On 11/12/2013 10:13 PM, Tim issued this missive: If you want to use dig to query a DNS server that is NOT in your /etc/resolv.conf file, use something like: dig @208.67.229.220 -p 5353 www.bbc.co.uk The "@ip-address" would be the address of the DNS server you want to query. If you don't want to use the standard DNS port of 53, then include the "-p <val>" with "<val>" the non-standard port number to use (e.g. port 5353 in this example). See "man dig" for other options. ---------------------------------------------------------------------- - Rick Stevens, Systems Engineer, AllDigital ricks(a)alldigital.com - - AIM/Skype: therps2 ICQ: 22643734 Yahoo: origrps2 - - - - Diplomacy: The art of saying "Nice doggy!" until you can find a - - big enough rock. - ----------------------------------------------------------------------

Bob Goodwin: Just to be clear, DNS means domain name *system* not *server*. So, are you asking you're not sure what DNS server has responded, or you don't know how to read the answers you got back from dig? Looking at your above dig results: Your command line asked whatever your computer's default DNS server was (configured in /etc/resolv.conf) to look up www.bbc.co.uk. The ANSWER section gives results about your query addresses. A query for www.bbc.co.uk gets a CNAME answer of www.bbc.net.uk (i.e. it says use that second name, instead). Followed by two answers for IPs for www.bbc.net.uk, saying to use either 212.58.246.93 or 212.58.246.92 (either will do). The QUERY TIME section says the server that answered was 192.168.1.1, so that would be the first DNS server address in your /etc/resolv.conf file. Second or third server addresses in that config file will only be consulted if the first one failed to respond, and there'd be a seriously long time-out period before that happened. Your router, at 192.168.1.1 may have tried to query 208.67.229.220:5353 and 208.67.222.222:5353 to find the results (I don't know if your router/modem can accept port numbers attached to the IPs, like that), and may have connected to them. Or, your ISP may have intercepted that. You might try using those IPs and ports with the dig command, directly. By default, dig will use your pre-configured DNS servers (in your /etc/resolv.conf file) unless you specify a server to query on its command line. That is *which* server to ask, not just what address you want to look up. -- [tim@localhost ~]$ uname -r 2.6.27.25-78.2.56.fc9.i686 Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists.

On 12/11/13 18:58, Cameron Simpson wrote: Most of the time I only allow connection to the iCloud, iTunes, etc. between midnight and five local time which is what they allow without tracking usage. I can open that if there is a need to connect at other times. I also have another filter that controls specific LAN addresses from connecting to the WAN except between midnight and five. And another that I hope blocks WAN traffic to my NFS also on the LAN. I use the Tomato 1.28 version of DD-WRT which permits a lot of control, logging, and I can view usage at any time even in real time which is a good way to see what my system download/upload speeds are as stuff is transferred. I also keep a daily record of the ISP'slogged data for my daily usage so I always know where I stand. I get 25 gigs per month but it costs me $10 a gig for anything I want beyond that. I've been managing our usage for about seven years now and it works well for me. Bob -- http://www.qrz.com/db/W2BOD box10 Fedora-19/64 bit Linux/XFCE

On 12/11/13 13:03, Jim wrote: Yes, normally you would expect that but Viasat Exede forces you to their DNS no matter what you set your router for and there is nothing wrong with the way that works as long as it is working normally. I have had some intermittent problems recently but since my complaint yesterday it has worked well. Coincidence perhaps? Bob -- http://www.qrz.com/db/W2BOD box10 Fedora-19/64 bit Linux/XFCE

On 12/11/13 09:41, Tim wrote: I changed the router configuration to use 208.67.229.220:5353 and 208.67.222.222:5353 and see the following: [root@box10 bobg]# dig www.bbc.co.uk ; <<>> DiG 9.9.3-rl.13207.22-P2-RedHat-9.9.3-5.P2.fc19 <<>> www.bbc.co.uk ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35870 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.bbc.co.uk. IN A ;; ANSWER SECTION: www.bbc.co.uk. 176 IN CNAME www.bbc.net.uk. www.bbc.net.uk. 182 IN A 212.58.246.93 www.bbc.net.uk. 182 IN A 212.58.246.92 ;; Query time: 616 msec ;; SERVER: 192.168.1.1#53(192.168.1.1) ;; WHEN: Tue Nov 12 11:46:20 EST 2013 ;; MSG SIZE rcvd: 100 As you say the cache is much faster, 2 ms as opposed to 616 ms. But I still don't know what DNS address it actually goes to, how do I find that? -- http://www.qrz.com/db/W2BOD box10 Fedora-19/64 bit Linux/XFCE

On Sun, Nov 10, 2013 at 5:41 PM, Bob Goodwin ~ Zuni, Virginia, USA <bobgoodwin(a)wildblue.net&gt; wrote: Wild guess: maybe the DNS information you have manually provided to DD-WRT got made wrong by changes in the network (seems plausible given the IP lookup data others have given), and something's going wrong with the magic they use to override other DNS servers besides theirs (including the one you're using which you thought was valid but perhaps has now changed). Try reconfiguring DD-WRT to get its DNS information from your ISP's DHCP server and see if your problem persists. (I believe you just set Static DNS to all 0s in DD-WRT to accomplish this.) -T.C.

On 11/11/13 08:40, Sam Varshavchik wrote: I would not hesitate to try a new one if it was readily available to me but as I understandit the modem is unique to their service/system. The old one had transmit and receive coax cables between it and the antenna, this one uses only one coax but I believe part of the radio circuitry is in the modem with intermediate frequency signaling between it and the antenna. It needs to do things like control the subscriber transmitter power with varying weather conditions, stuff that would be different than a cable modem. Tech support did suggest that it could be a modem problem but I generally try to avoid going through their troubleshooting procedure, at least leave that 'til last.. -- http://www.qrz.com/db/W2BOD box10 Fedora-19/64 bit Linux/XFCE

Bob Goodwin ~ Zuni, Virginia, USA writes: DD-WRT does not give you the option to use fixed DNS servers, instead of whatever DHCP servers it gets via DHCP from your ISP? I'm surprised to hear that. Or, rereading what you earlier wrote, maybe you're saying that your ISP blocks port 53 traffic, and will only let you use their DNS servers.

Allegedly, on or about 10 November 2013, Bob Goodwin ~ Zuni, Virginia, USA sent: There is a chance that you could still use an outside DNS service, if you can access one that uses a different port than your ISP is intercepting. This would, also, depend on you either making up TCP/IP redirection rules on your gateway so your clients queries go to that unusual port. Or, running your own DNS server on a PC. You'd configure your clients to use that DNS server as a normal DNS server, and you'd configure the DNS server to do the unusual port queries. ISPs are notorious for having awful DNS services, particularly ones that play silly games with forcing you to use them. So running your own DNS server, that's totally under your control, can be quite advantageous. The mini DNS servers in some modem/routers are awful, and have no configuration options. Some modem/routers don't have a DNS server, they simply act as a proxy between you and the ISP supplied DNS server IPs. -- [tim@localhost ~]$ uname -rsvp Linux 3.9.10-100.fc17.x86_64 #1 SMP Sun Jul 14 01:31:27 UTC 2013 x86_64 All mail to my mailbox is automatically deleted, there is no point trying to privately email me, I will only read messages posted to the public lists. George Orwell's '1984' was supposed to be a warning against tyranny, not a set of instructions for supposedly democratic governments.

Bob Goodwin ~ Zuni, Virginia, USA writes: The only option I can think of is to use an SSL-based VPN tunnel, to a friendly VPS provider. Of course, this is going to kill your bandwidth.

Allegedly, on or about 10 November 2013, Bob Goodwin ~ Zuni, Virginia, USA sent: (Almost) only as far as making sure that your DHCP server tells its clients the right IP to use for their DNS queries. Which it looks like it is, from subsequent replies. DCHP servers tell the clients various things to configure their network, one of which is what DNS server IPs to use. Others are the clients own IP, and things like the gateway (where the clients connect through to the outside world), netmask (which sets the boundary between what's inside or outside). So, if your clients have proper networking addresses, you can ignore debugging your DHCP server configuration. If they have some details wrong, then you need to check whether your DHCP server is doling out the right information, or your clients are ignoring it (some people set manual overriding configurations on their PCs). -- [tim@localhost ~]$ uname -rsvp Linux 3.9.10-100.fc17.x86_64 #1 SMP Sun Jul 14 01:31:27 UTC 2013 x86_64 All mail to my mailbox is automatically deleted, there is no point trying to privately email me, I will only read messages posted to the public lists. George Orwell's '1984' was supposed to be a warning against tyranny, not a set of instructions for supposedly democratic governments.

