On 01 May 2006 23:16:07 GMT
Troy Piggins wrote:

> I tried appending it to /etc/hosts and restarted bind, but the URLs
> still resolved to their external addresses.

First, you should realise that nslookup and dig (as well as the djbdns
tools) bypass the system's resolver library, so you cannot test the
effect of your change using them. Use a little program that calls the
library (like ghbn.c below):

/* Little program to test gethostbyname */

#include
#include
#include
#include
#include
#include
#include
#include
#include


void quit(int code, char *text) {
fprintf(stderr, text);
exit(code);
}

int main(int argc, char *argv[]) {

struct hostent *shp;
struct hostent sh;
char buf[1024];
int h_errno;

/* Accept parameter from command line */
if (argc != 2) quit(1, "I need a hostname to resolve\n");

/* Call gethostbyname_r */
shp = gethostbyname_r(argv[1], &sh, buf, sizeof(buf), &h_errno);

/* Print results */
if (shp) {
char **cp;
for (cp = shp->h_addr_list; *cp != NULL; cp++) {
struct in_addr addr;
char **cq;
memcpy(&addr.s_addr, *cp, sizeof(addr.s_addr));
printf("%s %s", inet_ntoa(addr), shp->h_name);
for (cq = shp->h_aliases; *cq != 0; cq++) {
printf(" %s", *cq);
}
putchar('\n');
}
} else {
printf("Cannot resolve %s (%d)\n", argv[1], h_errno);
}

return 0;
}


Here's a run of the program with the hosts file you're referring to
(compiled on Solaris 10 with Sun Studio 11):

bogus~[121] cc ghbn.c -o ghbn -lnsl -lsocket
bogus~[122] ./ghbn bogus.ecc.lu
192.168.1.7 bogus.ecc.lu bogus
bogus~[123] dnsip actualnames.com
66.218.79.161 66.218.79.140 66.218.79.155 66.218.79.147 66.218.79.149
66.218.79.148
bogus~[124] ./ghbn actualnames.com
127.0.0.1 actualnames.com

Notice that the dnsip command (from djbdns) returns all the IP
addresses, but that gethostbyname_r() uses our extended /etc/hosts file.
I then switched back to the original /etc/hosts, and got the same
results as dnsip with the test program.

bogus~[125] ./ghbn actualnames.com
66.218.79.161 actualnames.com
66.218.79.140 actualnames.com
66.218.79.147 actualnames.com
66.218.79.148 actualnames.com
66.218.79.149 actualnames.com
66.218.79.155 actualnames.com

If you still have no result, check the following:

- Have you converted the file to have Unix EOL characters?

- Make sure that your /etc/nsswitch.conf specifies:

hosts: files dns

Take care,

--
Stefaan A Eeckels
--
Q: If ignorance is bliss, why aren't there more happy people in the
world? A: Because they don't know they're ignorant.

* Stefaan A Eeckels wrote:
> On 01 May 2006 23:16:07 GMT
> Troy Piggins wrote:
>
>> I tried appending it to /etc/hosts and restarted bind, but the URLs
>> still resolved to their external addresses.
>
> First, you should realise that nslookup and dig (as well as the djbdns
> tools) bypass the system's resolver library, so you cannot test the
> effect of your change using them. Use a little program that calls the
> library (like ghbn.c below):
>
> /* Little program to test gethostbyname */
[snip program code]
> Here's a run of the program with the hosts file you're referring to
> (compiled on Solaris 10 with Sun Studio 11):
>
> bogus~[121] cc ghbn.c -o ghbn -lnsl -lsocket
> bogus~[122] ./ghbn bogus.ecc.lu
> 192.168.1.7 bogus.ecc.lu bogus
> bogus~[123] dnsip actualnames.com
> 66.218.79.161 66.218.79.140 66.218.79.155 66.218.79.147 66.218.79.149
> 66.218.79.148
> bogus~[124] ./ghbn actualnames.com
> 127.0.0.1 actualnames.com
>
> Notice that the dnsip command (from djbdns) returns all the IP
> addresses, but that gethostbyname_r() uses our extended /etc/hosts file.
> I then switched back to the original /etc/hosts, and got the same
> results as dnsip with the test program.
>
> bogus~[125] ./ghbn actualnames.com
> 66.218.79.161 actualnames.com
> 66.218.79.140 actualnames.com
> 66.218.79.147 actualnames.com
> 66.218.79.148 actualnames.com
> 66.218.79.149 actualnames.com
> 66.218.79.155 actualnames.com

Thanks! I can now test to see what they will resolve to, but I still
can't *solve* the problem.

