the IPCop box: [EMAIL PROTECTED]:~ # dig gmail.com ; DiG 9.4.0 gmail.com ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 29247 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 13, ADDITIONAL: 11 ;; QUESTION SECTION: ;gmail.com. IN A ;; ANSWER SECTION: gmail.com. 27 IN A 64.233.161.83 gmail.com. 27 IN A 209.85.171.83 gmail.com. 27 IN A 64.233.171.83 ;; AUTHORITY SECTION: com.152960 IN NS a.gtld-servers.net. com.152960 IN NS f.gtld-servers.net. com.152960 IN NS m.gtld-servers.net. com.152960 IN NS b.gtld-servers.net. com.152960 IN NS j.gtld-servers.net. com.152960 IN NS g.gtld-servers.net. com.152960 IN NS l.gtld-servers.net. com.152960 IN NS i.gtld-servers.net. com.152960 IN NS c.gtld-servers.net. com.152960 IN NS e.gtld-servers.net. com.152960 IN NS k.gtld-servers.net. com.152960 IN NS h.gtld-servers.net. com.152960 IN NS d.gtld-servers.net. ;; ADDITIONAL SECTION: j.gtld-servers.net. 172736 IN A 192.48.79.30 b.gtld-servers.net. 172737 IN
Re: [CentOS] Re: OT: anything in CentOS 5.2 that uses opendns.com when browsing web?
On 7/11/08, Ian Blackwell [EMAIL PROTECTED] wrote: Scott Silva wrote: You would set the primary dns to 127.0.0.1 and if you want set the secondary dns to what your primary dns was set at. You might have to play with the options to have dhcp assigned red and still be able to set your nameserver settings. The ipcop boxes I have are all on static ip's, on either T1's or business class DSL, so the settings are a little different. For what it is worth, my IPCop box has the DNS values supplied by my ISP entered here instead of 127.0.0.1. My dig +trace tests are all running fine. You entered them there and you can dig +trace from there. That's interesting. I would like to discontinue using the DNS Servers at my ISP, because: (a ) frequently slow (b) sometimes no DNS (c) the recent problem where I get to opendns.com You can also create a backup using the web-interface. The backup will be saved on your local machine and you can restore it from there if needed. Thank you for reminding me about that! The IPCop box I am using now, I backed up on 23 February. The Backup IPCop box, which I am going to use to test this, will need to be updated and then I will backup, before I try these changes. snip For the change to me having my own Caching DNS Server, in the settings for the ADSL modem at this time, using the DNS servers at our ISP: Primary DNS Server 200.29.104.22 Secondary DNS Server 200.29.96.22 These are the number I would enter into the IPCop setup screen for DNS and Gateway. My gateway value is the IP address of my ADSL modem. Ian: Thank you for the information! Lanny ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: OT: anything in CentOS 5.2 that uses opendns.com when browsing web?
On 7/11/08, William L. Maltby [EMAIL PROTECTED] wrote: snip Unless your IPCop box is assigned a dynamic IP address? No. It has a Static IP address. In that case, IIUC the DHCP server from the ISP/modem setup will provide the primary and secondary servers. I know they can be overridden if you massage the files though. But then if the ISP reassigns the servers' IP addresses you'll have to massage again - after the angst of it not working and you having to figure out that's what happened. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: OT: anything in CentOS 5.2 that uses opendns.com when browsing web?
Lanny Marcus wrote: You entered them there and you can dig +trace from there. That's interesting. I would like to discontinue using the DNS Servers at my ISP, because: (a ) frequently slow (b) sometimes no DNS (c) the recent problem where I get to opendns.com Generally your ISP's DNS should be quickest because they are closest. If you're not happy with them, google for public DNS and you'll find a plethora of publicly accessible DNS systems. You can also create a backup using the web-interface. The backup will be saved on your local machine and you can restore it from there if needed. Thank you for reminding me about that! The IPCop box I am using now, I backed up on 23 February. The Backup IPCop box, which I am going to use to test this, will need to be updated and then I will backup, before I try these changes. Don't forget to save the backup to your local system in case your IPCop box gets totally hosed. You can then rebuild the IPCop system and restore the backup from your desktop. snip Ian: Thank you for the information! Lanny You're welcome. Ian ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: OT: anything in CentOS 5.2 that uses opendns.com when browsing web?
On 7/12/08, Ian Blackwell [EMAIL PROTECTED] wrote: Lanny Marcus wrote: You entered them there and you can dig +trace from there. That's interesting. I would like to discontinue using the DNS Servers at my ISP, because: (a ) frequently slow (b) sometimes no DNS (c) the recent problem where I get to opendns.com Generally your ISP's DNS should be quickest because they are closest. If you're not happy with them, google for public DNS and you'll find a plethora of publicly accessible DNS systems. We have been having problems with the DNS Servers at our ISP (the phone company) for some time. Frequently, slow DNS or no DNS. I didn't call them, until about 10 days ago, after I tried to get to a secure server at irs.gov and I got a warning from Firefox, that the SSL certificate belonged to opendns.com I am going to look at opendns.com first for public DNS. You can also create a backup using the web-interface. The backup will be saved on your local machine and you can restore it from there if needed. I will update the Backup IPCop box, and then backup, before I start playing with the settings. Don't forget to save the backup to your local system in case your IPCop box gets totally hosed. You can then rebuild the IPCop system and restore the backup from your desktop. I will backup to floppy (it's an old box with a floppy drive) and also to my Desktop. snip Hopefully, this will be a very quick and simple change and be up and running. Good morning to you! It is 647 Saturday night here in Colombia. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: OT: anything in CentOS 5.2 that uses opendns.com when browsing web?
Lanny Marcus wrote: Good morning to you! It is 647 Saturday night here in Colombia. ___ 9:34am Sunday morning here in Australia :) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: OT: anything in CentOS 5.2 that uses opendns.com when browsing web?
On Thu, 2008-07-10 at 19:31 -0500, Lanny Marcus wrote: On 7/10/08, Scott Silva [EMAIL PROTECTED] wrote: snip snip I will try to SSH into the ipcop box. I've never tried to SSH into it. I've always looked at it via the web interface. Be aware that port 222, no 22, is used for slightly increased resistance to attacks. I just tried it from one of my ipcop boxes and got a query all the way to the root servers; dig +trace gmail.com I tried dig +trace from my Desktop and it didn't work. Probably because I'm behind the Firewall. If I can SSH into the ipcop box I will try dig +trace from there. IPCop is based on 2.4 kernel, IIRC. I don't know if it has dig. Try using nslookup (see the man page for details - I don't remember them all). snip HTH -- Bill ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: OT: anything in CentOS 5.2 that uses opendns.com when browsing web?
