You are not logged in.

#1 2013-01-25 20:39:54

ravicious
Member
From: Poland
Registered: 2011-06-07
Posts: 69
Website

How can I force my system through iptables to use Google's DNS?

My local provider has a little bit screwed up DNS servers and I want to force Arch to use Google's DNS.

I added their IPs to /etc/resolv.conf.head and they properly appear in /etc/resolv.conf, but as we know, /etc/resolv.conf is a list of suggested DNS IPs, not mandatory ones, so NetworkManager still uses DNS adresses from the router.

~ $ dig archlinux.org | grep SERVER
;; SERVER: 192.168.11.1#53(192.168.11.1)

The thing is I have no access to this router, so can I force Arch to use Google's DNS by setting up some iptables rules?

Last edited by ravicious (2013-01-25 20:40:50)

Offline

#2 2013-01-25 20:47:59

brebs
Member
Registered: 2007-04-03
Posts: 3,742

Re: How can I force my system through iptables to use Google's DNS?

ravicious wrote:

My local provider has a little bit screwed up DNS servers

Install BIND or unbound.

Offline

#3 2013-01-25 21:30:46

ravicious
Member
From: Poland
Registered: 2011-06-07
Posts: 69
Website

Re: How can I force my system through iptables to use Google's DNS?

I installed unbound. Configured it to use OpenDNS this time. Next:

# systemctl enable unbound.service
# echo "nameserver 127.0.0.1" > /etc/resolv.conf
# chattr +i /etc/resolv.conf

Then I restarted my laptop.

~ $ dig archlinux.org | grep SERVER
;; SERVER: 127.0.0.1#53(127.0.0.1)

However, NetworkManager still shows router's DNS and OpenDNS test site redirects me to http://www.opendns.com/welcome/oops/ and says "Your request appears to have come from a proxy". http://www.internetbadguys.com/ should display a warning page, but it doesn't show it.

Last edited by ravicious (2013-01-25 21:40:00)

Offline

#4 2013-01-25 22:48:00

Leonid.I
Member
From: Aethyr
Registered: 2009-03-22
Posts: 999

Re: How can I force my system through iptables to use Google's DNS?

ravicious wrote:

My local provider has a little bit screwed up DNS servers and I want to force Arch to use Google's DNS.

I added their IPs to /etc/resolv.conf.head and they properly appear in /etc/resolv.conf, but as we know, /etc/resolv.conf is a list of suggested DNS IPs, not mandatory ones, so NetworkManager still uses DNS adresses from the router.

~ $ dig archlinux.org | grep SERVER
;; SERVER: 192.168.11.1#53(192.168.11.1)

The thing is I have no access to this router, so can I force Arch to use Google's DNS by setting up some iptables rules?

First, iptables has nothing to do with DNS servers in general, although you can use it to filter certain DNS queries.

Second, you don't need any DNS caching service like bind/dnsmasq/... All you need to do is manually modify /etc/resolv.conf and put there your preferred DNS servers. For example, I use netcfg and dhcpcd, and

$ cat /etc/resolv.conf 
# Google DNS
nameserver 8.8.8.8
nameserver 8.8.4.4
# My router (comcast)
#nameserver 10.0.0.1
$ ll /etc/resolv.conf 
-rw-r--r-- 1 root root 59 Aug 19 16:38 /etc/resolv.conf

Note the timestamp on the file. The idea is to prohibit the DHCP client to update it with info obtained from the DHCP server. In the case of dhcpcd, there is an option "nohook resolv.conf" which can be added in /etc/dhcpcd.conf. Of course, you can always make resolv.conf 444 root:root...

NM uses dhclient by default, so you'll have to do some homework regarding its configuration. ALternatively, you can use dhcpcd which is an optdep for NM...


Arch Linux is more than just GNU/Linux -- it's an adventure
pkill -9 systemd

Offline

#5 2013-01-26 08:46:33

ravicious
Member
From: Poland
Registered: 2011-06-07
Posts: 69
Website

Re: How can I force my system through iptables to use Google's DNS?

Ok, I made some changes.

Uninstalled unbound. Changed /etc/resolv.conf to point to OpenDNS and made it readonly. Copied /etc/dhclient.conf.example to /etc/dhclient.conf. Made some changes in it: deleted 'domain-name-servers' from 'request' line and added 'prepend domain-name-servers 208.67.222.222,208.67.220.220;' above that line.

~ $ dig archlinux.org | grep SERVER
;; SERVER: 208.67.222.222#53(208.67.222.222)
~ $ nslookup archlinux.org
Server:		208.67.222.222
Address:	208.67.222.222#53

Non-authoritative answer:
Name:	archlinux.org
Address: 66.211.214.131

However, OpenDNS test sites still don't tell me that I'm using OpenDNS and NetworkManager shows router's DNS server.

Last edited by ravicious (2013-01-26 08:46:56)

Offline

#6 2013-01-26 17:48:48

Leonid.I
Member
From: Aethyr
Registered: 2009-03-22
Posts: 999

Re: How can I force my system through iptables to use Google's DNS?

Well... I assume your resolv.conf is fine. But markingit readonly is kind of a dirty hack. You should instruct dhclient/NM to never touch it in the 1st place...

If you disabled request for DNS servers in dhclient config and manually modified resolv.conf, then why do you need "prepend"? I mean, dhclient *by itself* should not touch resolv.conf even if the file is rw.

Last time I used NM, it was 2009, so you might want to set DNS in NM's GUI, not in dhclient. Alternatively, try disabling NM and manually running dhclient. What is the result of opendns tests in this case?


Arch Linux is more than just GNU/Linux -- it's an adventure
pkill -9 systemd

Offline

#7 2013-01-26 18:07:14

ravicious
Member
From: Poland
Registered: 2011-06-07
Posts: 69
Website

Re: How can I force my system through iptables to use Google's DNS?

Leonid.I wrote:

Last time I used NM, it was 2009, so you might want to set DNS in NM's GUI, not in dhclient.

The thing is, I can't do it in NM's GUI. The save button is not active, even if I'm not connected to this network.

Offline

#8 2013-01-26 19:07:36

illusionist
Member
From: localhost
Registered: 2012-04-03
Posts: 498

Re: How can I force my system through iptables to use Google's DNS?

Make changes to your resolv.conf and then execute : ( as root )

 # chattr +i /etc/resolv.conf

Thiis will preserve your changes. To remove the bit execute : ( as root )

 # chattr -i /etc/resolv.conf

Last edited by illusionist (2013-01-26 19:10:37)


  Never argue with stupid people,They will drag you down to their level and then beat you with experience.--Mark Twain
@github

Offline

#9 2013-01-26 19:25:29

ravicious
Member
From: Poland
Registered: 2011-06-07
Posts: 69
Website

Re: How can I force my system through iptables to use Google's DNS?

@illusionist

It doesn't work, it provides the same exact results as in this post.

IDK, does a simple computer reboot is enough to clear DNS cache?

Last edited by ravicious (2013-01-26 19:26:25)

Offline

#10 2013-01-26 19:28:23

illusionist
Member
From: localhost
Registered: 2012-04-03
Posts: 498

Re: How can I force my system through iptables to use Google's DNS?

Sorry somehow I missed that post of yours.


  Never argue with stupid people,They will drag you down to their level and then beat you with experience.--Mark Twain
@github

Offline

#11 2013-01-26 19:45:21

ravicious
Member
From: Poland
Registered: 2011-06-07
Posts: 69
Website

Re: How can I force my system through iptables to use Google's DNS?

I set OpenDNS servers in /etc/resolv.conf, make it read-only.

Also, I said previously that I can't edit DNS settings through nm-applet. However, I could do this through nm-connection-editor, so I did. Now everything (NetworkManager, dig, nslookup) shows that I'm using OpenDNS servers, but when I open OpenDNS test sites, they still don't work as they should. What the heck?

From OpenDNS site:

[...] we suggest to contact your ISP and confirm that they are not running a proxy. Also ask them if they allow 3rd-party DNS services, such as OpenDNS or Google DNS.

Maybe that's the issue?

Last edited by ravicious (2013-01-26 19:46:36)

Offline

Board footer

Powered by FluxBB