Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Thank you for the help. Sorry, but I am still learning all of this. It's kind of a crash course of networking and learning what everything does. All I am going off of is what I learn on YouTube and a few message boards like this one. I learn best by just getting in there and doing it
If I remember correctly, I didn't "install" openDNS. I believe I just pointed to their DNS servers. I know there are better terms I can be using, I am sorry for being so wet behind the ears with all of this. I appreciate you guys taking the time to help me out and help me understand what everything means and does. That's the important part to me. Any moron (like me) can type commands someone else is feeding him, but I want to learn what I am doing and why, it's the only way I will retain the information.
Again, thanks for the help!
My pleasure.
I just learned of OpenDNS in this thread. I don't see how that's useful to me, personally, but I can see that having that kind of filtering could be useful in home situations.
I did have to change my home DNS to Cox's unfiltered servers many moons ago. Their default servers do some filtering...I don't recall why or what. As I say, it was many moons ago.
On the production box, I resolve with the datacenter's resolving servers...any problems are a phone call away.
Distribution: Mint 18.3 Cinnamon, Gallium, Ubuntu Armbian (headless), Arch (learning)
Posts: 138
Original Poster
Rep:
Quote:
Originally Posted by MensaWater
Sorry typo. The command should be "lsof -i :53" but you figured tthat out. Since it returned nothing it means your local server is NOT LISTENing on that port meaning you're not running BIND even if you have it installed.
Your dig commands show you CAN reach the OpenDNS name servers.
I was suggesting you could edit /etc/resolv.conf to add the two OpenDNS servers. Since you're not LISTENing locally you could also remove the existing 127.x.x.x entry as that would be for local DNS port (53). However, I also suggested you type "man 8 resolvconf" to see what that man page has to say given that your existing resolv.conf says NOT to edit it.
Got ya (I think)-
We are trying to see how to 'safely' edit the resolv.conf. When we find out, I will comment out [or] delete the 127.0.2.1 entry and then add nameserver 208.67.222.222 & nameserver 208.67.220.220.
The 8 resolvconf-
Code:
DESCRIPTION
The resolvconf package comprises a simple database for run-time name‐
server information and a simple framework for notifying applications of
changes in that information. Resolvconf thus sets itself up as the
intermediary between programs that supply nameserver information and
applications that use that information.
Information is added to or removed from the database using the resolv‐
conf program. See the OPTIONS section below for a discussion of the
available options.
SUPPLIERS OF NAMESERVER INFORMATION
Normally the resolvconf program is run only by network interface con‐
figuration programs such as ifup(8), ifdown, NetworkManager(8),
dhclient(8), and pppd(8); and by local nameservers such as dnsmasq(8).
These programs obtain nameserver information from some source and push
it to resolvconf.
dhclient
The dhclient program, for example, may receive nameserver addresses and
domain search list information during its negotiation with the DHCP
server; if so, its hook script /etc/dhcp/dhclient-enter-hooks.d/resolv‐
conf pushes this information to resolvconf.
ifup
The ifup program can be used to configure network interfaces according
to settings in /etc/network/interfaces. To make ifup push nameserver
information to resolvconf when it configures an interface the adminis‐
trator must add dns- option lines to the relevant iface stanza in
interfaces(5). The following option names are accepted: dns-name‐
server, dns-search, and dns-sortlist.
To add a nameserver IP address, add an option line consisting of
dns-nameserver and the address. To add multiple nameserver addresses,
include multiple such dns-nameserver lines.
dns-nameserver 192.168.1.254
dns-nameserver 8.8.8.8
To add search domain names, add a line beginning with dns-search.
dns-search foo.org bar.com
The dns-nameservers option is also accepted and, unlike dns-nameserver,
can be given multiple arguments, separated by spaces.
The dns-domain option is deprecated in favor of dns-search.
