[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: hijacking DNS server

To: or-talk@xxxxxxxxxxxxx
Subject: Re: hijacking DNS server
From: Eugen Leitl <eugen@xxxxxxxxx>
Date: Tue, 23 Sep 2008 14:26:35 +0200
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Tue, 23 Sep 2008 08:26:43 -0400
In-reply-to: <20080922154214.GJ25850@xxxxxxxxx>
References: <20080922154214.GJ25850@xxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Mutt/1.5.13 (2006-08-11)

On Mon, Sep 22, 2008 at 05:42:14PM +0200, Eugen Leitl wrote:
> 
> Howdy,
> 
> finally gotten around to try getting Tor (nonbundle) up on a sacrificial
> G4 Mac Mini (Leopard).
> 
> Unfortunately my crappy ISP does DNS hijacking:
> 
> Sep 22 17:18:25.266 [notice] Your DNS provider gave an answer for "2vc5wruir", which is not supposed to exist.  Apparently they are hijacking DNS failures. Trying to correct for this.  We've noticed 1 possibly bad addresses so far.
> 
> Tor apparently tries a workaround, but I've been fed up with the
> ISP's shenanigans for some time already, so I'd like to fix it for all.
> Unfortunately, I don't have a low-power Linux box for bind, so it
> has to be OS X for the moment.
> 
> Is there a simple way to enable BIND on Leopard (not Server), or would
> I have to splurge $15 for the DNS Enabler?

Update: problem solved. There's a named (BIND) already installed on
OS X Leopard. You'll need to combine information from 

http://www.macosxhints.com/article.php?story=20050420025219402

http://forums.macrumors.com/showthread.php?t=562590

http://pivots.pivotallabs.com/users/chad/blog/articles/507-enabling-the-postfix-mail-daemon-on-leopard

to make it work.

Specifically (issue as sudo, or as root):

# rndc-confgen > /etc/rndc.conf 
  /* creates rndc.conf and generates key */
# head -n 6 /etc/rndc.conf > /etc/rndc.key
  /* parses the key into the proper file */

put into /System/Library/LaunchDaemons/org.isc.named.plist
(at the bottom, in the 'dict' element):
<key>RunAtLoad</key>
<true></true>
<key>OnDemand</key>
<false></false>

launchctl load -w /System/Library/LaunchDaemons/org.isc.named.plist

Use system preferences to make 127.0.0.1 your nameserver. There 
should be no longer warnings like

Sep 23 13:49:30.189 [notice] Your DNS provider gave an answer for "wiban75uk5s", which is not supposed to exist.  Apparently they are hijacking DNS failures. Trying to correct for this.  We've noticed 1 possibly bad addresses so far.

in tail -f /var/log/tor.log

-- 
Eugen* Leitl <a href="http://leitl.org";>leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

References:
- hijacking DNS server
  - From: Eugen Leitl

Prev by Author: Re: hijacking DNS server
Next by Author: Re: Ports 465/587 in exit policy (was Re: Update to default exit policy)
Previous by thread: Re: hijacking DNS server
Next by thread: Re: hijacking DNS server
Index(es):
- Author
- Thread