On Thu, 2008-07-10 at 20:07 -0500, Lanny Marcus wrote: On 7/10/08, Lanny Marcus [EMAIL PROTECTED] wrote: snip snip Still not able to SSH into the IPCop box. Something wrong in the syntax I tried or SSH didn't get turned on in the IPCop box, via the web interface, as I thought? The sshd is running in my Desktop box. Sshd is for incoming connections. You need to enable it on IPCop (using web interface is easiest). I also suggest using ssh keys instead of password *if* you want increased security. Paranoia level is the determining factor. You should not need to fron the trace (dig or nslookup from the IPCop box. [EMAIL PROTECTED] ~]$ dig +trace smtp-server.triad.rr.com ; DiG 9.3.4-P1 +trace smtp-server.triad.rr.com ;; global options: printcmd . 376531 IN NS E.ROOT-SERVERS.NET. . 376531 IN NS D.ROOT-SERVERS.NET. . 376531 IN NS M.ROOT-SERVERS.NET. . 376531 IN NS B.ROOT-SERVERS.NET. . 376531 IN NS F.ROOT-SERVERS.NET. . 376531 IN NS K.ROOT-SERVERS.NET. . 376531 IN NS A.ROOT-SERVERS.NET. . 376531 IN NS L.ROOT-SERVERS.NET. . 376531 IN NS I.ROOT-SERVERS.NET. . 376531 IN NS H.ROOT-SERVERS.NET. . 376531 IN NS C.ROOT-SERVERS.NET. . 376531 IN NS J.ROOT-SERVERS.NET. . 376531 IN NS G.ROOT-SERVERS.NET. ;; Received 504 bytes from 192.168.2.20#53(192.168.2.20) in 28 ms com.172800 IN NS F.GTLD-SERVERS.NET. com.172800 IN NS H.GTLD-SERVERS.NET. snip [EMAIL PROTECTED] ~]# ssh ipcop.homelan:222 ssh: ipcop.homelan:222: Name or service not known [EMAIL PROTECTED] ~]# I've not used it for awhile, but I think you need to look at the man page. ISTR that [EMAIL PROTECTED] is somewhere in there. Unsure though. snip sig stuff -- Bill ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: OT: anything in CentOS 5.2 that uses opendns.com when browsing web?
On 7/10/08, Ian Blackwell [EMAIL PROTECTED] wrote: Lanny Marcus wrote: [EMAIL PROTECTED] ~]# ssh ipcop.homelan:222 ssh: ipcop.homelan:222: Name or service not known [EMAIL PROTECTED] ~]# Try:- ssh -p 222 ipcop.homelan Bingo! Ian, I was able to get into the IPCop box. :-) Thank you, for giving me the correct syntax! Lanny ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: OT: anything in CentOS 5.2 that uses opendns.com when browsing web?
On 7/11/08, William L. Maltby [EMAIL PROTECTED] wrote: snip Sshd is for incoming connections. You need to enable it on IPCop (using web interface is easiest). I also suggest using ssh keys instead of password *if* you want increased security. Paranoia level is the determining factor. Paranoia level has me wanting to: (a) Be able to dig +trace and verify that opendns.com is not in the loop; Preferably from both my Desktop and from the ipcop box (b) Be using Authoritative DNS servers at all times, as dnscache does. (c) Avoid DNS Cache poisoning, if possible. :-) http://en.wikipedia.org/wiki/DNS_cache_poisoning You should not need to fron the trace (dig or nslookup from the IPCop box. I cannot dig +trace from my Desktop, as me or as root and I also cannot dig +trace from the ipcop box as of this time. [EMAIL PROTECTED] ~]$ dig +trace smtp-server.triad.rr.com ; DiG 9.3.4-P1 +trace smtp-server.triad.rr.com ;; global options: printcmd snip results of Bill's dig +trace from his Desktop Here's what happens when I try that from my Desktop: [EMAIL PROTECTED] ~]$ dig +trace smtp-server.triad.rr.com ; DiG 9.3.4-P1 +trace smtp-server.triad.rr.com ;; global options: printcmd ;; connection timed out; no servers could be reached [EMAIL PROTECTED] ~]$ su - Password: [EMAIL PROTECTED] ~]# dig +trace smtp-server.triad.rr.com ; DiG 9.3.4-P1 +trace smtp-server.triad.rr.com ;; global options: printcmd ;; connection timed out; no servers could be reached [EMAIL PROTECTED] ~]# snip Here's what happened, when I tried dig +trace from the ipcop box: After SSH into ipcop.homelan I can dig gmail.com but I cannot dig +trace gmail.com as Scott Silva did on his IPCop box. [EMAIL PROTECTED]:~ # dig +trace gmail.com ; DiG 9.4.0 +trace gmail.com ;; global options: printcmd ;; connection timed out; no servers could be reached [EMAIL PROTECTED]:~ # dig gmail.com ; DiG 9.4.0 gmail.com ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 26895 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 4, ADDITIONAL: 4 ;; QUESTION SECTION: ;gmail.com. IN A ;; ANSWER SECTION: gmail.com. 55 IN A 209.85.171.83 gmail.com. 55 IN A 64.233.171.83 gmail.com. 55 IN A 64.233.161.83 ;; AUTHORITY SECTION: gmail.com. 311436 IN NS ns1.google.com. gmail.com. 311436 IN NS ns3.google.com. gmail.com. 311436 IN NS ns2.google.com. gmail.com. 311436 IN NS ns4.google.com. ;; ADDITIONAL SECTION: ns4.google.com. 345468 IN A 216.239.38.10 ns1.google.com. 345285 IN A 216.239.32.10 ns2.google.com. 345383 IN A 216.239.34.10 ns3.google.com. 341939 IN A 216.239.36.10 ;; Query time: 166 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Fri Jul 11 06:18:17 2008 ;; MSG SIZE rcvd: 218 I need to get out of here now. Later, I will try this on our backup IPCop box. I want to be able to ssh into the IPCop box, and make the change Scott Silva suggested for the DNS Server, rather than using the IPCop web interface / GUI, because I know that it is common for GUI's not to work as advertised. If I screw up the backup IPCop box, I can continue using the one we are now using and we will still be online until I get this working the way I want it to. :-) I have the Firewall running in my Desktop, which possibly is a factor here. I greatly appreciate the time and help of everyone in this mailing list! ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: OT: anything in CentOS 5.2 that uses opendns.com when browsing web?