The resulting stanza might look like the following example.
iface eth0 inet static
address 192.168.1.3
netmask 255.255.255.0
gateway 192.168.1.1
dns-nameserver 192.168.1.254
dns-nameserver 8.8.8.8
dns-search foo.org bar.com
N.B.: On a machine where resolvconf has just been or is about to be
installed and which previously relied on a static /etc/resolv.conf
file,
· the nameserver information in that static file, (which is to say
the information on nameserver, domain, search and sortlist
lines) should be migrated to the appropriate iface stanza(s) in
/etc/network/interfaces(5) as just described;
· options (which is to say, any options lines) should be migrated
to /etc/resolvconf/resolv.conf.d/base.
Command line
The administrator can run resolvconf from the command line to add or
delete nameserver information, but this is not normally necessary or
advisable.
The manual goes on, but this looked to be the important stuff regarding editing the conf file.... (I think).....
We are trying to see how to 'safely' edit the resolv.conf. When we find out, I will comment out [or] delete the 127.0.2.1 entry and then add nameserver 208.67.222.222 & nameserver 208.67.220.220
On Mint, I do the following:
gksudo xed /etc/resolvconf/resolv.conf.d/head to add (ignore warning):
The Linux I use doesn't have resolvconf command. Based on what you wrote it appears you could do "grep dns-nameserver /etc/network/interfaces" to see if it contains the 127.x.x.x line you see in /etc/resolv.conf. You could then replace that line with dns-nameserver lines for the 2 OpenDNS servers.
However, you can likely test your resolv.conf change directly before doing that:
cd /etc
cp -p resolv.conf resolv.conf.YYYYMMDD
vi resolv.conf (or your favorite editor - change the lines to add the two OpenDNS nameservers).
Do your "dig craigslist.com" from command line after the edit. Without specifying DNS server to use in dig it will use the ones specified in resolv.conf.
You can backout simply by copying the resolv.conf.YYYYMMDD back over resolv.conf so it reverts to original settings.
You'd need to update /etc/network/interfaces so it adds the same servers back to resolv.conf on restart of networking (e.g. after a reboot).
cd /etc
cp -p resolv.conf resolv.conf.YYYYMMDD
vi resolv.conf (or your favorite editor - change the lines to add the two OpenDNS nameservers).
It did not accept the changes when I restarted the network.
I do, however, still show the 127.0.2.1
Code:
mint18@mint18 ~ $ cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 208.67.222.222
nameserver 208.67.220.220
nameserver 127.0.2.1
And ***IF*** I understand the dig correctly, craigslist.com ip address is 146.112.61.106 and it made the connection to craigslist.com on DNS server 208.67.222.222 on port 53.
Hopefully I am starting to understand what is going on.
When I tried
cd /etc
cp -p resolv.conf resolv.conf.YYYYMMDD
vi resolv.conf (or your favorite editor - change the lines to add the two OpenDNS nameservers).
It did not accept the changes when I restarted the network.
Right. I said it should work UNTIL you restarted networking:
Quote:
You'd need to update /etc/network/interfaces so it adds the same servers back to resolv.conf on restart of networking (e.g. after a reboot).
The idea was to do a test by doing direct edit without restarting networking.
Anyway you got it to work.
My guess as to why you still have the 127.x.x.x entry is that it is in file /etc/resolvconf/resolv.conf.d/head. You could probably edit that to remove it then rerun the resolvconf -u. You probably want to remove it as there is a delay between checking nameservers and it checks them in the order found in resolv.conf until it finds the answer.
Distribution: Mint 18.3 Cinnamon, Gallium, Ubuntu Armbian (headless), Arch (learning)
Posts: 138
Original Poster
Rep:
Quote:
Originally Posted by MensaWater
Right. I said it should work UNTIL you restarted networking:
The idea was to do a test by doing direct edit without restarting networking.
Anyway you got it to work.
