dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
2311
share rss forum feed


cme01

@optonline.net

Intrusive dns. OpenDns

I used linux mint for a while and unknowingly i was not aware that they used open-dns server as a fallback if i could not obtain a dns server...

apparently you would need to contact them and give them the mac of your router so they can fully remove it from the service.

I did not ask for this.



cme01

@optonline.net

there was a point where i had to fully disconnect my router for 1 minute and plug it back in and a page saying welcome to opendns appeared.



chrisretusn
Retired
Premium
join:2007-08-13
Philippines
kudos:1
Reviews:
·Comcast

2 edits
reply to cme01

According to them (Mint) OpenDNS in not used unless no other DNS could be found or reached. Ref: Linux Mint Forums • View topic - Disable OpenDNS

If you want to be rid of OpenDNS as a "fallback" then do this:

sudo truncate --size=0 /etc/resolvconf/resolv.conf.d/tail

--
Chris
Living in Paradise!!


WeenieAlso

join:2002-01-29
Pasadena, MD
reply to cme01

1) You must not have set your network up correctly so they tried to help you.
2) If you set you network up correctly you would not be using that DNS.
3) Why on earth would they need the MAC of your router ? That would do them NO good.

4) How is this intrusive ?

I must be missing something



cme01

@optonline.net
reply to cme01

Seems to be an issue i guess with my router, still for some unknown reason i was browsing fine, if i typed a domain name incorrectly my isp's "domain cannot be found page" would display.

after 1 hour of web browsing my connection timed out while reading. i did not request any webpage - then i was greeted by open-dns yet again saying page unavailable...

if there is an issue with my router auto obtaining dns from my isp...then i am trying to ask myself why it obtains dns normally 90 percent of the time and if i cannot find a dns i get a "page not found" by my isp...yet for some odd reason opendns intrudes automatically out of nowhere...the other 10 percent of the time

that's why i say it's intrusive.

apparently people signed up with them for services i did not...

»forums.opendns.com/comments.php?···nID=6107


WeenieAlso

join:2002-01-29
Pasadena, MD


So my guess is your ISP dns(s) do not respond sometimes and your mint use opendns as a fallback and you do not want that. Check your /etc/resolv.conf
fix it to have only one nameserver line which should point to your router or do what mint suggests I believe chrisreusn provided that.

I would do the below save results Noting the Server: address
From shell prompt

nslookup
google.com
exit

Then when issue occurs do same thing. It would be interesting to see what nameserver you start with and end with

Example

nslookup
> google.com
Server: xxx.xxx.xxx.xxx
Address: xxx.xxx.xxx.x#53

Non-authoritative answer:
Name: google.com
Address: 74.125.225.34
Name: google.com
Address: 74.125.225.41
Name: google.com
Address: 74.125.225.32
Name: google.com
Address: 74.125.225.40
Name: google.com
Address: 74.125.225.33
Name: google.com
Address: 74.125.225.38
Name: google.com
Address: 74.125.225.36
Name: google.com
Address: 74.125.225.37
Name: google.com
Address: 74.125.225.39
Name: google.com
Address: 74.125.225.46
Name: google.com
Address: 74.125.225.35



WeenieBoy

join:2003-06-25
Pasadena, MD
reply to cme01

I checked my son's Mint. If you just look at /etc/resolv.conf the last section indicates FALLBACK DNSs both are opendns servers. If you do not want them delete both lines. Bare in mind you hit them because your ISP DNSs are not responding or your router is not forwarding dns requests. With those gone you will be unable to resolve addresses. You do not trust opendns use google 8.8.8.8 or somebody else. Mint was trying to do you a favor.



La Luna
RIP Lisa
Premium
join:2001-07-12
Warwick, NY
kudos:3

I don't understand what he thinks will happen if he removes OpenDNS and then for some reason, Optimum Online DNS doesn't respond (which I find very hard to believe that it happens very often, using Optimum myself). He won't be going anywhere. I think he's got something hinky in his router settings.



cme01

@optonline.net
reply to cme01

can malware or opendns reflash my router? because i experienced a restart of the router which said "welcome to open dns"

did it someway intrude into my router....i will do a hard reset.



Elite

join:2002-10-03
Orange, CT
Reviews:
·Optimum Online

1 recommendation

Some Windows malware has, in the past, changed a router's DNS settings to malicious DNS servers. However, this attack preyed on routers with no password or default passwords.

OpenDNS did not reflash your router. I suggest you check your router's configuration, along with your DNS settings in Linux.
--
QUAD!!!!


WeenieAlso

join:2002-01-29
Pasadena, MD
reply to cme01

1) Where do you see this message "welcome to opendns" ?
I assume you restarted your router somehow with a browser to see the message. What are you doing ?( going to internet ? )
2) If you change the password on the router it is unlikely your router was infected.
3) If you login to your router are the DNS settings opendns ?

You need to give a little more information. We know you are using Mint which we also know uses opendns as a fail safe if your primary dns(s) do not work Did you change this ?



cme01

@optonline.net
reply to cme01

okay this is exactly what occured. i have a laptop connected to the router which uses mint, i was using my windows pc. all of a sudden the router or modem had to be restarted... i opened my browser firefox and it said welcome to open dns...

this is what lead me to think my router was somehow compromised.


WeenieAlso

join:2002-01-29
Pasadena, MD

Most routers will show what they receive from the ISP you could look on the router to see what DNS IPs it is given from ISP first.

On your windows box which showed the page, can you do at a cmd prompt Start -> Run(search if win 7) -> cmd -> Enter in that window
Enter ipconfig/all Look for the line

DNS Servers

Do you see these IPs
208.67.222.222
208.67.220.220

Or do you see your router's address ? Or something different ?

If router's address appears your router is configured to use opendns and that is where you need to look.

If those addresses above appear your PC is configured for those addresses or getting them from the router. You need to look at the PCs network settings

If something else appears you need to describe your network.

Of course your ISP may use opendns ( I am not aware of any that do)

I personally use opendns and I have never seen the page you describe. I have my router using opendns and my PCs will get the Routers address for DNS.



cme01

@optonline.net
reply to cme01

the dns setting in the router is "obtain automatically from isp"

this is what lead me to believe someone at opendns compromised my router. it wasn't using a password in the first place.

now i have no choice.... i simply have to replace the router after what i encountered.



dib22

join:2002-01-27
Kansas City, MO

said by cme01 :

now i have no choice.... i simply have to replace the router after what i encountered.

The opendns call was because of mint, not the router... why would need to replace the router? Why not just edit the resolv.conf?


WeenieBoy

join:2003-06-25
Pasadena, MD
reply to cme01

You did not answer all the questions

1) What was the windows PC DNS settings ipconfig/all
2) Most routers have a status page which will show you what the router received from your ISP Are the opendns ips provided above there ?