On Fri, 2008-07-11 at 06:49 -0500, Lanny Marcus wrote: On 7/11/08, William L. Maltby [EMAIL PROTECTED] wrote: snip snip I cannot dig +trace from my Desktop, as me or as root and I also cannot dig +trace from the ipcop box as of this time. Must be either firewall on your desktop or IPCop has some blocked resources. Try to dig something from your desktop that is on your local lan. Your IPCop box(es) should make good targets *if* nothing blocks the needed responses. If you can get dig +trace to any other box on the lan, with trace information shown, that means your desktop should be fine. If not, inconclusive I guess. I would use the web interface to the IPCop box and see what has been enabled/disabled. Unless the IPCop box has been really buttoned down tight, this should work as it does here. Caveat: IIRC, you don't have the caching DNS running on the IPCop box? Maybe that has some affect? I can't figure how, since when you try from the IPCop box it works. That means the remote DNS server allows this action and IPCop should normally just do a pass through of these packets. Hmm... opined the grizzled old veteran. I guess we should ask the version of IPCop here - they are not all created equally. Mine is the 1.4.18 (IIRC), latest and greatest. Which reminds me - project has not had an upgrade for a long time now. I wonder if it died? [EMAIL PROTECTED] ~]$ dig +trace smtp-server.triad.rr.com ; DiG 9.3.4-P1 +trace smtp-server.triad.rr.com ;; global options: printcmd snip results of Bill's dig +trace from his Desktop Here's what happens when I try that from my Desktop: [EMAIL PROTECTED] ~]$ dig +trace smtp-server.triad.rr.com ; DiG 9.3.4-P1 +trace smtp-server.triad.rr.com ;; global options: printcmd ;; connection timed out; no servers could be reached Try specifying the DNS server on the end of the line (IIRC - maybe check the man page to see). [EMAIL PROTECTED] ~]$ su - Password: [EMAIL PROTECTED] ~]# dig +trace smtp-server.triad.rr.com ; DiG 9.3.4-P1 +trace smtp-server.triad.rr.com ;; global options: printcmd ;; connection timed out; no servers could be reached [EMAIL PROTECTED] ~]# snip Here's what happened, when I tried dig +trace from the ipcop box: After SSH into ipcop.homelan I can dig gmail.com but I cannot dig +trace gmail.com as Scott Silva did on his IPCop box. Works OK here. So there's certainly something different there. [EMAIL PROTECTED]:~ # dig +trace gmail.com ; DiG 9.4.0 +trace gmail.com ;; global options: printcmd ;; connection timed out; no servers could be reached [EMAIL PROTECTED]:~ # dig gmail.com snip -- Bill ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Re: OT: anything in CentOS 5.2 that uses opendns.com when browsing web?
on 7-10-2008 5:52 PM Lanny Marcus spake the following: On 7/10/08, Scott Silva [EMAIL PROTECTED] wrote: snip When you set up your connection to your provider, do you have a static address or dynamic? Dynamic IP If static, you had to set your next step resolver in the config. If you are dynamic, you get what your provider sends with the dhcp request. Since you said you have an ipcop box for your router you should be able to ssh into it and run setup and change your nameserver setting to 127.0.0.1 and your ipcop should be a caching nameserver. If you have another address there it will query to that server. I never tried to SSH into the IPCop box before. I've always connected to it via the web interface. I tried to SSH into it, but apparently I have that Blocked, in the IPCop configuration settings. [EMAIL PROTECTED] ~]# ssh ipcop.homelan ssh: connect to host ipcop.homelan port 22: Connection refused [EMAIL PROTECTED] ~]# Obviously, I need to change that, so I can run Setup from a terminal window, run the dig + trace command as you did from one of your IPCop boxes, etc. I just turned on SSH access in IPCop. It says it uses Port 222 which is non standard for SSH I am looking at it from the web interface. Under DHCP, for the Green Interface, for Primary DNS, it shows 192.168.10.1If I change that to 127.0.0.1 I'm done? Other than possibly needing to change a configuration setting in the ADSL Modem, regarding DNS? Thanks much! No !!! Don't change it there. That is the IP address sent to your dhcp clients for them to use for dns. If you set that to 127.0.0.1, no one will find anything. You need to run setup either from a terminal window on the ipcop box or by ssh. About halfway down is Networking which you select, and in that menu is Dns and Gateway Settings. You would set the primary dns to 127.0.0.1 and if you want set the secondary dns to what your primary dns was set at. You might have to play with the options to have dhcp assigned red and still be able to set your nameserver settings. The ipcop boxes I have are all on static ip's, on either T1's or business class DSL, so the settings are a little different. Whatever you do, write down the original settings of anything you change so you can restore it if it horribly breaks. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: OT: anything in CentOS 5.2 that uses opendns.com when browsing web?