Should I add the URLs to bind's zone files?
Or is there a way to get bind to use /etc/hosts?

> If you still have no result, check the following:
>
> - Have you converted the file to have Unix EOL characters?

Yes.

> - Make sure that your /etc/nsswitch.conf specifies:
>
> hosts: files dns

Yes it does.

--
Troy Piggins
,-o Ubuntu v5.10 (Breezy Badger): kernel 2.6.12-9-386,
o ) postfix 2.2.4, procmail 3.22, mutt 1.5.11i,
`-o slrn 0.9.8.1/rt (score_color patch), vim 7.0f (beta)

On 03 May 2006 07:55:34 GMT
Troy Piggins wrote:

> Thanks! I can now test to see what they will resolve to, but I still
> can't *solve* the problem.
>
> Should I add the URLs to bind's zone files?

That is not going to work - you'd have to make bind authoritative for
all those zones which is nigh impossible, and bound to have undesirable
side effects.

> Or is there a way to get bind to use /etc/hosts?

Bind cannot use /etc/hosts as it is its alternative when it comes to
name resolution.

AFAIK squid uses gethostbyname(), so it should behave like the
program I included. Simply instruct all your PCs to use squid to
access the Internet. You could block port 80 on your outgoing router(s)
for all systems but the proxy server to enforce the use of the proxy
(this is what I do on my LAN).

Take care,

--
Stefaan A Eeckels
--
"A ship in the harbor is safe. But that's not what ships are built for."
-- Rear Admiral Dr. Grace Murray Hopper.

* Stefaan A Eeckels wrote:
> On 03 May 2006 07:55:34 GMT
> Troy Piggins wrote:
>
>> Thanks! I can now test to see what they will resolve to, but I still
>> can't *solve* the problem.
>>
>> Should I add the URLs to bind's zone files?
>
> That is not going to work - you'd have to make bind authoritative for
> all those zones which is nigh impossible, and bound to have undesirable
> side effects.
>
>> Or is there a way to get bind to use /etc/hosts?
>
> Bind cannot use /etc/hosts as it is its alternative when it comes to
> name resolution.
>
> AFAIK squid uses gethostbyname(), so it should behave like the
> program I included. Simply instruct all your PCs to use squid to
> access the Internet. You could block port 80 on your outgoing router(s)
> for all systems but the proxy server to enforce the use of the proxy
> (this is what I do on my LAN).

Thankyou Stefaan. All workstations already are set up to use only the
proxy, and port 80 is already blocked by firewall.

So I'll look into squid conf in more detail.

Thanks again.

--
Troy Piggins
,-o Ubuntu v5.10 (Breezy Badger): kernel 2.6.12-9-386,
o ) postfix 2.2.4, procmail 3.22, mutt 1.5.11i,
`-o slrn 0.9.8.1/rt (score_color patch), vim 7.0f (beta)

In comp.unix.admin Troy Piggins :
> I have a network with about a dozen WinXP workstations and a linux
> gateway/firewall/proxy serve/DNS (iptables, squid, bind).

> I came across this site http://www.mvps.org/winhelp2002/hosts.htm which
> has a hosts file you can download containing malicious URLs and maps
> them to 127.0.0.1 so the can't "phone home" etc. It's of the format

There are several (iirc) addzapp extensions for squid which will
do that in a more elegant way, STFW (freshmeat.net and alike).

[..]

--
Michael Heiming (X-PGP-Sig > GPG-Key ID: EDD27B94)
mail: echo zvpunry@urvzvat.qr | perl -pe 'y/a-z/n-za-m/'
#bofh excuse 356: the daemons! the daemons! the terrible
daemons!

* Michael Heiming wrote:
> In comp.unix.admin Troy Piggins :
>> I have a network with about a dozen WinXP workstations and a linux
>> gateway/firewall/proxy serve/DNS (iptables, squid, bind).
>
>> I came across this site http://www.mvps.org/winhelp2002/hosts.htm which
>> has a hosts file you can download containing malicious URLs and maps
>> them to 127.0.0.1 so the can't "phone home" etc. It's of the format
>
> There are several (iirc) addzapp extensions for squid which will
> do that in a more elegant way, STFW (freshmeat.net and alike).
>
> [..]
>

Thanks mate. Will look into it.

--
Troy Piggins
My karma just ran over my dogma