On 10/11/13 18:24, Ed Greshko wrote: I don't remember how I got those DNS addresses but they have been working for a couple of years without a problem until recently. I will look into it some more tomorrow. -- http://www.qrz.com/db/W2BOD box10 Fedora-19/64 bit Linux/XFCE

On 11/11/13 06:32, Bob Goodwin ~ Zuni, Virginia, USA wrote: Quite some time ago it was determined that your ISP uses "transparent DNS proxy" to force you to use their DNS servers. But, I really would ask them about their use of IP addresses.... as this is the output of whois 182.63.128.68 inetnum: 182.62.0.0 - 182.63.255.255 netname: DIGI-MY descr: DiGi Telecommunications Sdn Bhd descr: Lot 10, Jalan Delima 1/1, Subang Hi-Tech Industrial Park, descr: 40000 Shah Alam, Selangor Darul Ehsan, Malaysia country: MY admin-c: DIA1-AP tech-c: DI39-AP mnt-by: APNIC-HM mnt-lower: MAINT-MY-DIGI-SB mnt-routes: MAINT-MY-DIGI-SB status: ALLOCATED PORTABLE remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+ remarks: This object can only be updated by APNIC hostmasters. remarks: To update this object, please contact APNIC remarks: hostmasters and include your organisation's account remarks: name in the subject line. remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+ mnt-irt: IRT-DIGI-MY changed: hm-changed(a)apnic.net 20100224 source: APNIC One wonders if their screwing with IP addresses doesn't fail at times. Maybe, sometimes, they actually transmit the DNS request to Malaysia. I would ask the ISP what the IP address of their DNS servers should be..... -- Getting tired of non-Fedora discussions and self-serving posts

On 11/11/13 05:38, staticsafe wrote: whois shows those IP's belonging to DiGi Telecommunications Sdn Bhd in Malaysia. -- Getting tired of non-Fedora discussions and self-serving posts

On 11/10/2013 15:29, Bob Goodwin ~ Zuni, Virginia, USA wrote: dresden ~ # dig google.com @182.63.128.68 ; <<>> DiG 9.9.3-P2 <<>> google.com @182.63.128.68 ;; global options: +cmd ;; connection timed out; no servers could be reached dresden ~ # dig google.com @182.63.128.69 ; <<>> DiG 9.9.3-P2 <<>> google.com @182.63.128.69 ;; global options: +cmd ;; connection timed out; no servers could be reached That might be your problem, I would suggest testing yourself to see if they are down for you as well. As a temporary measure you can use Google Public DNS: https://developers.google.com/speed/public-dns/ -- staticsafe O< ascii ribbon campaign - stop html mail - www.asciiribbon.org Please don't top post. It is not logical. Please don't CC me! I'm subscribed to whatever list I just posted on.

On 11/10/2013 14:57, Bob Goodwin ~ Zuni, Virginia, USA wrote: DHCP is used to distribute DNS resolvers to your LAN. What resolvers do you get via DHCP? (Check Network Manager or /etc/resolv.conf) -- staticsafe O< ascii ribbon campaign - stop html mail - www.asciiribbon.org Please don't top post. It is not logical. Please don't CC me! I'm subscribed to whatever list I just posted on.

Bob Goodwin ~ Zuni, Virginia, USA writes: Don't exclude the possibility that the modem itself is flipping out. My DSL started going down once a week or so, some years ago. Powercycling the modem always put me back online. Troubleshooting with the ISP wasn't very productive. I ended up buying a new modem, and that was it. The old modem is still sitting in a dusty cabinet, and I actually pulled it out, in a pinch, when I suspected a problem with my current modem.

On 11Nov2013 20:21, Bob Goodwin <bobgoodwin(a)wildblue.net&gt; wrote: [...] If it is like the setup in our Gilat satellite modem here, there are two primary things going on. (Based on reading scattered stuff on the net when trying to debug an annoying problem some months ago.) The modem/satellite system does HTTP prefetching; when you fetch a web page the traffic is sniffed and requests for the page content (images etc) are prefetched. This step may happen upstream of the modem (eg in a proxy at the ISP) or it may happen in the modem - this is unclear; that "HTTP acceleration" is a modem-side setting suggests it may be happening in the modem. The other thing the Gilat modems do is "TCP acceleration". I gather a TCP connection is terminated localy at the modem, and the data stream sent with a more efficient protocol over the satellite section of the link and a TCP connection established on the upstream (far side of you->satellite->downstation) to carry the traffic from there to the target server. The TCP handshake takes place in real time - the modem does not falsely complete a connection only to have upstream fail, but past that the traffic is proxied. This may sound ineffectual, but in fact it has throughput benefits. The TCP connection from upstream to the target server can transfer data rapidly across the fast and low latency ground based network. The data beamed to/from the satellite is sent directly using the satellite specific data integrity protocols without the TCP packet tracking protocol, and the data from your host to the modem travels with low round trip latency to/from the modem I'm speaking here of the TCP packet ACK stuff, which is now you<->modem and upstream<->target-server. This results in greater throughput. Cheers, -- Cameron Simpson <cs(a)zip.com.au&gt; I took that Reading Dynamics course, and it really works. I read _War and Peace_ in an hour last night. It's about Russia. - W. Allen, ca. 1962

On Tue, 2013-11-12 at 23:09 +0800, Ed Greshko wrote: It depends on how they're doing it. If they simply intercept port 53 traffic, then not using port 53 for your queries will bypass it. But if they also snoop on some other ports, or snoop on all traffic for things that look like DNS queries, then you're screwed. My opinion of ISPs that do transparent proxying, is rather low. I understand the point of view that some do that, so users don't have to configure their software. But my experience has been that ISPs do it to: Lower their operating costs, while still charging you the same, and to rake in more customers than their equipment (otherise) has bandwidth for. -- [tim@localhost ~]$ uname -r 2.6.27.25-78.2.56.fc9.i686 Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists.

On 11/12/2013 10:03 AM, Jim wrote: Actually, no. It won't. What it shows is where the DSLAM you're connected to is, and in my case, that's several miles away.

On 11/11/13 07:18, Tim wrote: But what if they are caching stuff, e.g. foxnews, some popular video clips, etc. and delivering them to the user without going through the satellite loop? I don't know what they are doing but they claim to be "optimizing" the system with their caching. I'm not concerned about the trivial usage attributable to DNS. I just want it to work. As it has been I've had to restart the Viasat modem several times a week, an annoyance I will have to put up with it seems, my experience has been that such things eventually change, hopefully for the better. -- http://www.qrz.com/db/W2BOD box10 Fedora-19/64 bit Linux/XFCE

Allegedly, on or about 11 November 2013, Bob Goodwin sent: Looking at that page, from what I can gather. They have a ground based network, with high speed and high bandwidth. It connects to you, other users, and probably other local services. The satellite is their link to things further away, and has latency by still high bandwidth, so things work well enough by the time that they've started and filled up a cache (e.g. watching streaming video). The modem has some custom compression to speed thing up even more - though any old BBS SysOp can tell you that you can only speed up still-compressible data, that way, not all data. So, again, I say just find yourself a decent DNS server, and use it instead. You'll still be going through their caches and proxies for the data, you'll just be getting the addresses quicker. Next time it happens, start playing with the dig tool. Make queries against your router, and against the DNS IPs the ISP provides (to the router), and try some external DNS servers that have different ports (the dig command lets you specify ports, read the man page, brief outline below). Do queries for different addresses, if you keep querying the same address, you'll just get results from a cache. dig @server -p number address Substituting "server" for the address of server you're going to query, "number" for the port number you're querying through (if not the usual port 53), and address for the address you want to query. Have you tried OpenDNS on port 5353 instead of port 53? If you're lucky, your ISP is only doing a simplistic buggery of DNS on 53. e.g. dig @208.67.222.222 -p 5353 www.bbc.co.uk ; <<>> DiG 9.9.3-rl.156.01-P1-RedHat-9.9.3-3.P1.fc17 <<>> @208.67.222.222 -p 5353 www.bbc.co.uk ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61634 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.bbc.co.uk. IN A ;; ANSWER SECTION: www.bbc.co.uk. 291 IN CNAME www.bbc.net.uk. www.bbc.net.uk. 165 IN A 212.58.244.68 www.bbc.net.uk. 165 IN A 212.58.244.69 ;; Query time: 98 msec ;; SERVER: 208.67.222.222#5353(208.67.222.222) ;; WHEN: Wed Nov 13 01:03:31 CST 2013 ;; MSG SIZE rcvd: 100 I get about a quarter or third of that time if I try other DNS servers. My own took 1500 mS the first time, then 6 ms for subsequent attempts (local cache is much quicker than internet propagation delays). Queries for other addresses took about 100 mS, so the BBC query must have been answered by something further away. My server checks it cache, then (if it doesn't have an answer) goes out to the root servers (to find out who would know the answer), then whatever servers the roots tell it, like a proper traditional DNS server. I consider 1.5 secs for a response to be unusually long. I couldn't put up with that, or worse, consistently. -- [tim@localhost ~]$ uname -rsvp Linux 3.9.10-100.fc17.x86_64 #1 SMP Sun Jul 14 01:31:27 UTC 2013 x86_64 All mail to my mailbox is automatically deleted, there is no point trying to privately email me, I will only read messages posted to the public lists. George Orwell's '1984' was supposed to be a warning against tyranny, not a set of instructions for supposedly democratic governments.