On 7/11/08, Scott Silva [EMAIL PROTECTED] wrote: snip I am looking at it from the web interface. Under DHCP, for the Green Interface, for Primary DNS, it shows 192.168.10.1If I change that to 127.0.0.1 I'm done? Other than possibly needing to change a configuration setting in the ADSL Modem, regarding DNS? Thanks much! No !!! Don't change it there. That is the IP address sent to your dhcp clients for them to use for dns. If you set that to 127.0.0.1, no one will find anything. You need to run setup either from a terminal window on the ipcop box or by ssh. About halfway down is Networking which you select, and in that menu is Dns and Gateway Settings. You would set the primary dns to 127.0.0.1 and if you want set the secondary dns to what your primary dns was set at. You might have to play with the options to have dhcp assigned red and still be able to set your nameserver settings. The ipcop boxes I have are all on static ip's, on either T1's or business class DSL, so the settings are a little different. Scott: Thank you, for the above explanation! I was able to SSH into the IPCop box on Port 222, very early this morning (with the syntax correct, that was easy) and I saw the Setup menu. Whatever you do, write down the original settings of anything you change so you can restore it if it horribly breaks. Amen. I will write down the original settings, before I change them. In a tiny way, the IPCop box is a Production Server in our house. I have two (2) very demanding users: a wife and a 7 year old daughter and I don't want them mad :-) Something like not wanting your boss at work mad at you I am going to be working on this, when they are not using their Desktop boxes and I am going to do this on our Backup IPCop box, which actually has much better HW than the one we normally use for IPCop. If I can't get this to work on IPCop, that is the one I will install SME Server or the CentOS 4.4 Server CD on. It sounds like this is going to work on IPCop, which will be much easier and much faster for me to get up and running properly. Question: Awhile ago, I got into the configuration settings for our ZTE ADSL Modem. For the change to me having my own Caching DNS Server, in the settings for the ADSL modem at this time, using the DNS servers at our ISP: Primary DNS Server 200.29.104.22 Secondary DNS Server200.29.96.22 When I think I am ready to test the change I make to IPCop setting(s), should I set those to 0.0.0.0. so I can use my own DNS Server ? Or. leave those spaces blank? Or, leave them as they are now? Thank you, very much, for your time and help, which are greatly appreciated! Lanny ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: OT: anything in CentOS 5.2 that uses opendns.com when browsing web?
On 7/11/08, Lanny Marcus [EMAIL PROTECTED] wrote: On 7/11/08, William L. Maltby [EMAIL PROTECTED] wrote: snip I cannot dig +trace from my Desktop, as me or as root and I also cannot dig +trace from the ipcop box as of this time. Must be either firewall on your desktop or IPCop has some blocked resources. Try to dig something from your desktop that is on your local lan. Your IPCop box(es) should make good targets *if* nothing blocks the needed responses. If you can get dig +trace to any other box on the lan, with trace information shown, that means your desktop should be fine. I disabled the Firewall in my Desktop. I can dig to my daughters box, but I cannot dig +trace to it. Same results as with the Firewall in my Desktop enabled. I have SELinux running in Permissive Mode in my box and am not receiving Warnings, so I do not believe that is causing the problem. I will look at the web interface for the IPCop box, to see if I can find something I think might cause this problem. [EMAIL PROTECTED] ~]$ dig dell1602.homelan ; DiG 9.3.4-P1 dell1602.homelan ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 28804 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;dell1602.homelan. IN A ;; ANSWER SECTION: dell1602.homelan. 0 IN A 192.168.10.57 ;; Query time: 2 msec ;; SERVER: 192.168.10.1#53(192.168.10.1) ;; WHEN: Fri Jul 11 16:35:11 2008 ;; MSG SIZE rcvd: 50 [EMAIL PROTECTED] ~]$ dig +trace dell1602.homelan ; DiG 9.3.4-P1 +trace dell1602.homelan ;; global options: printcmd ;; connection timed out; no servers could be reached [EMAIL PROTECTED] ~]$ dig dell1602.homelan ; DiG 9.3.4-P1 dell1602.homelan ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 55631 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;dell1602.homelan. IN A ;; ANSWER SECTION: dell1602.homelan. 0 IN A 192.168.10.57 ;; Query time: 2 msec ;; SERVER: 192.168.10.1#53(192.168.10.1) ;; WHEN: Fri Jul 11 16:36:38 2008 ;; MSG SIZE rcvd: 50 [EMAIL PROTECTED] ~]$ dig +trace dell1602.homelan ; DiG 9.3.4-P1 +trace dell1602.homelan ;; global options: printcmd ;; connection timed out; no servers could be reached [EMAIL PROTECTED] ~]$ I then Disabled the Firewall on my daughters box: [EMAIL PROTECTED] ~]$ dig +trace dell1602.homelan ; DiG 9.3.4-P1 +trace dell1602.homelan ;; global options: printcmd . 0 IN A 192.168.1.1 ;; Received 33 bytes from 192.168.10.1#53(192.168.10.1) in 2 ms [EMAIL PROTECTED] ~]$ That is the FIRST time I have been able to use the dig +trace successfully! :-) The Firewall is off in my Desktop and also in my Daughter's Desktop. [EMAIL PROTECTED] ~]$ dig +trace gmail.com ; DiG 9.3.4-P1 +trace gmail.com ;; global options: printcmd . 0 IN A 192.168.1.1 ;; Received 33 bytes from 192.168.10.1#53(192.168.10.1) in 2 ms [EMAIL PROTECTED] ~]$ The dig +trace to gmail.com does not look at all correct to me, but I only know about 1% of what I would like to know about Linux or Networking. Probably that is caused by settings in the IPCop box? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: OT: anything in CentOS 5.2 that uses opendns.com when browsing web?
On Fri, 2008-07-11 at 16:15 -0500, Lanny Marcus wrote: On 7/11/08, William L. Maltby [EMAIL PROTECTED] wrote: snip snip My wife is using her Desktop box (compaq1300) on MS Windows at this time. I can dig but I cannot dig + trace to her box: That makes sense. I was thinking that you would have the backup (new) IPCop going with DNS caching going (and, naturally, local hosts defined, local domain defined, ...). Sorry for the confusion. Unless some unit is a DNS server, or caching sever on the local lan, that would be a wasted effort. [EMAIL PROTECTED] ~]$ dig compaq1300.homelan ; DiG 9.3.4-P1 compaq1300.homelan ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 45929 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;compaq1300.homelan.IN A ;; ANSWER SECTION: compaq1300.homelan. 0 IN A 192.168.10.56 ;; Query time: 19 msec ;; SERVER: 192.168.10.1#53(192.168.10.1) ;; WHEN: Fri Jul 11 15:52:34 2008 ;; MSG SIZE rcvd: 52 [EMAIL PROTECTED] ~]$ [EMAIL PROTECTED] ~]$ dig +trace compaq1300.homelan ; DiG 9.3.4-P1 +trace compaq1300.homelan ;; global options: printcmd ;; connection timed out; no servers could be reached [EMAIL PROTECTED] ~] If not, inconclusive I guess. snip I would use the web interface to the IPCop box and see what has been enabled/disabled. Unless the IPCop box has been really buttoned down tight, this should work as it does here. I believe it is pretty much out of the box. Possibly the only setting I changed was not to respond to ping on the Red interface. Caveat: IIRC, you don't have the caching DNS running on the IPCop box? Maybe that has some affect? I can't figure how, since when you try from the IPCop box it works. No Bill. Very early this morning, when I was able to SSH into the IPCop box, I was *not* able to dig +trace from it, with the results Scott Silva showed to gmail.com Caching DNS in the IPCop box is not running at this time. I will try that on our Backup IPCop box, when my demanding users (wife and 7 year old daughter) are not online. That means the remote DNS server allows this action and IPCop should normally just do a pass through of these packets. Hmm... opined the grizzled old veteran. I guess we should ask the version of IPCop here - they are not all created equally. Mine is the 1.4.18 (IIRC), latest and greatest. Which reminds me - project has not had an upgrade for a long time now. I wonder if it died? My IPCop installation shows that no Updates are available for it. Available updates: All updates installed He-he! A misleading message if there ever was one! IPCop expects that you have downloaded an update image. Later you can install it. There is no yum-like facility going on there (from a paranoid security POV that would be a big NO-NO). You have to check your version (should appear in the installed updates section), go to the website and see if there is something new. The 1.4.18 was latest last I looked. Linux ipcop.homelan 2.4.34 #1 Mon Jul 16 23:11:03 GMT 2007 i586 pentium-mmx i386 GNU/Linux That doesn't show the IPCop software version. From the web interface, IIRC you can find out the version on one of its screens. snip snip Thank you, very much, for your time and help! Lanny NP! snip sig stuff -- Bill ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: OT: anything in CentOS 5.2 that uses opendns.com when browsing web?
