1

I'm trying to set up my LAN with OpenDNS, and it seems that my DNS settings are being completely ignored. Even if I set my laptop (running Ubuntu) to have only the OpenDNS primary IP (and verify in resolv.conf that NetworkManager did its job) then

$ host myip.opendns.com
Host myip.opendns.com not found: 3(NXDOMAIN)

Still not using OpenDNS.

My ISP is running a transparent proxy, but that shouldn't affect DNS queries... could they be hijacking my DNS traffic somehow?

singpolyma
  • 489
  • 2
  • 7
  • 19

3 Answers3

3

If they are transparently proxying one protocol, they may well be doing the same for DNS too.

To confirm this, try forcing dig to use the OpenDNS server instead of reading from other configuraion (to further rule out a config isue at your end) with something like dig @208.67.222.222 myip.opendns.com - if your ISP is redirecting DNS traffic then you should get the same response (if you don't, i.e. you get the expected response instead of NXDOMAIN, then your local config may be in error as success indicates requests are getting through to OpenDNS's servers).

If they are messing with DNS traffic your three options are:

  1. switch ISP
  2. run a VPN for all your external access (this would require a server/VPS hosted elsewhere to act as the other endpoint) or just to run DNS traffic through
  3. just put up with it
David Spillett
  • 22,534
  • 42
  • 66
  • Thanks! `dig @208.67.222.222 myip.opendns.com` shows `;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 34427`, which from what I know about dig seems to show that they're intercepting DNS traffic. That's pretty shifty :P – singpolyma Jan 05 '10 at 11:08
  • It might be worth naming the ISP - that will increase the chance of someone experiencing the same problem getting to this page with the answer when they search. – David Spillett Jan 05 '10 at 11:46
0

In theory, your ISP could be manipulating your DNS responses. What's your ISP?

What's in resolv.conf?

What IP address does nslookup query by default?

Alex Holst
  • 2,200
  • 1
  • 14
  • 13
0

What does nsswitch.conf say? It should look into the files first (in this case, /etc/resolv.conf), assuming that is where you put the OpenDNS servers IPs:

# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd:         compat
group:          compat
shadow:         compat

**hosts:          files mdns4_minimal [NOTFOUND=return] dns mdns4**
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files
Rilindo
  • 5,058
  • 5
  • 26
  • 46