Re: Can't find the DNS Servers

To: debian-user@lists.debian.org
Subject: Re: Can't find the DNS Servers
From: Gene Heskett <gheskett@shentel.net>
Date: Wed, 4 Oct 2017 21:56:13 -0400
Message-id: <[🔎] 201710042156.13926.gheskett@shentel.net>
In-reply-to: <[🔎] 20171005002351.GA15074@alum>
References: <8f12c29b-fbbf-7188-1184-e4518b7c0398@verizon.net> <[🔎] 201710041814.12935.gheskett@shentel.net> <[🔎] 20171005002351.GA15074@alum>

On Wednesday 04 October 2017 20:23:51 David Wright wrote:

> On Wed 04 Oct 2017 at 18:14:12 (-0400), Gene Heskett wrote:
> > On Wednesday 04 October 2017 14:35:25 David Wright wrote:
> > > On Wed 04 Oct 2017 at 13:21:02 (-0400), Greg Wooledge wrote:
> > > > On Wed, Oct 04, 2017 at 11:59:04AM -0500, David Wright wrote:
> > > > > On Wed 04 Oct 2017 at 09:11:37 (+0300), Reco wrote:
> > > > > > A correct way to fix this is to "persuade" your DHCP server
> > > > > > not to provide DNS information.
> > > > > > Even more correct way is to force your DNS-at-DHCP to use
> > > > > > 8.8.8.8 as forwarder DNS.
> > > > > > Since it's unnaturally complex to do so in a consumer-grade
> > > > > > routers, a hack is in order.
> > > > >
> > > > > But won't that send local host lookups to google which won't
> > > > > have a clue?
> > > >
> > > > Which problem are we attempting to solve, exactly?  I seem to
> > > > recall that the reported symptom was "I can't do apt-get
> > > > update", which means the priority is getting real Internet DNS
> > > > resolution working.
> > >
> > > "I can't even reach the other computers on my home network if I
> > > use their names. IP addresses work OK." as well.
> >
> > You probably could if you enter their addresses and names in
> > your /etc/hosts file, and you can run the identical /etc/hosts file
> > on every machine on your home network.
>
> Yes, I do that. The OP is presumably used to not having to do that.
>
> > If you have network-mangler installed and running, stop it and
> > remove it else you may have to make your /etc/resolv.conf into a
> > normal file, make the nameservers work, then chattr +i resolv.conf
> > to keep n-m from tearing down a working network.
> >
> > It should, if your router runs something like dnsmasq, be sufficient
> > to point the nameserver entry in your resolv.conf at the router,
> > which will, if its internal lookups fail, forward the dns request to
> > your ISP's dns servers. That adds about 60 milliseconds to the ping
> > time of some site never visited before.
>
> Yes, I do that. As stated below, there are no internal lookups,
> but the router has google nameservers configured in place of its
> downloading them from my ISP.
>
> > > > If there's a need to add local area network hosts, then *after*
> > > > the real Internet DNS is working, the OP can decide whether to
> > > > add LAN hosts to /etc/hosts on each machine, or to set up a LAN
> > > > DNS nameserver, and wrangle resolv.conf and/or DHCP to point to
> > > > it. (Many steps and details omitted here for simplicity's sake.)
> > >
> > > I'm obviously out of my league. I was under the impression that
> > > everyone set up networking by working outwards from the loopback
> > > interface to the universe, rather than the other way round.
> >
> > Basically that is how it works.
>
> Well, thank you. But this doesn't explain the paragraph above my
> comment. I'm just trying to understand the suggestions being made by
> more experienced folk here, like Reco and Greg.
>
> I suppose the main things I don't understand are:
> why set up the DNS to resolve externals' addresses before internals';
> why send LAN DNS queries out to 8.8.8.8 before consulting the LAN's
> own server; why, on a home network, set external servers (like
> 8.8.8.8) in all the hosts' resolv.conf if the router itself can pass
> queries to them. After all, if the router's not up, then those
> external servers are unreachable anyway.
>
> > > > Which way the OP *should* go depends mostly on how many LAN
> > > > hosts we're talking about.  Which way they *will* go... anyone's
> > > > guess.
> >
> > Your /etc/hosts file can have, IIRC, up to 253 ipv4 entries. And it
> > still is identical on all machines provided they all know their
> > assigned names.  Check that by running hostname w/o an argument. See
> > man hostname, ditto for domainname.
>
> Um, I'm not sure what you're remembering.
> $ wc /etc/hosts
>  13263  27599 402246 /etc/hosts
> $
> I think there are limits on line length/aliases.
>
> > > As I just posted, I thought the OP was already using a DNS server
> > > in the Actiontec router. (I don't have that choice.)
> >
> > Why not David?
>
> Because I have a "plastic" router with a server for DHCP but not DNS.
>
> > Get one that has enough memory to be reflashed with
> > dd-wrt, which will have that feature, and since its .de sourced, not
> > at all likely to have any back doors for the 3 letter agencies.
>
> But why would I buy a wireless router that you don't trust enough
> to have its wireless turned on?
>
A, I don't have it bridged to my network, so the wifi in the buffalo 
can't get into me, only to the internet but that hasn't stopped an 
enterprising neighbor from achieving a wpsk login and watching 80 gigs 
of whatever a month, so the radio remains turned off until one of my 
boys drives in from Nebraska or Kansas, and wants his smartphone to be 
able to access his email or whatever.  Thats just common sense. 
Security, and universal access for critter phones do not seem to play in 
the same arena. So the ultimate defense is the wifi's power switch.

I assume that same neighbor found the radio in an r-pi-3b thats been 
running one of my cnc'd lathes for about 8 months, got a local address 
from the dd-wrt dhcpd server, and which a jessie install enabled w/o 
asking me, but that traffic I can see on the gkrellm tallies, so that 
got powered down the next day.

And B,C,D,E & F: security.

> If we spend money here, it'll be for a repeater and/or more
> homeplug-style devices.

A wifi repeater?  You can drive an 88,000 lb load of cold swinging beef 
thru that security hole.  Homeplug-style I assume is some sort of a 
powerline carried network?, x10 on an overdose of bandwidth steroids?  
Explain plz if you've the time.

> > Most routers in the $70+ category can do that. In way over a decade,
> > only one person has come thru dd-wrt and I had to give him all the
> > usernames and passwd's to do so. I needed his expertise at the time.
> >
> > Buffalo sells several with dd-wrt already installed, but their
> > branding covered up a needed section of the setup, so I had to go
> > get the real thing from the dd-wrt site & install it.  Shrug.
>
> Cheers,
> David.


Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page <http://geneslinuxbox.net:6309/gene>

Reply to:

Follow-Ups:
- Re: Can't find the DNS Servers
  - From: David Wright <deblis@lionunicorn.co.uk>

References:
- Re: Can't find the DNS Servers
  - From: Gene Heskett <gheskett@shentel.net>
- Re: Can't find the DNS Servers
  - From: David Wright <deblis@lionunicorn.co.uk>

Prev by Date: Re: Can't find the DNS Servers
Next by Date: Re: Can't find the DNS Servers
Previous by thread: Re: Can't find the DNS Servers
Next by thread: Re: Can't find the DNS Servers
Index(es):
- Date
- Thread