how to get three nameserver entries in /etc/resolv.conf - Mandriva

This is a discussion on how to get three nameserver entries in /etc/resolv.conf - Mandriva ; On Sun, 02 Mar 2008 13:20:57 GMT, Jim Beard wrote: > > BitTwister's suggestions of privoxy finally led me > to urpmi the package and use his instructions and > configuration file to get started. > > IT IS WONDERFUL. ...

+ Reply to Thread
Page 2 of 3 FirstFirst 1 2 3 LastLast
Results 21 to 40 of 41

Thread: how to get three nameserver entries in /etc/resolv.conf

  1. Re: Privoxy -- PUBLIC ANNOUNCEMENT

    On Sun, 02 Mar 2008 13:20:57 GMT, Jim Beard wrote:
    >
    > BitTwister's suggestions of privoxy finally led me
    > to urpmi the package and use his instructions and
    > configuration file to get started.
    >
    > IT IS WONDERFUL.


    Another is NoScript Add On for Firefox. http://noscript.net/
    Under noscript's Options --> Advanced
    set all check boxes checked for Untrusted.

    > I had intended to read up and figure out how to
    > use it, but it is doing such a great job of
    > blocking/stopping stuff that I had been seeing but
    > did not want to, that I have not altered any setting
    > since the install.


    Hope you copied my user.aciton script into /etc/privoxy/user.action from
    http://groups.google.com/group/alt.o...f452aa89b0bd57
    or at least added in the sites under +block

    I would think privoxy and noscript would help speed up any slow speed
    connection.

    Hehe, if using my user.action file, go to http://www.news.com/
    click up a terminal and do a
    netstat -autwp
    check out all the connections privoxy catches.

  2. Re: Turn off upnp in all routers - IMPORTANT

    Robert M. Riches Jr. wrote:
    >>>> For anyone who hasn't heard about it yet, the attack is described at
    >>>> http://www.gnucitizen.org/blog/hacking-the-interwebs/
    >>> If you are using a router, make sure you turn off the Upnp "feature",

    >> I looked around in my MI424-WR Actiontec Router and was unable to see
    >> anything which would disable such a "feature"

    >
    > On my Verizon-supplied Actiontec MI424-WR, the UPnP control
    > is under "Advanced" from the main menu, then in the second
    > column from the left, lower section, right under "Network
    > Objects".


    On my Verizon-supplied Westell 327W, main menu > Security > Applications
    has a checkbox labelled "UPNP Enable".

    Adam

  3. Re: Privoxy -- PUBLIC ANNOUNCEMENT

    Neil Van Dyke maintains a Privoxy action file:
    http://www.neilvandyke.org/privoxy-rules/

  4. Re: Turn off upnp in all routers - IMPORTANT

    On Sat, 01 Mar 2008 19:02:38 -0500, David W. Hodgins wrote:

    > If you are using a router, make sure you turn off the Upnp
    > "feature",


    As I understand it, turning UPnP off would screw up Skype
    operations. Are others known? (Would home LAN's be affected?)

    As I DG834G user, I was interested to see - on the web page you
    referenced:

    "I’ve been investigating UPnP on my DG834 further, the most
    disruptive UPnP action it allows is to disconnect it from the
    internet. Whilst irritating, it would not pose a security
    threat."

    Also - w.r.t. to another router:

    "Just tested out what the UPnP services are like on the
    DD-WRT v24 firmware (a popular replacement firmware for the
    Linksys WRT54g).

    It implements only these services, and even then only the
    required functions:
    WANIPConnection
    WANPPPConnection
    WANCommonInterfaceConfig
    Layer3Forwarding

    The good news is that it is pretty secure:
    * It rejects any attempt to set a port forward to an external
    IP address destination.
    * It doesn’t support the “getUserName” or “getPassword”
    commands, nor any way to reset or change them
    * It doesn’t support the ability to change the DNS server
    * It doesn’t support changing wifi settings"

    which suggests that the need to turn UPnP off depends on the
    type of router being used.

    Neverthless, I am going to disable it, and 'drive it round the
    block to see what falls off...'

    /\/\aurice
    (Remove 'removethis.' to reply by email)


  5. Re: Turn off upnp in all routers - IMPORTANT

    On Sun, 02 Mar 2008 12:59:36 -0500, Maurice Batey wrote:

    > As I understand it, turning UPnP off would screw up Skype
    > operations. Are others known? (Would home LAN's be affected?)


    It would stop skype from auto configuring the router to forward the port.
    You would have to do that manually. From skype's perspective, the router
    would not be recoginzed as a configurable nat device, and would be treated
    the same as a modem.

    Regards, Dave Hodgins

    --
    Change nomail.afraid.org to ody.ca to reply by email.
    (nomail.afraid.org has been set up specifically for
    use in usenet. Feel free to use it yourself.)

  6. Re: Turn off upnp in all routers - IMPORTANT

    On Sun, 02 Mar 2008 05:44:25 -0500, Peter D. wrote:

    > Despite the change of subject it is still a reply. Threading
    > newsreaders (like Knode) hid your message inside the old
    > thread.


    Thanks. That's something I very rarely do, and forgot to remove the
    references line.

    Regards, Dave Hodgins

    --
    Change nomail.afraid.org to ody.ca to reply by email.
    (nomail.afraid.org has been set up specifically for
    use in usenet. Feel free to use it yourself.)

  7. Re: Turn off upnp in all routers - IMPORTANT

    On Sun, 02 Mar 2008 17:59:36 +0000, I wrote:

    > Neverthless, I am going to disable it, and 'drive it round the
    > block to see what falls off...'


    Haven't tried Skype yet, but no problem printing from laptop on
    printer attached to desktop on LAN.

    --
    /\/\aurice
    (Remove 'removethis.' to reply by email)


  8. Re: Turn off upnp in all routers - IMPORTANT

    On Sun, 02 Mar 2008 15:08:45 -0500, David W. Hodgins wrote:

    > It would stop skype from auto configuring the router to forward the port.


    Mmm. Well, for our occasional use of Skype, I'll just
    temporarily turn UPnP 'on'.

    --
    /\/\aurice
    (Remove 'removethis.' to reply by email)


  9. Re: Privoxy -- PUBLIC ANNOUNCEMENT

    Jim Beard wrote:
    > PUBLIC ANNOUNCEMENT hat on.
    >
    > BitTwister's suggestions of privoxy finally led me
    > to urpmi the package and use his instructions and
    > configuration file to get started.
    >
    > IT IS WONDERFUL.
    >
    > I had intended to read up and figure out how to
    > use it, but it is doing such a great job of
    > blocking/stopping stuff that I had been seeing but
    > did not want to, that I have not altered any setting
    > since the install.
    >
    > HIGHLY RECOMMENDED. (Repeat 10 times for emphasis.)


    I concur.

    --
    PLEASE post a SUMMARY of the answer(s) to your question(s)!
    Show Windows & Gates to the exit door.
    Unless otherwise noted, the statements herein reflect my personal
    opinions and not those of any organization with which I may be affiliated.

  10. Re: Turn off upnp in all routers - IMPORTANT

    On Sat, 01 Mar 2008 19:02:38 -0500, David W. Hodgins wrote:
    > On Sun, 24 Feb 2008 14:06:08 -0500, David W. Hodgins wrote:
    >
    >> For anyone who hasn't heard about it yet, the attack is described at
    >> http://www.gnucitizen.org/blog/hacking-the-interwebs/

    >
    > If you are using a router, make sure you turn off the Upnp "feature", otherwise


    After a brief read at
    http://www.gnucitizen.org/projects/r...ing-challenge/
    and http://www.0x000000.com/index.php?i=524
    I am starting to think I will have to put a linux nat box between my
    internet router and lan. :-(


  11. Re: Turn off upnp in all routers - IMPORTANT

    On Mon, 3 Mar 2008 22:13:17 +0000 (UTC), Bit Twister wrote:
    > On Sat, 01 Mar 2008 19:02:38 -0500, David W. Hodgins wrote:
    >> On Sun, 24 Feb 2008 14:06:08 -0500, David W. Hodgins wrote:
    >>
    >>> For anyone who hasn't heard about it yet, the attack is described at
    >>> http://www.gnucitizen.org/blog/hacking-the-interwebs/

    >>
    >> If you are using a router, make sure you turn off the Upnp "feature", otherwise

    >
    > After a brief read at
    > http://www.gnucitizen.org/projects/r...ing-challenge/
    > and http://www.0x000000.com/index.php?i=524
    > I am starting to think I will have to put a linux nat box between my
    > internet router and lan. :-(


    Yea, added my router's ip to privoxy's user.action file,
    service privoxy restart
    and now I get a pop up when I tried to access the router.
    I feel a bit safer now.

