Rogue DNS Entry Causing Problems

2

I'm running Mac OS X (wired connection) and on a really crappy ISP. Because of this I've set my DNS servers to use OpenDNS, which is generally much more responsive. However, for some reason 192.168.1.1 is at the top of my DNS search order (confirmed via /etc/resolv.conf and nslookup). The problem is that it's not listed anywhere in my network configuration. It might be coming from DHCP, but I've read that if it is it should be last in the list. How do I remove this altogether, or at the very least force Mac OS X to always try it last?

Additional Information:

Very strange. When I go into System Preferences, only the OpenDNS servers are listed. I've checked every adapter listed, whether they are enabled or not (including Bluetooth, Firewire, etc.). When I run networksetup -getdnsservers Ethernet it only returns the OpenDNS servers.

However if I cat /etc/resolv.conf I get

nameserver 192.168.1.1
nameserver 208.67.222.222
nameserver 208.67.220.220

And nslookup gives me:

> server
Default server: 192.168.1.1
Address: 192.168.1.1#53
Default server: 208.67.222.222
Address: 208.67.222.222#53
Default server: 208.67.220.220
Address: 208.67.220.220#53

When I look something up in nslookup it sometimes responds with 192.168.1.1 and sometimes with an OpenDNS server. And sometimes it times out completely due to my aforementioned crappy ISP.

ggutenberg

Posted 2010-08-05T10:36:57.183

Reputation: 1 072

Well it's probably from DHCP. Check setting on your router. Best way to solve this would be to set your router to use OpenDNS servers directly and let computers use your router as relay. – AndrejaKo – 2010-08-05T11:53:37.427

It's a shared internet connection in my building. I don't have access to the router's DHCP settings. – ggutenberg – 2010-08-05T12:23:05.870

Answers

1

How did you set your DNS to use OpenDNS?

In the Network preference pane in System Preferences, if you click Advanced... on your Airport and go to the DNS tab: What is the order that appears there? Is 192.168.1.1 in grey or black?

If the IP address is black it's been manually entered, if it's grey it came via DHCP. You can also drag and drop entries to change the order as necessary. /etc/resolv.conf is auto generated from these settings so changing /etc/resolv.conf won't stick. If you want to set the DNS servers and manage them from the command line, check out networksetup. (eg. networksetup -getalldnsservers AirPort)

Chealion

Posted 2010-08-05T10:36:57.183

Reputation: 22 932

Added some additional information to the post in answer to your questions. Still not sure what's going on though. – ggutenberg – 2010-08-05T15:39:25.103

@dosboy: Which version of Mac OS X specifically and have you restarted recently? – Chealion – 2010-08-05T15:41:07.203

10.6.4. Just rebooted, and everything is exactly the same. No changes. – ggutenberg – 2010-08-05T15:58:10.877

Just for clarification, right after you edit your DNS settings in System Preferences and hit Apply - if you check resolv.conf has 192.168.1.1 been added yet? – Chealion – 2010-08-05T16:12:48.170

Actually, that doesn't seem to update resolv.conf at all. I just removed 208.67.220.220 and hit Apply, and my resolv.conf still had all 3 entries in it. – ggutenberg – 2010-08-05T16:17:19.407

@dosboy: That's an issue - what are the permissions on /etc/resolv.conf and what happens if you modify /etc/resolv.conf yourself? – Chealion – 2010-08-05T19:22:44.557

-rwxr-xr-x 1 root wheel 293 6 Aug 01:27 resolv.conf

If I try to modify it myself using vi it tells me it's read-only. If I add ! I get the following error:

"resolv.conf" E212: Can't open file for writing – ggutenberg – 2010-08-05T20:14:34.247

@dosboy You'll have to run vi using sudo. eg. sudo vi /etc/resolv.conf – Chealion – 2010-08-05T20:29:15.650

Ok. I've edited it and removed 192.168.1.1. Ran nslookup >server and only the OpenDNS servers are listed. So that's good. So now I just wait and see if resolv.conf reverts to its previous state? – ggutenberg – 2010-08-05T20:33:39.823

Sounds like it - doesn't explain why /etc/resolv.conf wasn't updating. That bit is bizarre. – Chealion – 2010-08-05T20:45:26.877

Asked: 2010-08-05T10:36:57.183

Viewed: 505 times

Active: 2010-08-05T15:35:46.010