Wednesday, January 31, 2007

The case of the mysterious dns

My internet connection has been acting strange lately. Internet is working fine when I start the computer, but I can't access my internal network. So I do an />dhclient and I can access the internal network, but not the WAN. Truly annoying. First I explored the option of this being a problem with the ipv6 protocol, so I disabled as far as my abilities could handle. But this only made it work temporarily. Then I noticed that my standard gateway was pointing to an, to me unknown, dns address, 192.168.200.2 when my real dns is 192.168.0.1. I change this, and everything is working again. But it just keeps coming back. I try to make /etc/resolve.conf read-only, and again, it's only working for a short while then it's right back at that mysterious dns.
After surfing around www.ubuntuforums.org for a while I finally find something that so far seems to be working. Here's what needs to be done:
in file "/etc/dhcp3/dhclient.conf" look for this segment :
request subnet-mask, broadcast-address, time-offset, routers,
domain-name, domain-name-servers, host-name,
netbios-name-servers, netbios-scope;
Remove "domain-name-servers,"
and at the line "#prepend domain-name-servers 127.0.0.1;
I changed 127.0.0.1 to my DNS 192.168.0.1 and removed the commenting sign #.
This procedure tells the system not to ask the router for it's dns information and what dns it SHOULD use. Apparently this is a problem that's not uncommon with routers from certain companies that begin "D" and end with "Link". See I can keep a secret!

Anyways this has been a truly annoying problem I can't for the life of me see WHY the company would construct such a designflaw. Well, I suppose it could be Ubuntu, but hey, why blame them, they're free!
I'm sooo loking forward to getting my new Linksys router! Cheap stuff always mean more work, unless it's Cisco that is, thats a lot of work anyways.

Now but most current problem is avoiding those godforsaken DOS attacks and little scriptkiddies who keep scanning me. Couldn't they at least try to hide it? Now I have to after them. Well my first move in this defence stance is going to be finding a way to handle all my firewall logs. As of now I'm sending them to my email, and there no great way of screening them there... If only there were some sort of online syslog server I could deliver them to, and filter there too then obviously. I'm starting to consider building a phpscript that can filter them for me. Only problem is that I have to find some way to handle emaildeliveries. I could leave a computer on round the clock to handle these things, but since I'm living in a very small apartment I'm not too happy about the idea of having a server humming all night long just to keep track of the firewall logs.

Sigh. I will have to look into this further...

References:
http://ubuntuforums.org/archive/index.php/t-140225.html
http://www.ubuntuforums.org/archive/index.php/t-231965.html

No comments: