Re: lookup option in /etc/resolv.conf ignored
Darrin Chandler wrote: > On Wed, Oct 24, 2007 at 11:46:34PM -0400, Brian wrote: >> Make sure you have restarted Firefox after making changes to >> /etc/resolv.conf. Specifically, the application-level DNS cache will >> contain old data if you have not restarted it. This bit me for 3 >> minutes straight after needing to redirect an address. > > I dislike Firefox's caching behavior. My nameservers cache just fine and > they are speedy enough by themselves. Firefox's cache is just another > level of expirations to go through. So I disable it completely. Here's > the cross-platform method, if you should wish to do so: > > In about:config, two new integer entried: > network.dnsCacheExpiration -> 0 > network.dnsCacheEntries -> 0 DNS caching in browsers is (was) meant to provide 'DNS pinning' in order to prevent malicious sites from bypassing browser 'same domain' policy when accessing other/internal servers. Since there are several ways to bypass this protection [1] perhaps it is not that critical to disable it. It is good to be aware of the implications though. Can [1] http://crypto.stanford.edu/dns/
Re: lookup option in /etc/resolv.conf ignored
On Wed, Oct 24, 2007 at 11:46:34PM -0400, Brian wrote: > Make sure you have restarted Firefox after making changes to > /etc/resolv.conf. Specifically, the application-level DNS cache will > contain old data if you have not restarted it. This bit me for 3 > minutes straight after needing to redirect an address. I dislike Firefox's caching behavior. My nameservers cache just fine and they are speedy enough by themselves. Firefox's cache is just another level of expirations to go through. So I disable it completely. Here's the cross-platform method, if you should wish to do so: In about:config, two new integer entried: network.dnsCacheExpiration-> 0 network.dnsCacheEntries -> 0 -- Darrin Chandler| Phoenix BSD User Group | MetaBUG [EMAIL PROTECTED] | http://phxbug.org/ | http://metabug.org/ http://www.stilyagin.com/ | Daemons in the Desert | Global BUG Federation
Re: lookup option in /etc/resolv.conf ignored
Make sure you have restarted Firefox after making changes to /etc/resolv.conf. Specifically, the application-level DNS cache will contain old data if you have not restarted it. This bit me for 3 minutes straight after needing to redirect an address. Karel Kulhavy wrote: > I want to make my OS return 127.0.0.1 on google-analytics.com and > ad.doubleclick.net to speed up the work with Sourceforge. > > I put > 127.0.0.1 google-analytics.com > 127.0.0.1 ad.doubleclick.net > into /etc/hosts > > and checked that /etc/resolv.conf contains > lookup file bind > > According to man resolv.conf this should result in /etc/hosts having priority > over the DNS system. However, it simply doesn't work. Both Firefox and the > "host" command behave as if I didn't do anything. > > Why doesn't it work when man resolv.conf says it should? > > CL< [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: lookup option in /etc/resolv.conf ignored
On Sat, Oct 13, 2007 at 10:16:10PM -0700, Claus Assmann wrote: > Are you sure your browser is asking for exactly that name, and not > some name in those domains you specified? For those cases I simply > add the domains with a wildcard to my local DNS server, e.g., > > named.conf: > zone "doubleclick.com" { > type master; > file "master/doubleclick.com"; > }; > > master/doubleclick.com: > [[usual SOA]] > ad.doubleclick.com. IN A 127.0.0.1 > *.doubleclick.com. IN A 127.0.0.1 > You can simplify the above a bit for lots of domains: zone "adimages.go.com" { type master; file "master/block-zone"; }; zone "admonitor.net" { type master; file "master/block-zone"; }; zone "ads.specificpop.com" { type master; file "master/block-zone"; }; zone "ads.web.aol.com" { type master; file "master/block-zone"; }; zone "ads.x10.com" { type master; file "master/block-zone"; }; zone "advertising.com" { type master; file "master/block-zone"; }; zone "amazingmedia.com" { type master; file "master/block-zone"; }; zone "clickagents.com" { type master; file "master/block-zone"; }; zone "commission-junction.com" { type master; file "master/block-zone"; }; zone "doubleclick.net" { type master; file "master/block-zone"; }; zone "go2net.com" { type master; file "master/block-zone"; }; zone "infospace.com" { type master; file "master/block-zone"; }; zone "kcookie.netscape.com" { type master; file "master/block-zone"; }; zone "linksynergy.com" { type master; file "master/block-zone"; }; zone "msads.net" { type master; file "master/block-zone"; }; zone "qksrv.net" { type master; file "master/block-zone"; }; zone "yimg.com" { type master; file "master/block-zone"; }; zone "zedo.com" { type master; file "master/block-zone"; }; zone "adtech.de" { type master; file "master/block-zone"; }; zone "img.mediaplex.com" { type master; file "master/block-zone"; }; zone "msn.com" { type master; file "master/block-zone"; }; zone "kazaa.com" { type master; file "master/block-zone"; }; zone "messenger.hotmail.com" { type master; file "master/block-zone"; }; zone "msg.yahoo.com" { type master; file "master/block-zone"; }; zone "login.oscar.aol.com" { type master; file "master/block-zone"; }; zone "aimexpress.aol.com" { type master; file "master/block-zone"; }; zone "ru4.com" { type master; file "master/block-zone"; }; zone "poindextersystems.com" { type master; file "master/block-zone"; }; $ cat /var/named/master/block-zone ; Zone file for block-zone ; http://www.deer-run.com/~hal/sysadmin/dns-advert.html ; http://www.holland-consulting.net/tech/imblock.html $TTL 7D ; client caching [RFC 1035] @ SOA ( your.ns ; master name server hostmaster ; zone maintainer's email [RFC 2142] 2007011800 ; serial, todays date + todays serial # 1D ; refresh 2H ; retry 5W ; expire 2D ); client negative caching [RFC 2308] A 127.0.0.1 NS your.ns * A 127.0.0.1 -- Craig Skinner | http://www.kepax.co.uk | [EMAIL PROTECTED]
Re: lookup option in /etc/resolv.conf ignored
On 10/13/07, David Vasek <[EMAIL PROTECTED]> wrote: > The resolver.conf file is a configuration file for the resolver. What is > the purpose of the host(1) command using it then, and following only a > part of it and ignoring the rest? It's really messy. > > From the host(1) man page: > "server is an optional argument which is either the name or IP address of > the name server that host should query instead of the server or servers > listed in /etc/resolv.conf." "host is a simple utility for performing DNS lookups." reading entries out of /etc/hosts is not performing DNS lookups.
Re: lookup option in /etc/resolv.conf ignored
>On 2007/10/13 11:43, Karel Kulhavy wrote: > According to man resolv.conf this should result in /etc/hosts having > priority > over the DNS system. However, it simply doesn't work. Both Firefox and the > "host" command behave as if I didn't do anything. > > Why doesn't it work when man resolv.conf says it should? Works for me; but then I use "outdated" software: OpenBSD 3.8. Are you sure your browser is asking for exactly that name, and not some name in those domains you specified? For those cases I simply add the domains with a wildcard to my local DNS server, e.g., named.conf: zone "doubleclick.com" { type master; file "master/doubleclick.com"; }; master/doubleclick.com: [[usual SOA]] ad.doubleclick.com. IN A 127.0.0.1 *.doubleclick.com. IN A 127.0.0.1
Re: lookup option in /etc/resolv.conf ignored
On Oct 13, 2007, at 2:43 AM, Karel Kulhavy wrote: I want to make my OS return 127.0.0.1 on google-analytics.com and ad.doubleclick.net to speed up the work with Sourceforge. I put 127.0.0.1 google-analytics.com 127.0.0.1 ad.doubleclick.net into /etc/hosts and checked that /etc/resolv.conf contains lookup file bind According to man resolv.conf this should result in /etc/hosts having priority over the DNS system. However, it simply doesn't work. Both Firefox and the "host" command behave as if I didn't do anything. Host queries your DNS server. It has no concept of a /etc/hosts file. As for Firefox. I'd guess that it's not asking for either by those EXACT names. But you would have to do some troubleshooting to figure that out. Why doesn't it work when man resolv.conf says it should? CL<
Re: lookup option in /etc/resolv.conf ignored
On Sat, 13 Oct 2007, Stuart Henderson wrote: On 2007/10/13 11:43, Karel Kulhavy wrote: According to man resolv.conf this should result in /etc/hosts having priority over the DNS system. However, it simply doesn't work. Both Firefox and the "host" command behave as if I didn't do anything. Why doesn't it work when man resolv.conf says it should? resolv.conf(5) is correct, The resolv.conf file specifies how the resolver(3) routines in the C li- brary (which provide access to the Internet Domain Name System) should operate. N.B. Not all software uses the resolver(3) routines. Software wanting more control of DNS queries (e.g. timeouts), more information about responses, or async lookup, avoids them. The resolver.conf file is a configuration file for the resolver. What is the purpose of the host(1) command using it then, and following only a part of it and ignoring the rest? It's really messy. From the host(1) man page: "server is an optional argument which is either the name or IP address of the name server that host should query instead of the server or servers listed in /etc/resolv.conf." Regards, David