  12. Re: Turn off upnp in all routers - IMPORTANT

    On Mon, 03 Mar 2008 19:46:42 -0500, Bit Twister wrote:

    > Yea, added my router's ip to privoxy's user.action file,
    > service privoxy restart
    > and now I get a pop up when I tried to access the router.
    > I feel a bit safer now.


    Scary. It's been standard security advice to use a nat router, to protect
    windows systems, for a long time, even for single computer setups. Given
    that simple javascript, is all that's needed to hack the router, I think
    that will have to change, to "Avoid using nat router, unless absolutely
    required.".

    Regards, Dave Hodgins

    --
    Change nomail.afraid.org to ody.ca to reply by email.
    (nomail.afraid.org has been set up specifically for
    use in usenet. Feel free to use it yourself.)

  13. Re: Turn off upnp in all routers - IMPORTANT

    On Mon, 03 Mar 2008 20:42:36 -0500, David W. Hodgins wrote:
    > On Mon, 03 Mar 2008 19:46:42 Bit Twister wrote:
    >
    >> Yea, added my router's ip to privoxy's user.action file,
    >> service privoxy restart
    >> and now I get a pop up when I tried to access the router.
    >> I feel a bit safer now.

    >
    > Scary. It's been standard security advice to use a nat router, to protect
    > windows systems, for a long time, even for single computer setups.


    What is worse, while researching some of the links, one seemed to
    indicate Active X was enabled in a router. :-(
    That was scary. Sorry, did not keep the link.

    It is nice that privoxy is available for doze boxes.
    I did notice it needs log file protection set for world read/write.

    > Given that simple javascript, is all that's needed to hack the
    > router, I think that will have to change, to "Avoid using nat
    > router, unless absolutely required.".


    Well, it might be OK to a point. Except for the DNS problem in the LAN
    router; it would keep malware LAN script from the Internet router thus
    keeping the Internet router safe from LAN attacks.

    Looks like every doze box needs privoxy installed, router ip in
    user.action, all browsers set to use privoxy's proxy.

    Users told that when a privoxy pop up shows up for the router ip,
    note the site and get out to the browser ASAP.

    That site then needs to be added to user.action and malware webmaster
    notified of infection.

  14. Re: Turn off upnp in all routers - IMPORTANT

    On Mon, 03 Mar 2008 21:23:01 -0500, Bit Twister wrote:

    > Looks like every doze box needs privoxy installed, router ip in
    > user.action, all browsers set to use privoxy's proxy.


    Not just doze boxes. All browsers, in all systems.

    I hate the idea of a hoping that these "bounce-back" malware scripts will not be
    able to bypass a proxy.

    I will eventually get around to upgrading to dsl. I think I'll get a simple dsl
    modem, that does not support nat routing. I'll have to use pppoe, instead of
    straight ethernet, but is should be safer.

    Regards, Dave Hodgins

    --
    Change nomail.afraid.org to ody.ca to reply by email.
    (nomail.afraid.org has been set up specifically for
    use in usenet. Feel free to use it yourself.)

  15. Re: Turn off upnp in all routers - IMPORTANT

    On Mon, 03 Mar 2008 11:32:57 +0000, Maurice Batey wrote:

    > or our occasional use of Skype, I'll just
    > temporarily turn UPnP 'on'.


    Have now done a Skype 'test call', which worked normally (but
    have not tried a video connection with another user yet) - with
    UPnP 'off' in the router...

    --
    /\/\aurice

    (Remove 'removethis.' to reply by email)


  16. Re: Turn off upnp in all routers - IMPORTANT

    On Sun, 02 Mar 2008 17:59:36 +0000, Maurice Batey wrote:

    > On Sat, 01 Mar 2008 19:02:38 -0500, David W. Hodgins wrote:
    >
    >> If you are using a router, make sure you turn off the Upnp "feature",

    >
    > As I understand it, turning UPnP off would screw up Skype
    > operations. Are others known? (Would home LAN's be affected?)


    I think you must be misinformed.

    Datapoints:

    A. I have uPnP turned off in the entire chain from my internal LAN to my
    ISP.

    B. I use Skype regularly (at least every day) and have never noticed a
    problem.

    So turn off uPnP and don't worry.

  17. Re: Turn off upnp in all routers - IMPORTANT

    On Tue, 04 Mar 2008 12:44:40 -0500, Maurice Batey wrote:

    > Have now done a Skype 'test call', which worked normally (but
    > have not tried a video connection with another user yet) - with
    > UPnP 'off' in the router...


