Comments

19 comments

  • Avatar
    cobalt-phoenix

    It is probably the normal and optimal operation of OpenDNS in case this root server is the closest of the 13 from the OpenDNS data center you use.  Why should OpenDNS query a more distant root server if the closest is available and responsive?

    0
    Comment actions Permalink
  • Avatar
    aasalem10

    My concern was raised when -GRC-DNS Nameserver Spoofability Test- recently continue to return zero DNS. While all my queries are returning Opendns. 

    i.e.{

    alaa@alaa-HP-Pavilion-dv2700-Notebook-PC:~$ dnstracer -c www.ubuntugeek.com

    Tracing to www.ubuntugeek.com[ a] via 208.67.222.222, maximum of 3 retries

    208.67.222.222 (208.67.222.222) Got answer [received type is cname] 

    }

    Linux alaa-HP-Pavilion-dv2700-Notebook-PC 4.4.0-24-generic #43-Ubuntu SMP Wed Jun 8 19:25:16 UTC 2016 i686 athlon i686 GNU/Linux

     

    Vivaldi: 1.2.490.39 () (32-bit)

    Firefox: 47.0

     

     

     

     




    GRC-zeroDNS.png
    0
    Comment actions Permalink
  • Avatar
    aasalem10

    So that one Nameserver was a common factor. 




    Workspaces_022.png
    0
    Comment actions Permalink
  • Avatar
    cobalt-phoenix

    "My concern was raised when -GRC-DNS Nameserver Spoofability Test- recently continue to return zero DNS."

    And this test assumes that you're running an ad blocker or something similar.  It could also be a browser security setting causing this.

    "So that one Nameserver was a common factor."

    This is something different and unrelated to the root server question.  Your OS seems to be using just one of the configured resolvers.  (Although this is not what I could obtain from the pictures you posted, because you got at least for IP addresses from the routers located in front of OpenDNS.)
    https://www.opendns.com/data-center-locations/

    So, after all, what's your problem?  Do you have any troubles with your DNS queries?  Why are you concerned?

    0
    Comment actions Permalink
  • Avatar
    aasalem10

    Their is no ad blocker or otherwise affecting GRC-DNS Nameserver Spoofability Test--  i do not know why this is happening. 

    Other problem that keeps happening is redirecting to login page at qq mail. Am not an expert on on DNS operation but to my knowledge their is many different entry point to a specific web-server.  

    It would be helpful if you posted some commands to verify the function of my  configured resolvers and/or DNS that rule- out this cause. Thanks.




    Workspaces_033.png
    0
    Comment actions Permalink
  • Avatar
    cobalt-phoenix

    I still do not see what your problems are.

    Here is the OpenDNS diagnostic tool: https://support.opendns.com/entries/21841580

    0
    Comment actions Permalink
  • Avatar
    aasalem10

    To provide diagnostic information for a Linux/Unix machine, please run the following commands and provide the results in your reply to the support ticket:

    nslookup -type=txt debug.opendns.com.
    nslookup -type=txt debug.opendns.com. 208.67.222.222
    nslookup -type=txt debug.opendns.com. 208.67.222.222 -port=443
    nslookup -type=txt debug.opendns.com. 208.67.222.222 -port=5353
    traceroute 208.67.222.222
    traceroute api.opendns.com.
    traceroute bpb.opendns.com.
    ifconfig

    If you are asked to test a specific domain:
    nslookup domain.com
    -------------------------------------------------------------------------------------------------------------------------------------/

    Thanks for the above- The below is while  my home router is set to use OpenDns. 