Re: lookup option in /etc/resolv.conf ignored
Claudio Jeker wrote: > Because neither the host command nor firefox are using gethostbyname() and > friends. So both do not look at /etc/hosts on the other hand most other > apps like ping, telnet, ssh or nc are using gethostbyname() and therefor > read /etc/hosts. A DNS cache like DNSmasq would work for everything. It allows you to assign specific IPs to individual hosts: http://thekelleys.org.uk/dnsmasq/doc.html -Lars
Re: lookup option in /etc/resolv.conf ignored
On 2007/10/13 11:43, Karel Kulhavy wrote: > According to man resolv.conf this should result in /etc/hosts having priority > over the DNS system. However, it simply doesn't work. Both Firefox and the > "host" command behave as if I didn't do anything. > > Why doesn't it work when man resolv.conf says it should? resolv.conf(5) is correct, The resolv.conf file specifies how the resolver(3) routines in the C li- brary (which provide access to the Internet Domain Name System) should operate. N.B. Not all software uses the resolver(3) routines. Software wanting more control of DNS queries (e.g. timeouts), more information about responses, or async lookup, avoids them. ping/ftp/telnet do use these routines so you can see the effect of the changes you made there. For Firefox, your choices could include adblock, running your own DNS cache and override these hosts with your own zones, or for a lightweight method (messy but it works quite well) you could try dnsspoof from the dsniff package.
Re: lookup option in /etc/resolv.conf ignored
On Sat, 13 Oct 2007 11:43:46 +0200, Karel Kulhavy wrote: >I want to make my OS return 127.0.0.1 on google-analytics.com and >ad.doubleclick.net to speed up the work with Sourceforge. > >I put >127.0.0.1 google-analytics.com >127.0.0.1 ad.doubleclick.net >into /etc/hosts > >and checked that /etc/resolv.conf contains >lookup file bind > >According to man resolv.conf this should result in /etc/hosts having priority >over the DNS system. However, it simply doesn't work. Both Firefox and the >"host" command behave as if I didn't do anything. > >Why doesn't it work when man resolv.conf says it should? > >CL< Run dnsspoof on your firewall. Works like a charm. Part of the dsniff package. Includes a ready made hostfile that contains loads of the annoyances and you add your own. Does wildcard names too, like *.adserver.* Also resolves names for LAN hosts if you add them. Easy, but remember to pkill dnsspoof and restart it after any update to the spoofing config file. >From the land "down under": Australia. Do we look from up over?
Re: lookup option in /etc/resolv.conf ignored
On Sat, Oct 13, 2007 at 11:43:46AM +0200, Karel Kulhavy wrote: > I want to make my OS return 127.0.0.1 on google-analytics.com and > ad.doubleclick.net to speed up the work with Sourceforge. > > I put > 127.0.0.1 google-analytics.com > 127.0.0.1 ad.doubleclick.net > into /etc/hosts > > and checked that /etc/resolv.conf contains > lookup file bind > > According to man resolv.conf this should result in /etc/hosts having priority > over the DNS system. However, it simply doesn't work. Both Firefox and the > "host" command behave as if I didn't do anything. > > Why doesn't it work when man resolv.conf says it should? > Because neither the host command nor firefox are using gethostbyname() and friends. So both do not look at /etc/hosts on the other hand most other apps like ping, telnet, ssh or nc are using gethostbyname() and therefor read /etc/hosts. -- :wq Claudio
lookup option in /etc/resolv.conf ignored
I want to make my OS return 127.0.0.1 on google-analytics.com and ad.doubleclick.net to speed up the work with Sourceforge. I put 127.0.0.1 google-analytics.com 127.0.0.1 ad.doubleclick.net into /etc/hosts and checked that /etc/resolv.conf contains lookup file bind According to man resolv.conf this should result in /etc/hosts having priority over the DNS system. However, it simply doesn't work. Both Firefox and the "host" command behave as if I didn't do anything. Why doesn't it work when man resolv.conf says it should? CL<