On Fri, 2008-07-11 at 17:12 -0500, Lanny Marcus wrote: On 7/11/08, Lanny Marcus [EMAIL PROTECTED] wrote: On 7/11/08, William L. Maltby [EMAIL PROTECTED] wrote: snip I cannot dig +trace from my Desktop, as me or as root and I also cannot dig +trace from the ipcop box as of this time. Must be either firewall on your desktop or IPCop has some blocked resources. Try to dig something from your desktop that is on your local lan. Your IPCop box(es) should make good targets *if* nothing blocks the needed responses. If you can get dig +trace to any other box on the lan, with trace information shown, that means your desktop should be fine. I disabled the Firewall in my Desktop. I can dig to my daughters box, but I cannot dig +trace to it. Same results as with the Firewall in my Desktop enabled. After reading your other post, I see why. With no DNS server (caching or otherwise), your routing is strictly via routing tables and /etc/hosts. So no trace is possible because no DNS server is involved. When you have some kind of DNS going on, your *first* attempt to do a look-up (presuming /etc/hosts on you machine does not contain the host - address resolution is then required to get the IP address) may give you something. I have SELinux running in Permissive Mode in my box and am not receiving Warnings, so I do not believe that is causing the problem. I Selinux would not be involved in this I think. will look at the web interface for the IPCop box, to see if I can find something I think might cause this problem. See above. W/o a DNS function, with hosts defined in /etc/hosts, +trace should not give anything. Dig needs some kind of DNS server to be found to get the results we are looking for. For doing a dig *outside* your local lan, it will/should got to the servers specified when the IPCop boots and gets dynamic IP from your USP or gets fixed IP and you have coded the servers in /etc/resolv.conf. E.g. my workstation has this (populated when IPCop assigns the IP - do not modify by hand if your IPCop is dispatching dynamic IPs). $ cat /etc/resolv.conf ; generated by /sbin/dhclient-script search HomeGroanNetworking nameserver 192.168.2.20 Note that IPCop is the ...20 address and has the DNS caching active and also has the dhcpd daemon running to assign IPs to my local network. snip WAIT! You *do* have DNS cache running I think. Check the lines below that say server:: *cluebat for me/you/us* Knowing this, you can't test on the local lan using +trace because there are no other servers. One hop and back to you. /*cluebat for me/you/us* [EMAIL PROTECTED] ~]$ dig dell1602.homelan ; DiG 9.3.4-P1 dell1602.homelan ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 28804 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;dell1602.homelan. IN A ;; ANSWER SECTION: dell1602.homelan. 0 IN A 192.168.10.57 ;; Query time: 2 msec ;; SERVER: 192.168.10.1#53(192.168.10.1) ;; WHEN: Fri Jul 11 16:35:11 2008 ;; MSG SIZE rcvd: 50 [EMAIL PROTECTED] ~]$ dig +trace dell1602.homelan ; DiG 9.3.4-P1 +trace dell1602.homelan ;; global options: printcmd ;; connection timed out; no servers could be reached [EMAIL PROTECTED] ~]$ dig dell1602.homelan ; DiG 9.3.4-P1 dell1602.homelan ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 55631 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;dell1602.homelan. IN A ;; ANSWER SECTION: dell1602.homelan. 0 IN A 192.168.10.57 ;; Query time: 2 msec ;; SERVER: 192.168.10.1#53(192.168.10.1) ;; WHEN: Fri Jul 11 16:36:38 2008 ;; MSG SIZE rcvd: 50 [EMAIL PROTECTED] ~]$ dig +trace dell1602.homelan ; DiG 9.3.4-P1 +trace dell1602.homelan ;; global options: printcmd ;; connection timed out; no servers could be reached [EMAIL PROTECTED] ~]$ I then Disabled the Firewall on my daughters box: [EMAIL PROTECTED] ~]$ dig +trace dell1602.homelan ; DiG 9.3.4-P1 +trace dell1602.homelan ;; global options: printcmd . 0 IN A 192.168.1.1 ;; Received 33 bytes from 192.168.10.1#53(192.168.10.1) in 2 ms [EMAIL PROTECTED] ~]$ That is the FIRST time I have been able to use the dig +trace successfully! :-) The Firewall is off in my Desktop and also in my Daughter's Desktop. [EMAIL PROTECTED] ~]$ dig +trace gmail.com ; DiG 9.3.4-P1 +trace gmail.com ;; global options: printcmd . 0 IN A 192.168.1.1 ;; Received 33 bytes from 192.168.10.1#53(192.168.10.1) in 2 ms [EMAIL PROTECTED] ~]$ The dig +trace to gmail.com does not look at all correct to me, but I only know about 1% of what I would like to know about Linux or Networking. Try the smtp-server.triad.rr.com or
[CentOS] Re: OT: anything in CentOS 5.2 that uses opendns.com when browsing web?