    alaa@alaa-HP-Pavilion-dv2700-Notebook-PC:~$ cat /etc/network/interfaces
    # interfaces(5) file used by ifup(8) and ifdown(8)
    auto lo
    iface lo inet loopback


    alaa@alaa-HP-Pavilion-dv2700-Notebook-PC:~$ ifconfig
    enp0s10 Link encap:Ethernet HWaddr 00:1d:72:44:05:51
    inet addr:192.168.1.2 Bcast:192.168.1.255 Mask:255.255.255.0
    inet6 addr: fe80::788f:9c40:130f:f0cc/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:1547 errors:0 dropped:0 overruns:0 frame:0
    TX packets:1610 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:917857 (917.8 KB) TX bytes:288516 (288.5 KB)

    lo Link encap:Local Loopback
    inet addr:127.0.0.1 Mask:255.0.0.0
    UP LOOPBACK RUNNING MTU:65536 Metric:1
    RX packets:800 errors:0 dropped:0 overruns:0 frame:0
    TX packets:800 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1
    RX bytes:41764 (41.7 KB) TX bytes:41764 (41.7 KB)

    alaa@alaa-HP-Pavilion-dv2700-Notebook-PC:~$ nslookup -type=txt debug.opendns.com.
    Server: 208.67.222.222
    Address: 208.67.222.222#53

    Non-authoritative answer:
    debug.opendns.com text = "server 9.lon"
    debug.opendns.com text = "flags 20 0 70 5950800000000000000"
    debug.opendns.com text = "originid 0"
    debug.opendns.com text = "actype 0"
    debug.opendns.com text = "source 197.167.33.149:39562"

    Authoritative answers can be found from:

    alaa@alaa-HP-Pavilion-dv2700-Notebook-PC:~$ nslookup -type=txt debug.opendns.com. 208.67.222.222 -port=443Server: 208.67.222.222
    Address: 208.67.222.222#443

    Non-authoritative answer:
    debug.opendns.com text = "server 1.lon"
    debug.opendns.com text = "flags 20 0 70 5950800000000000000"
    debug.opendns.com text = "originid 0"
    debug.opendns.com text = "actype 0"
    debug.opendns.com text = "source 197.167.33.149:46406"

    Authoritative answers can be found from:

    alaa@alaa-HP-Pavilion-dv2700-Notebook-PC:~$ nslookup -type=txt debug.opendns.com. 208.67.222.222 -port=5353
    Server: 208.67.222.222
    Address: 208.67.222.222#5353

    Non-authoritative answer:
    debug.opendns.com text = "server 1.lon"
    debug.opendns.com text = "flags 20 0 70 5950800000000000000"
    debug.opendns.com text = "originid 0"
    debug.opendns.com text = "actype 0"
    debug.opendns.com text = "source 197.167.33.149:33777"

    Authoritative answers can be found from:

    alaa@alaa-HP-Pavilion-dv2700-Notebook-PC:~$ traceroute 208.67.222.222
    traceroute to 208.67.222.222 (208.67.222.222), 30 hops max, 60 byte packets
    1 192.168.1.1 (192.168.1.1) 0.797 ms 0.816 ms 1.203 ms
    2 172.16.51.225 (172.16.51.225) 19.272 ms 19.446 ms 19.748 ms
    3 172.18.1.97 (172.18.1.97) 11.727 ms 172.18.1.181 (172.18.1.181) 12.643 ms 172.18.1.97 (172.18.1.97) 13.772 ms
    4 host-81.10.87.229.tedata.net (81.10.87.229) 15.328 ms 16.458 ms 17.672 ms
    5 10.37.241.54 (10.37.241.54) 23.306 ms 10.37.11.129 (10.37.11.129) 23.576 ms 10.37.241.54 (10.37.241.54) 24.573 ms
    6 so-1-0-0.lon12.ip4.gtt.net (141.136.98.33) 163.123 ms 145.110 ms 148.577 ms
    7 xe-1-2-0.lon10.ip4.gtt.net (89.149.187.17) 150.306 ms xe-7-3-0.lon10.ip4.gtt.net (89.149.186.225) 150.568 ms xe-1-2-0.lon10.ip4.gtt.net (89.149.187.17) 152.396 ms
    8 opendns-gw.ip4.gtt.net (77.67.73.218) 153.445 ms 155.327 ms 156.767 ms
    9 resolver1.opendns.com (208.67.222.222) 156.560 ms 159.497 ms 160.677 ms
    alaa@alaa-HP-Pavilion-dv2700-Notebook-PC:~$ traceroute api.opendns.com
    traceroute to api.opendns.com (67.215.92.210), 30 hops max, 60 byte packets
    1 192.168.1.1 (192.168.1.1) 1.557 ms 1.849 ms 2.213 ms
    2 172.16.51.225 (172.16.51.225) 9.289 ms 10.281 ms 11.487 ms
    3 172.18.1.97 (172.18.1.97) 12.149 ms 13.854 ms 172.18.1.181 (172.18.1.181) 18.329 ms
    4 host-81.10.87.229.tedata.net (81.10.87.229) 16.760 ms 17.202 ms 18.375 ms
    5 10.37.11.129 (10.37.11.129) 24.917 ms 25.060 ms 10.37.241.54 (10.37.241.54) 27.026 ms
    6 so-1-0-0.lon12.ip4.gtt.net (141.136.98.33) 167.488 ms 157.716 ms 160.316 ms
    7 xe-11-3-5.sjc12.ip4.gtt.net (141.136.108.226) 314.775 ms 314.906 ms 315.027 ms
    8 opendns-gw.ip4.gtt.net (216.221.158.206) 316.365 ms 320.374 ms 321.416 ms
    9 vlan130.fw1.sjc.opendns.com (67.215.78.6) 321.635 ms 321.923 ms 324.578 ms
    10 * * *
    11 * * *
    12 * * *
    13 * * *
    14 * * *
    15 * * *
    16 * * *
    17 * * *
    18 * * *
    19 * * *
    20 * * *
    21 * * *
    22 * * *
    23 * * *
    24 * * *
    25 * * *
    26 * * *
    27 * * *
    28 * * *
    29 * * *
    30 * * *
    alaa@alaa-HP-Pavilion-dv2700-Notebook-PC:~$ traceroute bpb.opendns.com
    traceroute to bpb.opendns.com (208.69.34.153), 30 hops max, 60 byte packets
    1 192.168.1.1 (192.168.1.1) 0.749 ms 1.109 ms 1.504 ms
    2 172.16.51.225 (172.16.51.225) 8.663 ms 9.657 ms 10.745 ms
    3 172.18.1.181 (172.18.1.181) 12.368 ms 13.040 ms 14.031 ms
    4 host-81.10.87.229.tedata.net (81.10.87.229) 15.491 ms 16.710 ms 17.923 ms
    5 10.37.241.54 (10.37.241.54) 22.679 ms 23.605 ms 10.37.11.129 (10.37.11.129) 26.081 ms
    6 so-1-0-0.lon12.ip4.gtt.net (141.136.98.33) 187.808 ms 169.380 ms 143.439 ms
    7 xe-1-2-0.lon10.ip4.gtt.net (89.149.187.17) 144.613 ms xe-7-3-0.lon10.ip4.gtt.net (89.149.186.225) 145.745 ms 146.724 ms
    8 opendns-gw.ip4.gtt.net (77.67.73.218) 147.835 ms 149.055 ms 150.107 ms
    9 * * *
    10 * * *
    11 * * *
    12 * * *
    13 * * *
    14 * * *
    15 * * *
    16 * * *
    17 * * *
    18 * * *
    19 * * *
    20 * * *
    21 * * *
    22 * * *
    23 * * *
    24 * * *
    25 * * *
    26 * * *
    27 * * *
    28 * * *
    29 * * *
    30 * * *
    alaa@alaa-HP-Pavilion-dv2700-Notebook-PC:~$ ifconfig
    enp0s10 Link encap:Ethernet HWaddr 00:1d:72:44:05:51
    inet addr:192.168.1.2 Bcast:192.168.1.255 Mask:255.255.255.0
    inet6 addr: fe80::788f:9c40:130f:f0cc/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:1900 errors:0 dropped:0 overruns:0 frame:0
    TX packets:2096 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:976661 (976.6 KB) TX bytes:334950 (334.9 KB)