My guess as to why you still have the 127.x.x.x entry is that it is in file /etc/resolvconf/resolv.conf.d/head. You could probably edit that to remove it then rerun the resolvconf -u. You probably want to remove it as there is a delay between checking nameservers and it checks them in the order found in resolv.conf until it finds the answer.
Sorry about that! I must of glossed over the instructions as running that as a test.
As far as the 127.x.x.x goes, it is not in the head file. Only the two DNS addresses that we added are in it.
Code:
mint18@mint18 ~ $ cat /etc/resolvconf/resolv.conf.d/head
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 208.67.222.222
nameserver 208.67.220.220
My guess as to why you still have the 127.x.x.x entry is that it is in file /etc/resolvconf/resolv.conf.d/head. You could probably edit that to remove it then rerun the resolvconf -u. You probably want to remove it as there is a delay between checking nameservers and it checks them in the order found in resolv.conf until it finds the answer.
That's not how it works. Once a server has responded with something other than a server error, no further servers are queried. Note that NXDOMAIN (No such domain) is not an error in that context. That is the answer.
Thank you for the link. I read over the posts and am thinking about it. What's the advantage of getting the 127.x.x.x out of there? I like having everything clean and clutter free, but is that all I am accomplishing?
Thank you for the link. I read over the posts and am thinking about it. What's the advantage of getting the 127.x.x.x out of there? I like having everything clean and clutter free, but is that all I am accomplishing?
Thanks for the help with all of this!
No advantage as far as I personally can see. My approach is not to meddle until I really have to, and in this case there's no real need to meddle.
If you don't have some local caching DNS server first in the list or have some other means of caching DNS responses (e.g., nscd), then every DNS query from an application has to go out on the network and be satisfied by the remote server. Using a local caching server, either bind in a "forward only" configuration or dnsmasq, cached lookups are satisfied locally, saving that overhead. When starting with Linux, one of the first things I noticed about network traffic was how many more DNS queries Linux was sending vs. a Windows system doing similar things. That got me to install a local caching server on Linux.
According to wikipedia page they used to inject ads, but not anymore.
i see. well it's still a commercial entity and moving to opendns from your ISP's dns servers, could well turn out to be a case of "from the frying pan into the fire".
as opposed to opennic, which is a truly community-driven project.
mr.travo, i am confused how a simple problem as craigslist being blocked turned out to accumulate so many posts and such complex-looking & fragile solution attempts.
i have the feeling someone is trying to reinvent the wheel here.
i strongly suggest searching for existing solutions, and applying them, instead of re-inventing the aquisition of DNS servers.
if you would consider opennic, i can offer 2 github repos, of which at least one is likely to meet your requirements: https://github.com/mar77i/opennic, https://github.com/kewlfft/opennic-up
- but you should really take a look what your distro's repositories, website, wiki, askubuntu etc. have to offer.
That's not how it works. Once a server has responded with something other than a server error, no further servers are queried. Note that NXDOMAIN (No such domain) is not an error in that context. That is the answer.
It IS how it works. If one nameserver can't be queried (as is the case with his 127.x.x.x nameserver) it moves on to the next one. A nameserver being unreachable is not the same as an NXDOMAIN response from a nameserver. If it didn't work this way there would never be a point in adding more than one nameserver to resolv.conf.
The advantage of removing a non-functioning nameserver is to eliminate the time it takes to try querying that server then move on to the next. Some things are sensitive to the timeout (e.g. Oracle products). We once had issues and even adjusting the timeout in resolv.conf didn't make it fast enough.
Last edited by MensaWater; 03-07-2018 at 07:24 AM.
It IS how it works. If one nameserver can't be queried (as is the case with his 127.x.x.x nameserver) it moves on to the next one. A nameserver being unreachable is not the same as an NXDOMAIN response from a nameserver. If it didn't work this way there would never be a point in adding more than one nameserver to resolv.conf.
Sorry, I misinterpreted what you meant by, "checks them in the order found in resolv.conf until it finds the answer." So many people think that it means, "until it finds one that can resolve the name."
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.