on 7-11-2008 1:48 PM Lanny Marcus spake the following: On 7/11/08, Scott Silva [EMAIL PROTECTED] wrote: snip I am looking at it from the web interface. Under DHCP, for the Green Interface, for Primary DNS, it shows 192.168.10.1If I change that to 127.0.0.1 I'm done? Other than possibly needing to change a configuration setting in the ADSL Modem, regarding DNS? Thanks much! No !!! Don't change it there. That is the IP address sent to your dhcp clients for them to use for dns. If you set that to 127.0.0.1, no one will find anything. You need to run setup either from a terminal window on the ipcop box or by ssh. About halfway down is Networking which you select, and in that menu is Dns and Gateway Settings. You would set the primary dns to 127.0.0.1 and if you want set the secondary dns to what your primary dns was set at. You might have to play with the options to have dhcp assigned red and still be able to set your nameserver settings. The ipcop boxes I have are all on static ip's, on either T1's or business class DSL, so the settings are a little different. Scott: Thank you, for the above explanation! I was able to SSH into the IPCop box on Port 222, very early this morning (with the syntax correct, that was easy) and I saw the Setup menu. Whatever you do, write down the original settings of anything you change so you can restore it if it horribly breaks. Amen. I will write down the original settings, before I change them. In a tiny way, the IPCop box is a Production Server in our house. I have two (2) very demanding users: a wife and a 7 year old daughter and I don't want them mad :-) Something like not wanting your boss at work mad at you I am going to be working on this, when they are not using their Desktop boxes and I am going to do this on our Backup IPCop box, which actually has much better HW than the one we normally use for IPCop. If I can't get this to work on IPCop, that is the one I will install SME Server or the CentOS 4.4 Server CD on. It sounds like this is going to work on IPCop, which will be much easier and much faster for me to get up and running properly. Question: Awhile ago, I got into the configuration settings for our ZTE ADSL Modem. For the change to me having my own Caching DNS Server, in the settings for the ADSL modem at this time, using the DNS servers at our ISP: Primary DNS Server 200.29.104.22 Secondary DNS Server200.29.96.22 When I think I am ready to test the change I make to IPCop setting(s), should I set those to 0.0.0.0. so I can use my own DNS Server ? Or. leave those spaces blank? Or, leave them as they are now? Thank you, very much, for your time and help, which are greatly appreciated! Lanny It looks as if your ADSL modem is in NAT mode, so it is acting like a very simple router already. What settings does it actually have? I think you can leave those settings alone, as they only will be used if you point DNS settings at the modems ip address. If you set your IPcop box at 127.0.0.1 it should seek out to the root servers by itself. As I posted earlier, you will have to poke around in the ipcop setup menu to get dhcp and custom DNS settings both working. I just played with one of my test vmware ipcop images and set it to dhcp on our internal network (which should simulate your natted connection through your adsl modem) for the red interface and I was able to dig +trace google.com with proper answers. So it is possible to get it working unless your ISP blocks DNS queries to anywhere else but their own servers. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: OT: anything in CentOS 5.2 that uses opendns.com when browsing web?
Scott Silva wrote: You would set the primary dns to 127.0.0.1 and if you want set the secondary dns to what your primary dns was set at. You might have to play with the options to have dhcp assigned red and still be able to set your nameserver settings. The ipcop boxes I have are all on static ip's, on either T1's or business class DSL, so the settings are a little different. For what it is worth, my IPCop box has the DNS values supplied by my ISP entered here instead of 127.0.0.1. My dig +trace tests are all running fine. Scott: Thank you, for the above explanation! I was able to SSH into the IPCop box on Port 222, very early this morning (with the syntax correct, that was easy) and I saw the Setup menu. Whatever you do, write down the original settings of anything you change so you can restore it if it horribly breaks. You can also create a backup using the web-interface. The backup will be saved on your local machine and you can restore it from there if needed. Amen. I will write down the original settings, before I change them. In a tiny way, the IPCop box is a Production Server in our house. I have two (2) very demanding users: a wife and a 7 year old daughter and I don't want them mad :-) Something like not wanting your boss at work mad at you I am going to be working on this, when they are not using their Desktop boxes and I am going to do this on our Backup IPCop box, which actually has much better HW than the one we normally use for IPCop. If I can't get this to work on IPCop, that is the one I will install SME Server or the CentOS 4.4 Server CD on. It sounds like this is going to work on IPCop, which will be much easier and much faster for me to get up and running properly. Question: Awhile ago, I got into the configuration settings for our ZTE ADSL Modem. For the change to me having my own Caching DNS Server, in the settings for the ADSL modem at this time, using the DNS servers at our ISP: Primary DNS Server 200.29.104.22 Secondary DNS Server 200.29.96.22 These are the number I would enter into the IPCop setup screen for DNS and Gateway. My gateway value is the IP address of my ADSL modem. Ian ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: OT: anything in CentOS 5.2 that uses opendns.com when browsing web?
On Sat, 2008-07-12 at 09:05 +0930, Ian Blackwell wrote: Scott Silva wrote: snip Question: Awhile ago, I got into the configuration settings for our ZTE ADSL Modem. For the change to me having my own Caching DNS Server, in the settings for the ADSL modem at this time, using the DNS servers at our ISP: Primary DNS Server 200.29.104.22 Secondary DNS Server 200.29.96.22 These are the number I would enter into the IPCop setup screen for DNS and Gateway. My gateway value is the IP address of my ADSL modem. Unless your IPCop box is assigned a dynamic IP address? In that case, IIUC the DHCP server from the ISP/modem setup will provide the primary and secondary servers. I know they can be overridden if you massage the files though. But then if the ISP reassigns the servers' IP addresses you'll have to massage again - after the angst of it not working and you having to figure out that's what happened. Ian snip sig stuff -- Bill ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Re: OT: anything in CentOS 5.2 that uses opendns.com when browsing web?