    lo Link encap:Local Loopback
    inet addr:127.0.0.1 Mask:255.0.0.0
    UP LOOPBACK RUNNING MTU:65536 Metric:1
    RX packets:1180 errors:0 dropped:0 overruns:0 frame:0
    TX packets:1180 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1
    RX bytes:60764 (60.7 KB) TX bytes:60764 (60.7 KB)

    alaa@alaa-HP-Pavilion-dv2700-Notebook-PC:~$ uname -a
    Linux alaa-HP-Pavilion-dv2700-Notebook-PC 4.4.0-24-generic #43-Ubuntu SMP Wed Jun 8 19:25:16 UTC 2016 i686 athlon i686 GNU/Linux
    alaa@alaa-HP-Pavilion-dv2700-Notebook-PC:~$ date
    ن يون 20 01:49:09 EET 2016
    alaa@alaa-HP-Pavilion-dv2700-Notebook-PC:~$ dnstracer www.mavetju.org
    Tracing to www.mavetju.org[a] via 208.67.222.222, maximum of 3 retries
    208.67.222.222 (208.67.222.222) Got answer
    alaa@alaa-HP-Pavilion-dv2700-Notebook-PC:~$ nslookup www.mavetju.org
    Server: 208.67.222.222
    Address: 208.67.222.222#53

    Non-authoritative answer:
    Name: www.mavetju.org
    Address: 202.83.176.248

    alaa@alaa-HP-Pavilion-dv2700-Notebook-PC:~$ sudo cat /etc/resolvconf/resolv.conf.d/head
    [sudo] password for alaa:
    # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
    # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN

    #Google:
    #nameserver 8.8.8.8
    #nameserver 8.8.4.4

    #Comodo
    8.26.56.26
    8.20.247.20

    #link
    #nameserver 213.131.65.20
    #nameserver 213.131.66.246

    #nameserver 41.131.19.61
    #nameserver 41.131.117.42

    #TEdata
    #nameserver 41.38.74.82

    #Level3:
    # nameserver 4.2.2.1
    # nameserver 4.2.2.2

    #OpenDNS
    nameserver 208.67.222.222
    nameserver 208.67.220.220

    #HE
    #nameserver 74.82.42.42

    #Sunbelt:
    # nameserver 74.118.212.1
    # nameserver 74.118.212.2

    #freedns.zone
    #nameserver 37.235.1.174
    #nameserver 37.235.1.177

    #Symantec:
    # nameserver 198.153.192.1
    # nameserver 198.153.194.1


    #UltraDNS:
    #nameserver 156.154.70.1
    #nameserver 156.154.71.1


    #Verio / NTT:
    # nameserver 129.250.35.250
    # nameserver 129.250.35.251

    #Dnsadvantage

    #156.154.70.1
    #156.154.71.1

    #Yandex
    # nameserver 77.88.8.88
    # nameserver 77.88.8.2

    alaa@alaa-HP-Pavilion-dv2700-Notebook-PC:~$




    RouterPage-OpenDNS-screenshot-192 168 1 1 2016-06-20 02-06-28.png
    OpenDns-diagnostic
    0
    Comment actions Permalink
  • Avatar
    cobalt-phoenix

    Things to do:

    • Fill the DNS 3 field on your router with 208.67.222.220 or 208.67.220.222 
      Or better: if possible configure the OpenDNS resolver addresses on the WAN side of the router, not on the LAN/DHCP side.
    • Add a network at https://dashboard.opendns.com/settings/ with your public IP address 197.167.33.149
    • Remove (or comment out) the Comodo nameservers in /etc/resolvconf/resolv.conf.d/head
    • Your ISP in Egypt and the peering network carriers have configured suboptimal routing, so that you are using the OpenDNS data center in London instead of the one in e.g. Bucharest.  Your latency is not good therefore.  There's not much you can do except to contact your ISP.
    0
    Comment actions Permalink
  • Avatar
    aasalem10

    Some additional with Dig.




    dig-OpenDns
    0
    Comment actions Permalink
  • Avatar
    rotblitz

    Honestly, do you know what you do and why you do it?  Why would you use a resolver address of 1.1.1.1, although this isn't a resolver?
    "connection timed out; no servers could be reached"

    This also drifts now away from the original topic "One dns root server instance" or "-GRC-DNS Nameserver Spoofability Test- recently continue to return zero DNS" and is no longer related to anything above.  I (as cobalt-phoenix) told you what to do, based on your screen shots and diagnostic outputs, and that's all I have to say.  I'll be keeping out from now.

