Re: [gentoo-user] [OT] Mysterious vanishing of DNS entry of www.youtube.com...was I hacked?
On Tue, Mar 10, 2015 at 07:16:12PM +0100, meino.cra...@gmx.de wrote Hi, the following happens some minutes before: I was searching on youtube for some reviews... and suddenly BOOM: Server not found: Unknow host I restarted firefox...which did not help. I did a ping traceroute to www.youtube.com from the commandline...same results... Wireshark shows the DNS query to my DSL modem... and the answer was that from above. I rebooted my Gentoo box...no help... The problem vanishes as I powercycled my DSL modem. Any other access was working the whole time. Was my DSL modem hacked? Does anyone else noticed a glithc in the matrix? I've seen similar problems with Youtube. Switching the DNS servers in /etc/resolv.conf seems to fix the problem every time. -- Walter Dnes waltd...@waltdnes.org I don't run desktop environments; I run useful applications
Re: [gentoo-user] [OT] Mysterious vanishing of DNS entry of www.youtube.com...was I hacked?
Am Dienstag, 10.03.2015 um 19:14 schrieb J. Roeleveld jo...@antarean.org: On 10 March 2015 19:16:12 CET, meino.cra...@gmx.de wrote: Hi, the following happens some minutes before: I was searching on youtube for some reviews... and suddenly BOOM: Server not found: Unknow host I restarted firefox...which did not help. I did a ping traceroute to www.youtube.com from the commandline...same results... Wireshark shows the DNS query to my DSL modem... and the answer was that from above. I rebooted my Gentoo box...no help... The problem vanishes as I powercycled my DSL modem. Any other access was working the whole time. Was my DSL modem hacked? Does anyone else noticed a glithc in the matrix? Best regards, mcc Most modems and routers have really bad DNS proxies. I tend to either run my own or use Googles DNS: 8.8.8.8 and 8.8.4.4 I don't like the idea that google is getting all information about my DNS queries. ;-) I usually prefer the DNS servers from my ISP as forwarding servers for my router (which has a proper working DNS proxy). These DNS servers are just a few hops away and therefore responding very fast. -- Regards wabe
Re: [gentoo-user] [OT] Mysterious vanishing of DNS entry of www.youtube.com...was I hacked?
Am Dienstag, 10.03.2015 um 18:10 schrieb Justin Findlay jfind...@gmail.com: On 03/10/2015 01:35 PM, waben...@gmail.com wrote: Most modems and routers have really bad DNS proxies. I tend to either run my own or use Googles DNS: 8.8.8.8 and 8.8.4.4 I don't like the idea that google is getting all information about my DNS queries. ;-) If you need a temporary public resolver and you don't want to send more info to google, you can use these public resolvers from Level 3: 4.2.2.1 4.2.2.2 4.2.2.3 4.2.2.4 You should normally use and know the DNS servers provided by the most local networks you're in. If any of these are untrustworthy or problematic, 4.2.2.2 should work well enough to get online to sort it out. Here is an interesting intro to the subject (be sure to also read the comments): http://www.circleid.com/posts/20110407_top_public_dns_resolvers_compared/ Justin THX for the info. I will take a look at it. -- Regards wabe
Re: [gentoo-user] [OT] Mysterious vanishing of DNS entry of www.youtube.com...was I hacked?
On Tuesday 10 March 2015 19:16:12 meino.cra...@gmx.de wrote: I rebooted my Gentoo box...no help... The problem vanishes as I powercycled my DSL modem. Any other access was working the whole time. Was my DSL modem hacked? Does anyone else noticed a glithc in the matrix? I think DSL modems must run Windows - they seem to need rebooting every now and then. I had to do so last week when various lookups failed, or needed several attempts. -- Rgds Peter.
Re: [gentoo-user] [OT] Mysterious vanishing of DNS entry of www.youtube.com...was I hacked?
The second argument to both host and nslookup, specifies the server to use for the lookup. So, you can compare the results of the DNS server specified in /etc/resolv.conf, with others like those mentioned above, eg host youtube.com 8.8.8.8 or nslookup youtube.com 4.2.2.4 However, youtube.com will no doubt be using global server load balancing, which means the DNS response will be based on the source IP address of the DNS request, so you can be directed to the closest youtube.com server(s). So, since you cant be sure the DNS results will be consistent across DNS servers, you can't use that to determine if you're being MITM'd. Mind you I don't think a non-targetted MITM would bother with someone's youtube traffic, but if your concerned about that just connect to youtube with https, so the certificate can be verified.
Re: [gentoo-user] [OT] Mysterious vanishing of DNS entry of www.youtube.com...was I hacked?
On Tue, 10 March 2015, at 6:16 pm, meino.cra...@gmx.de wrote: ... The problem vanishes as I powercycled my DSL modem. Was my DSL modem hacked? I think it's far more likely the router ran out of memory, a process hung or something. Perhaps other sites worked because they were cached. There's no way to debug it now, and replies can only be speculation. If it becomes a regular problem, I suggest you install OpenWRT, which will give you the tools you need for debugging it. Stroller.
