On 3/12/07, Keith Lofstrom <[log in to unmask]> wrote:
> This weekend at a motel with free wifi, the nameserver was broken
> and spewing some incorrect IP addresses ( wikipedia = 1.0.0.0
> for example ).  Traffic to numeric IP addresses flowed normally.
>
> I attempted a workaround by putting known-good nameservers in
> /etc/resolv.conf .  Unfortunately, I still saw a lot of borked
> DNS resolution, and surfing and pinging sites that I had attempted
> before the fix resulted in the same errors.  The errors persisted
> over a reboot.
>

A lot of hotels use DNS proxies and/or network trafficing to make sure
all/most DNS goes to their ISP's DNS server. I found this at the last
couple of Motels I have been at.. where putting in any DNS servers or
using the Caching-nameserver to use the root servers directly..
didn't. At some hotels, all traffic was lost.. at some I would see it
in the case of 4 out of 10 or so calls would get routed silently to
their servers.

> I recently converted from RH9 2.4.22 to SL4.4 2.6.9 , and I don't
> know how the new system does DNS resolution (it appears to be in
> the kernel instead of a separate program like named) and how SELINUX

Linux usually uses the following system:

Program calls glibc which calls some subset of named instructions.
These then use the ips listed in /etc/resolv.conf to grab DNS anmes.

However in most hotels cases, this doesnt work because while your
packet thinks its going to say 129.24.8.1.. all UDP for port 53 goes
to 10.0.0.1 and gets rewritten back to you so it looks like it came
from 129.24.8.1



-- 
Stephen J Smoogen. -- CSIRT/Linux System Administrator
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"