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    And regarding the GRC DNS Nameserver Spoofability Test: if you have issues with this, because it doesn't find your resolvers, you must refer to the creator of this test, not to the recursive DNS service you're using (OpenDNS).  Nobody else than the creator of this test can answer what and how this tool measures anything unless it is fully described at the GRC website.  Trying to discuss it here is simply the wrong place and the wrong audience.

    0
    Comment actions Permalink
  • Avatar
    aasalem10

    Hi:

    Thanks for your attempt to resolve my concern.  As you may notice am no expert in this subject and not sure if OpenDns uses fixed data center or cloud-based-networks. Therefore, what is relevant or not when asking about "root server" are difficult for me to realize.

    PS. as a feedback the attached .png is one of a very rarely seen by me on Vivaldi browser where the plug-in is unable to  read page-info.




    OpenDNS-support-Screenshot from 2016-06-21 16-40-36.png
    0
    Comment actions Permalink
  • Avatar
    rotblitz

    "not sure if OpenDns uses fixed data center or cloud-based-networks."

    Everything on the internet is "cloud based".  OpenDNS use Anycast technology causing your DNS traffic to be routed to their closest data center - unless suboptimal routing has been configured by your ISP or the peering network carriers.  This is what I said above already.
    https://www.opendns.com/data-center-locations/

    You shouldn't use browser plug-ins if you don't know what they do and what their messages mean.  It can be very dangerous...

    0
    Comment actions Permalink
  • Avatar
    mattwilson9090

    @aasalem10 Part of the problem here is that you've never actually state what your problem is, what you are trying to solve, or come out with a direct question. Instead you are throwing out a lot of information and then asking for explanations for it all, but we can't tell what point you are trying to make.

    I'm getting the impression is that you are trying to use this forum to teach you IT and technology related things in general, not solve any particular problems or concerns that you have

    0
    Comment actions Permalink
  • Avatar
    mattwilson9090

    Ok. At least you finally came out and said you are having an actual problem.

    Why do you think these are related to OpenDNS, and how is this related to your initial statement about root servers? None of the links you provided even mention DNS resolution from your own local network, and I can't see where any of them have your local DNS resolution involved.

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    @aasalem10
    This is a forum to discuss OpenDNS related topics, not a forum to discuss other or general IT areas.  Nothing, absolutely nothing what you listed has to do with recursive DNS in general or OpenDNS in particular.

    OpenDNS is your phone book of the internet, not your phone lines.  It resolves the names you use to numbers (IP addresses).  That's it!

    0
    Comment actions Permalink
  • Avatar
    aasalem10

    Warnings and abnormality shown by Netalyzr while using OpenDns was another factor that prompted me to ask OpenDns experts.




    Yandex-Dns-screenshot-n2 netalyzr icsi berkeley edu 2016-06-30 17-53-35.png
    OpenDns-screenshot-n1 netalyzr icsi berkeley edu 2016-06-30 18-17-56.png
    0
    Comment actions Permalink
  • Avatar
    rotblitz

    Yeah, we know, because this has been outlined by me already above.  Copying it down for your convenience:

    • Your ISP in Egypt and the peering network carriers have configured suboptimal routing, so that you are using the OpenDNS data center in London instead of the one in e.g. Bucharest.  Your latency is not good therefore.  There's not much you can do except to contact your ISP.
    0
    Comment actions Permalink

Please sign in to leave a comment.