on 7-10-2008 1:55 PM Lanny Marcus spake the following: On 7/10/08, Rob Townley [EMAIL PROTECTED] wrote: why not use the dig command to query your isp dns system to see if they forward requests to opendns. By the way, OpenDNS is a great way to help prevent phishing attacks. Rob: What other parameters or arguments I should add onto the dig command, to see if they use opendns.com ? I don't see opendns.com in the below, but probably that is not the correct dig command. [EMAIL PROTECTED] ~]$ dig emcali.net ; DiG 9.3.4-P1 emcali.net ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 41909 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 3, ADDITIONAL: 0 ;; QUESTION SECTION: ;emcali.net.IN A ;; ANSWER SECTION: emcali.net. 3600IN A 66.45.254.245 emcali.net. 3600IN A 66.45.254.244 ;; AUTHORITY SECTION: emcali.net. 172800 IN NS ns3.hostingchange.net. emcali.net. 172800 IN NS ns2.hostingchange.net. emcali.net. 172800 IN NS ns1.hostingchange.net. ;; Query time: 1100 msec ;; SERVER: 192.168.10.1#53(192.168.10.1) ;; WHEN: Thu Jul 10 15:46:18 2008 ;; MSG SIZE rcvd: 128 [EMAIL PROTECTED] ~]$ Lastly, you should use this opp to create a opendns signon, this will give you control over your dns request options. You could block any domain via dns quikly. I will look at the opendns.com web site. I just cannot imagine that the Firefox browser is ending up at opendns.com (intermittently) on it's own. It must be coming from the DNS we are using. Thanks much! Lanny Try dig +trace emcali.net It should show all servers your query goes through. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Re: OT: anything in CentOS 5.2 that uses opendns.com when browsing web?
on 7-10-2008 2:04 PM Lanny Marcus spake the following: On 7/10/08, Lanny Marcus [EMAIL PROTECTED] wrote: snip I think I saw a reference, in a thread yesterday, about not having a package with caching in it's name, if one also has BIND installed. I am going to try to locate that thread and find out about that package. Possibly it can do what I need to do. OK. I found it. Tru wrote this, in a thread yesterday: If you have the caching-nameserver package, it's the expected behaviour: /etc/named.conf is owned and labelled as config file for caching-nameserver. The regular bind/bind-chroot don't provide named.conf. You should not install the caching-nameserver package if you are indeed providing DNS services with bind... I'm wondering if caching-nameserver will do the Caching DNS for me, if I use CentOS 3.x or 4.x. Also need the box to do Routing and Masquerading. Would that be done by IPTables? Or, if I shoud use dnscache, which is apparently much more secure than BIND, or something else, that is easier for a newbie to get configured properly. TIA! Lanny Bind as a caching nameserver is dead easy to install. Just run yum install caching-nameserver and it will pull everything in. Then chkconfig named on service named start -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: OT: anything in CentOS 5.2 that uses opendns.com when browsing web?
On 7/10/08, Scott Silva [EMAIL PROTECTED] wrote: snip Try dig +trace emcali.net It should show all servers your query goes through. Scott: Please note that I added .co (for Colombia) emcali.net.co Is this showing which DNS Servers my DNS requests use, or, which DNS Servers serve their web site? Also note that when I tried dig +trace or dig trace I got very abbreviated answers. Probably I don't have the syntax correct. Question: Is there another command I can use, to another web site (irs.gov or something) that shows which DNS Servers I am using, to get to that web site? My wife is complaining, again, as I write this, so getting our own Caching DNS Server, ASAP, has become a priority. When Colombian women are mad... :-) TIA, Lanny P.S. The first time I tried to send this email, I ended up at opendns.com instead of getting a response from Gmail. [EMAIL PROTECTED] ~]$ dig emcali.net.co ; DiG 9.3.4-P1 emcali.net.co ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 24430 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3 ;; QUESTION SECTION: ;emcali.net.co. IN A ;; ANSWER SECTION: emcali.net.co. 10800 IN A 200.29.96.38 ;; AUTHORITY SECTION: emcali.net.co. 10800 IN NS dns1.emcali.net.co. emcali.net.co. 10800 IN NS dns2.emcali.net.co. emcali.net.co. 10800 IN NS dns3.emcali.net.co. ;; ADDITIONAL SECTION: dns1.emcali.net.co. 10800 IN A 200.29.96.22 dns2.emcali.net.co. 10800 IN A 200.29.96.27 dns3.emcali.net.co. 10800 IN A 200.29.104.22 ;; Query time: 314 msec ;; SERVER: 192.168.10.1#53(192.168.10.1) ;; WHEN: Thu Jul 10 16:12:53 2008 ;; MSG SIZE rcvd: 152 [EMAIL PROTECTED] ~]$ [EMAIL PROTECTED] ~]$ dig trace emcali.net.co ;; Got answer: ;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 30304 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;trace. IN A ;; Query time: 2 msec ;; SERVER: 192.168.10.1#53(192.168.10.1) ;; WHEN: Thu Jul 10 16:20:28 2008 ;; MSG SIZE rcvd: 23 ; DiG 9.3.4-P1 trace emcali.net.co ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 24706 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;emcali.net.co. IN A ;; ANSWER SECTION: emcali.net.co. 10346 IN A 200.29.96.38 ;; Query time: 1 msec ;; SERVER: 192.168.10.1#53(192.168.10.1) ;; WHEN: Thu Jul 10 16:20:28 2008 ;; MSG SIZE rcvd: 47 [EMAIL PROTECTED] ~]$ [EMAIL PROTECTED] ~]$ dig +trace emcali.net.co ; DiG 9.3.4-P1 +trace emcali.net.co ;; global options: printcmd . 0 IN A 192.168.1.1 ;; Received 33 bytes from 192.168.10.1#53(192.168.10.1) in 3 ms [EMAIL PROTECTED] ~]$ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: OT: anything in CentOS 5.2 that uses opendns.com when browsing web?
On 7/10/08, Scott Silva [EMAIL PROTECTED] wrote: snip Bind as a caching nameserver is dead easy to install. Just run yum install caching-nameserver and it will pull everything in. Then chkconfig named on service named start Scott: Thanks! I just began a text file: Caching DNS Server and copied the above into it. Questions: (a) Is caching-nameserver completely standalone or do I need anything else with it? (Sound like yum will install everything it needs) (b) How to configure it? (c) Easier for me to get that configured properly than dnscache from djbdns? (d) If I do a minimal CentOS 3.x or 4.x install, would I do the Routing Masquerading with IPTables or something else? If I can get this to work, on a CentOS box, that would be great. Lots of questions! Your time and help is much appreciated! Lanny ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: OT: anything in CentOS 5.2 that uses opendns.com when browsing web?