[gentoo-user] [OT] Mysterious vanishing of DNS entry of www.youtube.com...was I hacked?
Hi, the following happens some minutes before: I was searching on youtube for some reviews... and suddenly BOOM: Server not found: Unknow host I restarted firefox...which did not help. I did a ping traceroute to www.youtube.com from the commandline...same results... Wireshark shows the DNS query to my DSL modem... and the answer was that from above. I rebooted my Gentoo box...no help... The problem vanishes as I powercycled my DSL modem. Any other access was working the whole time. Was my DSL modem hacked? Does anyone else noticed a glithc in the matrix? Best regards, mcc
Re: [gentoo-user] [OT] Mysterious vanishing of DNS entry of www.youtube.com...was I hacked?
Am Dienstag, 10.03.2015 um 19:16 schrieb meino.cra...@gmx.de: Hi, the following happens some minutes before: I was searching on youtube for some reviews... and suddenly BOOM: Server not found: Unknow host I restarted firefox...which did not help. I did a ping traceroute to www.youtube.com from the commandline...same results... Wireshark shows the DNS query to my DSL modem... and the answer was that from above. I rebooted my Gentoo box...no help... The problem vanishes as I powercycled my DSL modem. Any other access was working the whole time. Was my DSL modem hacked? Does anyone else noticed a glithc in the matrix? I'm using youtube only occasionally and last use was some days ago, so I don't know if there was something unusual today. When I do a nslookup www.youtube.com, I get a whole bunch of IP addresses. Maybe the DNS implementation on your DSL modem only cache the first one. If this IP then is not reachable for some reason, it would lead to an Unknow Host Error till the TTL of the cached entry is reached and the modem is doing the next lookup. But that's just a thought. Maybe your modem really was hacked. -- Regards wabe
Re: [gentoo-user] [OT] Mysterious vanishing of DNS entry of www.youtube.com...was I hacked?
On Tue, 10 Mar 2015 19:16:12 +0100 meino.cra...@gmx.de wrote: Hi, the following happens some minutes before: I was searching on youtube for some reviews... and suddenly BOOM: Server not found: Unknow host I restarted firefox...which did not help. I did a ping traceroute to www.youtube.com from the commandline...same results... Wireshark shows the DNS query to my DSL modem... and the answer was that from above. I rebooted my Gentoo box...no help... The problem vanishes as I powercycled my DSL modem. Any other access was working the whole time. Was my DSL modem hacked? Does anyone else noticed a glithc in the matrix? Best regards, mcc Today everyone can make a dsl router/modem, and ISPs when they give you equipment they want it to be cheap. I saw exactly the same problem on cheap dsl routers, I don't have enough knowledge to debug it, or to be sure if it is safe or not, it worked for months with no issues, no reboots ..., one day it stopped working/resolving hosts, and its dhcp server config doesn't allow forwarding of DNS servers from WAN configuration, or manually setting one which will be given to the dhcp clients, so there are two ways, it can work as a proxy (send its own IP as DNS server to clients), or it doesn't provide DNS, so you need manually to configure each client. If you restart the router, it works sometimes for few hours, sometimes few days, but it will fail again randomly. The only worrying thing is that it worked for months without an issue.
Re: [gentoo-user] [OT] Mysterious vanishing of DNS entry of www.youtube.com...was I hacked?
On 10 March 2015 19:16:12 CET, meino.cra...@gmx.de wrote: Hi, the following happens some minutes before: I was searching on youtube for some reviews... and suddenly BOOM: Server not found: Unknow host I restarted firefox...which did not help. I did a ping traceroute to www.youtube.com from the commandline...same results... Wireshark shows the DNS query to my DSL modem... and the answer was that from above. I rebooted my Gentoo box...no help... The problem vanishes as I powercycled my DSL modem. Any other access was working the whole time. Was my DSL modem hacked? Does anyone else noticed a glithc in the matrix? Best regards, mcc Most modems and routers have really bad DNS proxies. I tend to either run my own or use Googles DNS: 8.8.8.8 and 8.8.4.4 -- Joost -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
Re: [gentoo-user] [OT] Mysterious vanishing of DNS entry of www.youtube.com...was I hacked?
On 03/10/2015 01:35 PM, waben...@gmail.com wrote: Most modems and routers have really bad DNS proxies. I tend to either run my own or use Googles DNS: 8.8.8.8 and 8.8.4.4 I don't like the idea that google is getting all information about my DNS queries. ;-) If you need a temporary public resolver and you don't want to send more info to google, you can use these public resolvers from Level 3: 4.2.2.1 4.2.2.2 4.2.2.3 4.2.2.4 You should normally use and know the DNS servers provided by the most local networks you're in. If any of these are untrustworthy or problematic, 4.2.2.2 should work well enough to get online to sort it out. Here is an interesting intro to the subject (be sure to also read the comments): http://www.circleid.com/posts/20110407_top_public_dns_resolvers_compared/ Justin