Re: lookup option in /etc/resolv.conf ignored
Darrin Chandler wrote: On Wed, Oct 24, 2007 at 11:46:34PM -0400, Brian wrote: Make sure you have restarted Firefox after making changes to /etc/resolv.conf. Specifically, the application-level DNS cache will contain old data if you have not restarted it. This bit me for 3 minutes straight after needing to redirect an address. I dislike Firefox's caching behavior. My nameservers cache just fine and they are speedy enough by themselves. Firefox's cache is just another level of expirations to go through. So I disable it completely. Here's the cross-platform method, if you should wish to do so: In about:config, two new integer entried: network.dnsCacheExpiration - 0 network.dnsCacheEntries - 0 DNS caching in browsers is (was) meant to provide 'DNS pinning' in order to prevent malicious sites from bypassing browser 'same domain' policy when accessing other/internal servers. Since there are several ways to bypass this protection [1] perhaps it is not that critical to disable it. It is good to be aware of the implications though. Can [1] http://crypto.stanford.edu/dns/
Re: lookup option in /etc/resolv.conf ignored
Make sure you have restarted Firefox after making changes to /etc/resolv.conf. Specifically, the application-level DNS cache will contain old data if you have not restarted it. This bit me for 3 minutes straight after needing to redirect an address. Karel Kulhavy wrote: I want to make my OS return 127.0.0.1 on google-analytics.com and ad.doubleclick.net to speed up the work with Sourceforge. I put 127.0.0.1 google-analytics.com 127.0.0.1 ad.doubleclick.net into /etc/hosts and checked that /etc/resolv.conf contains lookup file bind According to man resolv.conf this should result in /etc/hosts having priority over the DNS system. However, it simply doesn't work. Both Firefox and the host command behave as if I didn't do anything. Why doesn't it work when man resolv.conf says it should? CL [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: lookup option in /etc/resolv.conf ignored
On Wed, Oct 24, 2007 at 11:46:34PM -0400, Brian wrote: Make sure you have restarted Firefox after making changes to /etc/resolv.conf. Specifically, the application-level DNS cache will contain old data if you have not restarted it. This bit me for 3 minutes straight after needing to redirect an address. I dislike Firefox's caching behavior. My nameservers cache just fine and they are speedy enough by themselves. Firefox's cache is just another level of expirations to go through. So I disable it completely. Here's the cross-platform method, if you should wish to do so: In about:config, two new integer entried: network.dnsCacheExpiration- 0 network.dnsCacheEntries - 0 -- Darrin Chandler| Phoenix BSD User Group | MetaBUG [EMAIL PROTECTED] | http://phxbug.org/ | http://metabug.org/ http://www.stilyagin.com/ | Daemons in the Desert | Global BUG Federation
Re: lookup option in /etc/resolv.conf ignored
On Sat, Oct 13, 2007 at 10:16:10PM -0700, Claus Assmann wrote: Are you sure your browser is asking for exactly that name, and not some name in those domains you specified? For those cases I simply add the domains with a wildcard to my local DNS server, e.g., named.conf: zone doubleclick.com { type master; file master/doubleclick.com; }; master/doubleclick.com: [[usual SOA]] ad.doubleclick.com. IN A 127.0.0.1 *.doubleclick.com. IN A 127.0.0.1 You can simplify the above a bit for lots of domains: zone adimages.go.com { type master; file master/block-zone; }; zone admonitor.net { type master; file master/block-zone; }; zone ads.specificpop.com { type master; file master/block-zone; }; zone ads.web.aol.com { type master; file master/block-zone; }; zone ads.x10.com { type master; file master/block-zone; }; zone advertising.com { type master; file master/block-zone; }; zone amazingmedia.com { type master; file master/block-zone; }; zone clickagents.com { type master; file master/block-zone; }; zone commission-junction.com { type master; file master/block-zone; }; zone doubleclick.net { type master; file master/block-zone; }; zone go2net.com { type master; file master/block-zone; }; zone infospace.com { type master; file master/block-zone; }; zone kcookie.netscape.com { type master; file master/block-zone; }; zone linksynergy.com { type master; file master/block-zone; }; zone msads.net { type master; file master/block-zone; }; zone qksrv.net { type master; file master/block-zone; }; zone yimg.com { type master; file master/block-zone; }; zone zedo.com { type master; file master/block-zone; }; zone adtech.de { type master; file master/block-zone; }; zone img.mediaplex.com { type master; file master/block-zone; }; zone msn.com { type master; file master/block-zone; }; zone kazaa.com { type master; file master/block-zone; }; zone messenger.hotmail.com { type master; file master/block-zone; }; zone msg.yahoo.com { type master; file master/block-zone; }; zone login.oscar.aol.com { type master; file master/block-zone; }; zone aimexpress.aol.com { type master; file master/block-zone; }; zone ru4.com { type master; file master/block-zone; }; zone poindextersystems.com { type master; file master/block-zone; }; $ cat /var/named/master/block-zone ; Zone file for block-zone ; http://www.deer-run.com/~hal/sysadmin/dns-advert.html ; http://www.holland-consulting.net/tech/imblock.html $TTL 7D ; client caching [RFC 1035] @ SOA ( your.ns ; master name server hostmaster ; zone maintainer's email [RFC 2142] 2007011800 ; serial, todays date + todays serial # 1D ; refresh 2H ; retry 5W ; expire 2D ); client negative caching [RFC 2308] A 127.0.0.1 NS your.ns * A 127.0.0.1 -- Craig Skinner | http://www.kepax.co.uk | [EMAIL PROTECTED]
Re: lookup option in /etc/resolv.conf ignored
On 10/13/07, David Vasek [EMAIL PROTECTED] wrote: The resolver.conf file is a configuration file for the resolver. What is the purpose of the host(1) command using it then, and following only a part of it and ignoring the rest? It's really messy. From the host(1) man page: server is an optional argument which is either the name or IP address of the name server that host should query instead of the server or servers listed in /etc/resolv.conf. host is a simple utility for performing DNS lookups. reading entries out of /etc/hosts is not performing DNS lookups.
lookup option in /etc/resolv.conf ignored
I want to make my OS return 127.0.0.1 on google-analytics.com and ad.doubleclick.net to speed up the work with Sourceforge. I put 127.0.0.1 google-analytics.com 127.0.0.1 ad.doubleclick.net into /etc/hosts and checked that /etc/resolv.conf contains lookup file bind According to man resolv.conf this should result in /etc/hosts having priority over the DNS system. However, it simply doesn't work. Both Firefox and the host command behave as if I didn't do anything. Why doesn't it work when man resolv.conf says it should? CL
Re: lookup option in /etc/resolv.conf ignored
On Sat, Oct 13, 2007 at 11:43:46AM +0200, Karel Kulhavy wrote: I want to make my OS return 127.0.0.1 on google-analytics.com and ad.doubleclick.net to speed up the work with Sourceforge. I put 127.0.0.1 google-analytics.com 127.0.0.1 ad.doubleclick.net into /etc/hosts and checked that /etc/resolv.conf contains lookup file bind According to man resolv.conf this should result in /etc/hosts having priority over the DNS system. However, it simply doesn't work. Both Firefox and the host command behave as if I didn't do anything. Why doesn't it work when man resolv.conf says it should? Because neither the host command nor firefox are using gethostbyname() and friends. So both do not look at /etc/hosts on the other hand most other apps like ping, telnet, ssh or nc are using gethostbyname() and therefor read /etc/hosts. -- :wq Claudio
Re: lookup option in /etc/resolv.conf ignored
On Sat, 13 Oct 2007 11:43:46 +0200, Karel Kulhavy wrote: I want to make my OS return 127.0.0.1 on google-analytics.com and ad.doubleclick.net to speed up the work with Sourceforge. I put 127.0.0.1 google-analytics.com 127.0.0.1 ad.doubleclick.net into /etc/hosts and checked that /etc/resolv.conf contains lookup file bind According to man resolv.conf this should result in /etc/hosts having priority over the DNS system. However, it simply doesn't work. Both Firefox and the host command behave as if I didn't do anything. Why doesn't it work when man resolv.conf says it should? CL Run dnsspoof on your firewall. Works like a charm. Part of the dsniff package. Includes a ready made hostfile that contains loads of the annoyances and you add your own. Does wildcard names too, like *.adserver.* Also resolves names for LAN hosts if you add them. Easy, but remember to pkill dnsspoof and restart it after any update to the spoofing config file. From the land down under: Australia. Do we look umop apisdn from up over?
Re: lookup option in /etc/resolv.conf ignored
On 2007/10/13 11:43, Karel Kulhavy wrote: According to man resolv.conf this should result in /etc/hosts having priority over the DNS system. However, it simply doesn't work. Both Firefox and the host command behave as if I didn't do anything. Why doesn't it work when man resolv.conf says it should? resolv.conf(5) is correct, The resolv.conf file specifies how the resolver(3) routines in the C li- brary (which provide access to the Internet Domain Name System) should operate. N.B. Not all software uses the resolver(3) routines. Software wanting more control of DNS queries (e.g. timeouts), more information about responses, or async lookup, avoids them. ping/ftp/telnet do use these routines so you can see the effect of the changes you made there. For Firefox, your choices could include adblock, running your own DNS cache and override these hosts with your own zones, or for a lightweight method (messy but it works quite well) you could try dnsspoof from the dsniff package.
Re: lookup option in /etc/resolv.conf ignored
Claudio Jeker wrote: Because neither the host command nor firefox are using gethostbyname() and friends. So both do not look at /etc/hosts on the other hand most other apps like ping, telnet, ssh or nc are using gethostbyname() and therefor read /etc/hosts. A DNS cache like DNSmasq would work for everything. It allows you to assign specific IPs to individual hosts: http://thekelleys.org.uk/dnsmasq/doc.html -Lars
Re: lookup option in /etc/resolv.conf ignored
On Sat, 13 Oct 2007, Stuart Henderson wrote: On 2007/10/13 11:43, Karel Kulhavy wrote: According to man resolv.conf this should result in /etc/hosts having priority over the DNS system. However, it simply doesn't work. Both Firefox and the host command behave as if I didn't do anything. Why doesn't it work when man resolv.conf says it should? resolv.conf(5) is correct, The resolv.conf file specifies how the resolver(3) routines in the C li- brary (which provide access to the Internet Domain Name System) should operate. N.B. Not all software uses the resolver(3) routines. Software wanting more control of DNS queries (e.g. timeouts), more information about responses, or async lookup, avoids them. The resolver.conf file is a configuration file for the resolver. What is the purpose of the host(1) command using it then, and following only a part of it and ignoring the rest? It's really messy. From the host(1) man page: server is an optional argument which is either the name or IP address of the name server that host should query instead of the server or servers listed in /etc/resolv.conf. Regards, David
Re: lookup option in /etc/resolv.conf ignored
On Oct 13, 2007, at 2:43 AM, Karel Kulhavy wrote: I want to make my OS return 127.0.0.1 on google-analytics.com and ad.doubleclick.net to speed up the work with Sourceforge. I put 127.0.0.1 google-analytics.com 127.0.0.1 ad.doubleclick.net into /etc/hosts and checked that /etc/resolv.conf contains lookup file bind According to man resolv.conf this should result in /etc/hosts having priority over the DNS system. However, it simply doesn't work. Both Firefox and the host command behave as if I didn't do anything. Host queries your DNS server. It has no concept of a /etc/hosts file. As for Firefox. I'd guess that it's not asking for either by those EXACT names. But you would have to do some troubleshooting to figure that out. Why doesn't it work when man resolv.conf says it should? CL
Re: lookup option in /etc/resolv.conf ignored
On 2007/10/13 11:43, Karel Kulhavy wrote: According to man resolv.conf this should result in /etc/hosts having priority over the DNS system. However, it simply doesn't work. Both Firefox and the host command behave as if I didn't do anything. Why doesn't it work when man resolv.conf says it should? Works for me; but then I use outdated software: OpenBSD 3.8. Are you sure your browser is asking for exactly that name, and not some name in those domains you specified? For those cases I simply add the domains with a wildcard to my local DNS server, e.g., named.conf: zone doubleclick.com { type master; file master/doubleclick.com; }; master/doubleclick.com: [[usual SOA]] ad.doubleclick.com. IN A 127.0.0.1 *.doubleclick.com. IN A 127.0.0.1