Re: lookup option in /etc/resolv.conf ignored

[Can Erkin Acar]

Darrin Chandler wrote:
 On Wed, Oct 24, 2007 at 11:46:34PM -0400, Brian wrote:
 Make sure you have restarted Firefox after making changes to
 /etc/resolv.conf.  Specifically, the application-level DNS cache will
 contain old data if you have not restarted it.  This bit me for 3
 minutes straight after needing to redirect an address.
 
 I dislike Firefox's caching behavior. My nameservers cache just fine and
 they are speedy enough by themselves. Firefox's cache is just another
 level of expirations to go through. So I disable it completely. Here's
 the cross-platform method, if you should wish to do so:
 
 In about:config, two new integer entried:
   network.dnsCacheExpiration  - 0
   network.dnsCacheEntries - 0

DNS caching in browsers is (was) meant to provide 'DNS pinning'
in order to prevent malicious sites from bypassing browser
'same domain' policy when accessing other/internal servers.

Since there are several ways to bypass this protection [1]
perhaps it is not that critical to disable it. It is good to
be aware of the implications though.

Can


[1] http://crypto.stanford.edu/dns/

Re: lookup option in /etc/resolv.conf ignored

[Brian]

Make sure you have restarted Firefox after making changes to
/etc/resolv.conf.  Specifically, the application-level DNS cache will
contain old data if you have not restarted it.  This bit me for 3
minutes straight after needing to redirect an address.

Karel Kulhavy wrote:
 I want to make my OS return 127.0.0.1 on google-analytics.com and
 ad.doubleclick.net to speed up the work with Sourceforge.

 I put
 127.0.0.1 google-analytics.com
 127.0.0.1 ad.doubleclick.net
 into /etc/hosts

 and checked that /etc/resolv.conf contains
 lookup file bind

 According to man resolv.conf this should result in /etc/hosts having
priority
 over the DNS system. However, it simply doesn't work. Both Firefox and the
 host command behave as if I didn't do anything.

 Why doesn't it work when man resolv.conf says it should?

 CL

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

Re: lookup option in /etc/resolv.conf ignored

[Darrin Chandler]

On Wed, Oct 24, 2007 at 11:46:34PM -0400, Brian wrote:
 Make sure you have restarted Firefox after making changes to
 /etc/resolv.conf.  Specifically, the application-level DNS cache will
 contain old data if you have not restarted it.  This bit me for 3
 minutes straight after needing to redirect an address.

I dislike Firefox's caching behavior. My nameservers cache just fine and
they are speedy enough by themselves. Firefox's cache is just another
level of expirations to go through. So I disable it completely. Here's
the cross-platform method, if you should wish to do so:

In about:config, two new integer entried:
  network.dnsCacheExpiration- 0
  network.dnsCacheEntries   - 0

-- 
Darrin Chandler|  Phoenix BSD User Group  |  MetaBUG
[EMAIL PROTECTED]   |  http://phxbug.org/  |  http://metabug.org/
http://www.stilyagin.com/  |  Daemons in the Desert   |  Global BUG Federation

Re: lookup option in /etc/resolv.conf ignored

[Craig Skinner]

On Sat, Oct 13, 2007 at 10:16:10PM -0700, Claus Assmann wrote:
 Are you sure your browser is asking for exactly that name, and not
 some name in those domains you specified?  For those cases I simply
 add the domains with a wildcard to my local DNS server, e.g.,
 
 named.conf:
 zone doubleclick.com {
 type master;
 file master/doubleclick.com;
 };
 
 master/doubleclick.com:
 [[usual SOA]]
 ad.doubleclick.com. IN  A   127.0.0.1
 *.doubleclick.com.  IN  A   127.0.0.1
 

You can simplify the above a bit for lots of domains:

zone adimages.go.com { type master; file master/block-zone; };
zone admonitor.net { type master; file master/block-zone; };
zone ads.specificpop.com { type master; file master/block-zone; };
zone ads.web.aol.com { type master; file master/block-zone; };
zone ads.x10.com { type master; file master/block-zone; };
zone advertising.com { type master; file master/block-zone; };
zone amazingmedia.com { type master; file master/block-zone; };
zone clickagents.com { type master; file master/block-zone; };
zone commission-junction.com { type master; file master/block-zone; };
zone doubleclick.net { type master; file master/block-zone; };
zone go2net.com { type master; file master/block-zone; };
zone infospace.com { type master; file master/block-zone; };
zone kcookie.netscape.com { type master; file master/block-zone; };
zone linksynergy.com { type master; file master/block-zone; };
zone msads.net { type master; file master/block-zone; };
zone qksrv.net { type master; file master/block-zone; };
zone yimg.com { type master; file master/block-zone; };
zone zedo.com { type master; file master/block-zone; };
zone adtech.de { type master; file master/block-zone; };
zone img.mediaplex.com { type master; file master/block-zone; };
zone msn.com { type master; file master/block-zone; };
zone kazaa.com { type master; file master/block-zone; };
zone messenger.hotmail.com { type master; file master/block-zone; };
zone msg.yahoo.com { type master; file master/block-zone; };
zone login.oscar.aol.com { type master; file master/block-zone; };
zone aimexpress.aol.com { type master; file master/block-zone; };
zone ru4.com { type master; file master/block-zone; };
zone poindextersystems.com { type master; file master/block-zone; };



$ cat /var/named/master/block-zone

; Zone file for block-zone
; http://www.deer-run.com/~hal/sysadmin/dns-advert.html
; http://www.holland-consulting.net/tech/imblock.html

$TTL 7D ; client caching [RFC 1035]

@   SOA (
your.ns ; master name server
hostmaster  ; zone maintainer's email [RFC 2142]
2007011800  ; serial, todays date + todays serial #
1D  ; refresh
2H  ; retry
5W  ; expire
2D ); client negative caching [RFC 2308]

A   127.0.0.1

NS  your.ns

*   A   127.0.0.1



-- 
Craig Skinner | http://www.kepax.co.uk | [EMAIL PROTECTED]

Re: lookup option in /etc/resolv.conf ignored

[Ted Unangst]

On 10/13/07, David Vasek [EMAIL PROTECTED] wrote:
 The resolver.conf file is a configuration file for the resolver. What is
 the purpose of the host(1) command using it then, and following only a
 part of it and ignoring the rest? It's really messy.

 From the host(1) man page:
 server is an optional argument which is either the name or IP address of
 the name server that host should query instead of the server or servers
 listed in /etc/resolv.conf.

host is a simple utility for performing DNS lookups.

reading entries out of /etc/hosts is not performing DNS lookups.

lookup option in /etc/resolv.conf ignored

[Karel Kulhavy]

I want to make my OS return 127.0.0.1 on google-analytics.com and
ad.doubleclick.net to speed up the work with Sourceforge.

I put 
127.0.0.1 google-analytics.com
127.0.0.1 ad.doubleclick.net
into /etc/hosts

and checked that /etc/resolv.conf contains
lookup file bind

According to man resolv.conf this should result in /etc/hosts having priority
over the DNS system. However, it simply doesn't work. Both Firefox and the
host command behave as if I didn't do anything.

Why doesn't it work when man resolv.conf says it should?

CL

Re: lookup option in /etc/resolv.conf ignored

[Claudio Jeker]

On Sat, Oct 13, 2007 at 11:43:46AM +0200, Karel Kulhavy wrote:
 I want to make my OS return 127.0.0.1 on google-analytics.com and
 ad.doubleclick.net to speed up the work with Sourceforge.
 
 I put 
 127.0.0.1 google-analytics.com
 127.0.0.1 ad.doubleclick.net
 into /etc/hosts
 
 and checked that /etc/resolv.conf contains
 lookup file bind
 
 According to man resolv.conf this should result in /etc/hosts having priority
 over the DNS system. However, it simply doesn't work. Both Firefox and the
 host command behave as if I didn't do anything.
 
 Why doesn't it work when man resolv.conf says it should?
 

Because neither the host command nor firefox are using gethostbyname() and
friends. So both do not look at /etc/hosts on the other hand most other
apps like ping, telnet, ssh or nc are using gethostbyname() and therefor
read /etc/hosts.

-- 
:wq Claudio

Re: lookup option in /etc/resolv.conf ignored

[RW]

On Sat, 13 Oct 2007 11:43:46 +0200, Karel Kulhavy wrote:

I want to make my OS return 127.0.0.1 on google-analytics.com and
ad.doubleclick.net to speed up the work with Sourceforge.

I put 
127.0.0.1 google-analytics.com
127.0.0.1 ad.doubleclick.net
into /etc/hosts

and checked that /etc/resolv.conf contains
lookup file bind

According to man resolv.conf this should result in /etc/hosts having priority
over the DNS system. However, it simply doesn't work. Both Firefox and the
host command behave as if I didn't do anything.

Why doesn't it work when man resolv.conf says it should?

CL

Run dnsspoof on your firewall. Works like a charm. Part of the dsniff
package. Includes a ready made hostfile that contains loads of the
annoyances and you add your own. Does wildcard names too, like
*.adserver.* 

 Also resolves names for LAN hosts if you add them.

Easy, but remember to pkill dnsspoof and restart it after any update to
the spoofing config file.




From the land down under: Australia.
Do we look umop apisdn from up over?

Re: lookup option in /etc/resolv.conf ignored

[Stuart Henderson]

On 2007/10/13 11:43, Karel Kulhavy wrote:
 According to man resolv.conf this should result in /etc/hosts having priority
 over the DNS system. However, it simply doesn't work. Both Firefox and the
 host command behave as if I didn't do anything.
 
 Why doesn't it work when man resolv.conf says it should?

resolv.conf(5) is correct,

 The resolv.conf file specifies how the resolver(3) routines in the C li-
 brary (which provide access to the Internet Domain Name System) should
 operate. 

N.B. Not all software uses the resolver(3) routines. Software wanting
more control of DNS queries (e.g. timeouts), more information about
responses, or async lookup, avoids them.

ping/ftp/telnet do use these routines so you can see the effect of
the changes you made there.

For Firefox, your choices could include adblock, running your own DNS
cache and override these hosts with your own zones, or for a lightweight
method (messy but it works quite well) you could try dnsspoof from
the dsniff package.

Re: lookup option in /etc/resolv.conf ignored

[Lars Noodén]

Claudio Jeker wrote:

 Because neither the host command nor firefox are using gethostbyname() and
 friends. So both do not look at /etc/hosts on the other hand most other
 apps like ping, telnet, ssh or nc are using gethostbyname() and therefor
 read /etc/hosts.

A  DNS cache like DNSmasq would work for everything.  It allows you to
assign specific IPs to individual hosts:
  http://thekelleys.org.uk/dnsmasq/doc.html

-Lars

Re: lookup option in /etc/resolv.conf ignored

[David Vasek]

On Sat, 13 Oct 2007, Stuart Henderson wrote:


On 2007/10/13 11:43, Karel Kulhavy wrote:

According to man resolv.conf this should result in /etc/hosts having priority
over the DNS system. However, it simply doesn't work. Both Firefox and the
host command behave as if I didn't do anything.

Why doesn't it work when man resolv.conf says it should?


resolv.conf(5) is correct,

The resolv.conf file specifies how the resolver(3) routines in the C li-
brary (which provide access to the Internet Domain Name System) should
operate.

N.B. Not all software uses the resolver(3) routines. Software wanting
more control of DNS queries (e.g. timeouts), more information about
responses, or async lookup, avoids them.


The resolver.conf file is a configuration file for the resolver. What is 
the purpose of the host(1) command using it then, and following only a 
part of it and ignoring the rest? It's really messy.



From the host(1) man page:

server is an optional argument which is either the name or IP address of
the name server that host should query instead of the server or servers
listed in /etc/resolv.conf.

Regards,
David

Re: lookup option in /etc/resolv.conf ignored

[Ray Percival]

On Oct 13, 2007, at 2:43 AM, Karel Kulhavy wrote:


I want to make my OS return 127.0.0.1 on google-analytics.com and
ad.doubleclick.net to speed up the work with Sourceforge.

I put
127.0.0.1 google-analytics.com
127.0.0.1 ad.doubleclick.net
into /etc/hosts

and checked that /etc/resolv.conf contains
lookup file bind

According to man resolv.conf this should result in /etc/hosts  
having priority
over the DNS system. However, it simply doesn't work. Both Firefox  
and the

host command behave as if I didn't do anything.


Host queries your DNS server. It has no concept of a /etc/hosts file.  
As for Firefox. I'd guess that it's not asking for either by those  
EXACT names. But you would have to do some troubleshooting to figure  
that out.


Why doesn't it work when man resolv.conf says it should?

CL

Re: lookup option in /etc/resolv.conf ignored

[Claus Assmann]

On 2007/10/13 11:43, Karel Kulhavy wrote:
 According to man resolv.conf this should result in /etc/hosts having 
 priority
 over the DNS system. However, it simply doesn't work. Both Firefox and the
 host command behave as if I didn't do anything.

 Why doesn't it work when man resolv.conf says it should?

Works for me; but then I use outdated software: OpenBSD 3.8.

Are you sure your browser is asking for exactly that name, and not
some name in those domains you specified?  For those cases I simply
add the domains with a wildcard to my local DNS server, e.g.,

named.conf:
zone doubleclick.com {
type master;
file master/doubleclick.com;
};

master/doubleclick.com:
[[usual SOA]]
ad.doubleclick.com. IN  A   127.0.0.1
*.doubleclick.com.  IN  A   127.0.0.1