    Once the router has been configured to forward the port, it should continue
    to do so, until it has a reason not to, either due to the configuration
    being changed, or if upnp is on, because it's running out of room for the
    upnp forwarding table, and has an auto-cleanup function, turned on.

    Regards, Dave Hodgins

    --
    Change nomail.afraid.org to ody.ca to reply by email.
    (nomail.afraid.org has been set up specifically for
    use in usenet. Feel free to use it yourself.)

  18. Re: [Solved] Re: how to get three nameserver entries in/etc/resolv.conf

    On Sat, 01 Mar 2008 22:55:58 +0000, Robert M. Riches Jr. wrote:

    [...]
    > So, the 'head' and 'tail' files work as documented in the man page, but
    > the 'base' file apparently does not get used. (The two nameserver lines
    > with IP addresses redacted come from the DNS{1,2} entries for the
    > static-IP eth0.)

    [...]

    Incorrect. The 'base' file is where one places the "nameserver x.x.x.x"
    lines. If those lines are not found *then* 'base' is ignored. I have my
    nameserver lines in 'base' and it *is* used here.

    /etc/resolvconf/resolv.conf.d/base
    File containing basic resolver information. The lines in this
    file are included in the resolver configuration file even when
    no interfaces are configured.

    Where "basic resolver information" == "nameserver x.x.x.x" lines.
    Apparently my blog post (http://blog.eracc.com/?p=21) I mentioned in this
    thread did not clarify this enough?

    HTHCTFY,
    Gene (e-mail: gene \a\t eracc \d\o\t com)
    --
    Mandriva Linux release 2007.1 (Official) for i586
    Got Rute? http://www.anrdoezrs.net/email-25465...sbn=0130333514
    ERA Computers & Consulting - http://www.eracc.com/
    Preloaded PCs - eComStation, Linux, FreeBSD, OpenServer & UnixWare

  19. Re: how to get three nameserver entries in /etc/resolv.conf

    On Mar 1, 4:54*pm, "David W. Hodgins"
    wrote:
    > On Sat, 01 Mar 2008 17:55:58 -0500, Robert M. Riches Jr. wrote:
    >
    > > So, the 'head' and 'tail' files work as documented in the
    > > man page, but the 'base' file apparently does not get used.

    >
    > That's good to know. * I never tried using that one, so hadn't come across
    > that.


    Not quite. The behavior is certainly different, but it works. head
    and tail are clearly concatted (is that a word?). base is apparently
    processed and stripped of comments before it is included in
    resolv.conf. If you consider the use of the three files this makes
    sense. head and tail can be used to provide commented banner messages
    such as "# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE
    OVERWRITTEN". You want these comments included. base on the other
    hand can and should be commented so you know why you've created
    certain entries. These additional comments are not read by the
    machine and probably only make sense in the context of the base file,
    so they are removed from the resolv.conf when it is created. In this
    way, you see exactly what is being processed and can make as many
    comments as you'd like, visible only when you are modifying the file.

    /Ryan

  20. Re: how to get three nameserver entries in /etc/resolv.conf

    On 2008-04-21, rbeesley.nospam@gmail.com wrote:
    > On Mar 1, 4:54*pm, "David W. Hodgins"
    > wrote:
    >> On Sat, 01 Mar 2008 17:55:58 -0500, Robert M. Riches Jr. wrote:
    >>
    >> > So, the 'head' and 'tail' files work as documented in the
    >> > man page, but the 'base' file apparently does not get used.

    >>
    >> That's good to know. * I never tried using that one, so hadn't come across
    >> that.

    >
    > Not quite. The behavior is certainly different, but it works. head
    > and tail are clearly concatted (is that a word?). base is apparently
    > processed and stripped of comments before it is included in
    > resolv.conf. If you consider the use of the three files this makes
    > sense. head and tail can be used to provide commented banner messages
    > such as "# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE
    > OVERWRITTEN". You want these comments included. base on the other
    > hand can and should be commented so you know why you've created
    > certain entries. These additional comments are not read by the
    > machine and probably only make sense in the context of the base file,
    > so they are removed from the resolv.conf when it is created. In this
    > way, you see exactly what is being processed and can make as many
    > comments as you'd like, visible only when you are modifying the file.


    I guess it comes down to a matter of opinion. I would want
    the comments copied from all three files. Oh, well.

    --
    Robert Riches
    spamtrap42@verizon.net
    (Yes, that is one of my email addresses.)

+ Reply to Thread
Page 2 of 3 FirstFirst 1 2 3 LastLast