[CentOS] Re: OT: anything in CentOS 5.2 that uses opendns.com when browsing web?

Lanny Marcus lmmailinglists at gmail.com
Fri Jul 11 11:49:22 UTC 2008


On 7/11/08, William L. Maltby <CentOS4Bill at triad.rr.com> wrote:
<snip>
> Sshd is for incoming connections.
> You need to enable it on IPCop (using
> web interface is easiest). I also suggest using ssh keys instead of
> password *if* you want increased security. Paranoia level is the
> determining factor.

Paranoia level has me wanting to: (a) Be able to dig +trace and verify
that opendns.com is not in the loop; Preferably from both my Desktop
and from the ipcop box  (b) Be using Authoritative DNS servers at all
times, as dnscache does. (c) Avoid DNS Cache poisoning, if possible.
:-)

<http://en.wikipedia.org/wiki/DNS_cache_poisoning>

> You should not need to fron the trace (dig or nslookup from the IPCop
> box.

I cannot dig +trace from my Desktop, as me or as root and I also
cannot dig +trace from the ipcop box as of this time.

> [wild-bill at centos501 ~]$ dig +trace smtp-server.triad.rr.com
> ; <<>> DiG 9.3.4-P1 <<>> +trace smtp-server.triad.rr.com
> ;; global options:  printcmd
<snip results of Bill's dig +trace from his Desktop>

Here's what happens when I try that from my Desktop:

[lanny at dell2400 ~]$ dig +trace smtp-server.triad.rr.com

; <<>> DiG 9.3.4-P1 <<>> +trace smtp-server.triad.rr.com
;; global options:  printcmd
;; connection timed out; no servers could be reached
[lanny at dell2400 ~]$ su -
Password:
[root at dell2400 ~]# dig +trace smtp-server.triad.rr.com

; <<>> DiG 9.3.4-P1 <<>> +trace smtp-server.triad.rr.com
;; global options:  printcmd
;; connection timed out; no servers could be reached
[root at dell2400 ~]#

<snip>
Here's what happened, when I tried dig +trace from the ipcop box:
After SSH into ipcop.homelan I can dig gmail.com but I cannot dig
+trace gmail.com as Scott Silva did on his IPCop box.

root at ipcop:~ # dig +trace gmail.com

; <<>> DiG 9.4.0 <<>> +trace gmail.com
;; global options:  printcmd
;; connection timed out; no servers could be reached
root at ipcop:~ # dig gmail.com

; <<>> DiG 9.4.0 <<>> gmail.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26895
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 4, ADDITIONAL: 4

;; QUESTION SECTION:
;gmail.com.                     IN      A

;; ANSWER SECTION:
gmail.com.              55      IN      A       209.85.171.83
gmail.com.              55      IN      A       64.233.171.83
gmail.com.              55      IN      A       64.233.161.83

;; AUTHORITY SECTION:
gmail.com.              311436  IN      NS      ns1.google.com.
gmail.com.              311436  IN      NS      ns3.google.com.
gmail.com.              311436  IN      NS      ns2.google.com.
gmail.com.              311436  IN      NS      ns4.google.com.

;; ADDITIONAL SECTION:
ns4.google.com.         345468  IN      A       216.239.38.10
ns1.google.com.         345285  IN      A       216.239.32.10
ns2.google.com.         345383  IN      A       216.239.34.10
ns3.google.com.         341939  IN      A       216.239.36.10

;; Query time: 166 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Jul 11 06:18:17 2008
;; MSG SIZE  rcvd: 218

I need to get out of here now. Later, I will try this on our backup IPCop box.
I want to be able to ssh into the IPCop box, and make the change Scott
Silva suggested for the DNS Server, rather than using the IPCop web
interface / GUI, because I know that it is common for GUI's not to
work as advertised. If I screw up the backup IPCop box, I can continue
using the one we are now using and we will still be online until I get
this working the way I want it to.  :-)

I have the Firewall running in my Desktop, which possibly is a factor here.

I greatly appreciate the time and help of everyone in this mailing list!



More information about the CentOS mailing list