On Thu, Jul 10, 2008, Lanny Marcus wrote: On 7/10/08, Scott Silva [EMAIL PROTECTED] wrote: snip Bind as a caching nameserver is dead easy to install. Just run yum install caching-nameserver and it will pull everything in. Then chkconfig named on service named start Scott: Thanks! I just began a text file: Caching DNS Server and copied the above into it. Questions: (a) Is caching-nameserver completely standalone or do I need anything else with it? (Sound like yum will install everything it needs) (b) How to configure it? (c) Easier for me to get that configured properly than dnscache from djbdns? (d) If I do a minimal CentOS 3.x or 4.x install, would I do the Routing Masquerading with IPTables or something else? If I can get this to work, on a CentOS box, that would be great. Lots of questions! Your time and help is much appreciated! Lanny If you configure BIND so it only listens on 127.0.0.1, it should be fairly secure. Bill -- INTERNET: [EMAIL PROTECTED] Bill Campbell; Celestial Software LLC URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way Voice: (206) 236-1676 Mercer Island, WA 98040-0820 Fax:(206) 232-9186 Never blame a legislative body for not doing something. When they do nothing, that don't hurt anybody. When they do something is when they become dangerous. -- Will Rogers ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Re: OT: anything in CentOS 5.2 that uses opendns.com when browsing web?
on 7-10-2008 2:50 PM Lanny Marcus spake the following: On 7/10/08, Scott Silva [EMAIL PROTECTED] wrote: snip Bind as a caching nameserver is dead easy to install. Just run yum install caching-nameserver and it will pull everything in. Then chkconfig named on service named start Scott: Thanks! I just began a text file: Caching DNS Server and copied the above into it. Questions: (a) Is caching-nameserver completely standalone or do I need anything else with it? (Sound like yum will install everything it needs) (b) How to configure it? (c) Easier for me to get that configured properly than dnscache from djbdns? (d) If I do a minimal CentOS 3.x or 4.x install, would I do the Routing Masquerading with IPTables or something else? If I can get this to work, on a CentOS box, that would be great. Lots of questions! Your time and help is much appreciated! Lanny Do you want to install a complete router using CentOS? Is your ipcop box not adequate for your needs? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: OT: anything in CentOS 5.2 that uses opendns.com when browsing web?
On 7/10/08, Scott Silva [EMAIL PROTECTED] wrote: snip When you set up your connection to your provider, do you have a static address or dynamic? We get a dynamic IP address when we connect to ADSL. If static, you had to set your next step resolver in the config. If you are dynamic, you get what your provider sends with the dhcp request. Since you said you have an ipcop box for your router you should be able to ssh into it and run setup and change your nameserver setting to 127.0.0.1 and your ipcop should be a caching nameserver. If you have another address there it will query to that server. I will try to SSH into the ipcop box. I've never tried to SSH into it. I've always looked at it via the web interface. I just tried it from one of my ipcop boxes and got a query all the way to the root servers; dig +trace gmail.com I tried dig +trace from my Desktop and it didn't work. Probably because I'm behind the Firewall. If I can SSH into the ipcop box I will try dig +trace from there. If I can get the above to work, I suspect I may also need to change something in the configuration for the ADSL modem for DNS. Sounds like a quick and easy way to do this! I have my notes from when I installed IPCop on that box, last September. The ADSL modem IP is 192.168.1.1 and the Red NIC IP is 192.168.1.2 and the Green NIC IP is 192.168.10.1and in the DHCP Server Configuration Menu the Primary DNS is 192.168.10.1 Thanks much! ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: OT: anything in CentOS 5.2 that uses opendns.com when browsing web?
On 7/10/08, Scott Silva [EMAIL PROTECTED] wrote: Do you want to install a complete router using CentOS? Is your ipcop box not adequate for your needs? From what you wrote to me in another reply, ipcop will do the job, as soon as I can get into it and get it configured the way you said. That will be MUCH easier and MUCH faster than me trying to set up a CentOS box to do this. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: OT: anything in CentOS 5.2 that uses opendns.com when browsing web?
On 7/10/08, Scott Silva [EMAIL PROTECTED] wrote: snip When you set up your connection to your provider, do you have a static address or dynamic? Dynamic IP If static, you had to set your next step resolver in the config. If you are dynamic, you get what your provider sends with the dhcp request. Since you said you have an ipcop box for your router you should be able to ssh into it and run setup and change your nameserver setting to 127.0.0.1 and your ipcop should be a caching nameserver. If you have another address there it will query to that server. I never tried to SSH into the IPCop box before. I've always connected to it via the web interface. I tried to SSH into it, but apparently I have that Blocked, in the IPCop configuration settings. [EMAIL PROTECTED] ~]# ssh ipcop.homelan ssh: connect to host ipcop.homelan port 22: Connection refused [EMAIL PROTECTED] ~]# Obviously, I need to change that, so I can run Setup from a terminal window, run the dig + trace command as you did from one of your IPCop boxes, etc. I just turned on SSH access in IPCop. It says it uses Port 222 which is non standard for SSH I am looking at it from the web interface. Under DHCP, for the Green Interface, for Primary DNS, it shows 192.168.10.1If I change that to 127.0.0.1 I'm done? Other than possibly needing to change a configuration setting in the ADSL Modem, regarding DNS? Thanks much! ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: OT: anything in CentOS 5.2 that uses opendns.com when browsing web?
On 7/10/08, Lanny Marcus [EMAIL PROTECTED] wrote: snip your ipcop should be a caching nameserver. If you have another address there it will query to that server. Obviously, I need to change that, so I can run Setup from a terminal window, run the dig + trace command as you did from one of your IPCop boxes, etc. I just turned on SSH access in IPCop. It says it uses Port 222 which is non standard for SSH Still not able to SSH into the IPCop box. Something wrong in the syntax I tried or SSH didn't get turned on in the IPCop box, via the web interface, as I thought? The sshd is running in my Desktop box. [EMAIL PROTECTED] ~]# ssh ipcop.homelan:222 ssh: ipcop.homelan:222: Name or service not known [EMAIL PROTECTED] ~]# ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: OT: anything in CentOS 5.2 that uses opendns.com when browsing web?
Lanny Marcus wrote: [EMAIL PROTECTED] ~]# ssh ipcop.homelan:222 ssh: ipcop.homelan:222: Name or service not known [EMAIL PROTECTED] ~]# Try:- ssh -p 222 ipcop.homelan Ian smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos