Some of you may have seen the recent reports regarding Dan Kaminisky and his discovery of a critical flaw in DNS

Recently, a significant threat to DNS, the system that translates names you can remember (such as www.doxpara.com) to numbers the Internet can route (66.240.226.139) was discovered, that would allow malicious people to impersonate almost any website on the Internet.

This led me to look at my Open DNS settings (although now confirmed as being one of the first to patch the flaw) my issue is not with the flaw it'self but the fact Virgin Media (whilst stating they do NOT block 3rd party DNS services) (http://blog.opendns.com/2007/07/05/virgin-media-ntl-opendns-ok/) they in fact appear to do just that.

I have the Open DNS settings (Our nameservers are 208.67.222.222 and 208.67.220.220) set correctly (verified by the Open DNS site) however within about 2 mins of setting this my DNS is silenty ignored and routed back to Virgin Media DNS, which although it appears to be patched.


Your ISP's name server, 86.xx.xx.xx, appears to be using the name server written by Nominum, which has effective protection against the newly discovered attacks despite the limited port range. Nominum is working to expand the port range for even greater protection, but there is no reason for concern at this time.

While it's comforting to see the fact at least VM have a patched DNS server the 'silent' re-routing is something I am not happy with.

Can any techies here advise why this is the case & what VM are up too? I would be grateful if others can check and see so it can be ruled out as a local issue:

1 - Set up Open DNS
2 - Verify on their site
3 - Verify on http://www.doxpara.com/ (Dan Kaminiskys site) you should see the Open DNS servers tested

Make a cup of your favourite brew and try the DoxPara test again, you'll probably see the same message as quoted above.

Call me paranoid & suspicious but.... Phorm anyone? :confused:

Some of you may have seen the recent reports regarding Dan Kaminisky and his discovery of a critical flaw in DNS



This led me to look at my Open DNS settings (although now confirmed as being one of the first to patch the flaw) my issue is not with the flaw it'self but the fact Virgin Media (whilst stating they do NOT block 3rd party DNS services) (http://blog.opendns.com/2007/07/05/virgin-media-ntl-opendns-ok/) they in fact appear to do just that.

I have the Open DNS settings (Our nameservers are 208.67.222.222 and 208.67.220.220) set correctly (verified by the Open DNS site) however within about 2 mins of setting this my DNS is silenty ignored and routed back to Virgin Media DNS, which although it appears to be patched.



While it's comforting to see the fact at least VM have a patched DNS server the 'silent' re-routing is something I am not happy with.

Can any techies here advise why this is the case & what VM are up too? I would be grateful if others can check and see so it can be ruled out as a local issue:

1 - Set up Open DNS
2 - Verify on their site
3 - Verify on http://www.doxpara.com/ (Dan Kaminiskys site) you should see the Open DNS servers tested

Make a cup of your favourite brew and try the DoxPara test again, you'll probably see the same message as quoted above.

Call me paranoid & suspicious but.... Phorm anyone? :confused:

Testing this for you now. I use Open DNS.

I have just reset my router and its using open dns. time 08.46

Result from test as follows

Your name server, at 208.67.217.6, appears to be safe, but make sure the ports listed below aren't following an obvious pattern (:1001, :1002, :1003, or :30000, :30020, :30100...).

---------- Post added at 08:54 ---------- Previous post was at 08:47 ----------

08.54

ok checked Open DNS

You're using OpenDNS. Thanks! You are now navigating the Internet safer, faster, smarter and more reliably than ever before

checked the test again.

Your name server, at 208.67.217.6, appears to be safe, but make sure the ports listed below aren't following an obvious pattern (:1001, :1002, :1003, or :30000, :30020, :30100...).

No silent redirection here.

To be truthful i test my DNS everyday and have never seen any redirection, however to prove that i needed to do your test.


So sorry no Phorm, No tin foil hat, Just plain old Internet :)

---------- Post added at 09:13 ---------- Previous post was at 08:54 ----------

OK final test for you at 09.13

Your name server, at 208.67.217.6, appears to be safe, but make sure the ports listed below aren't following an obvious pattern (:1001, :1002, :1003, or :30000, :30020, :30100...).

Looks like open dns to me.

knet2020,

Where are you setting your DNS entries?

If you're setting it on your local machine, and then routing that connection through the VM supplied modem, you may find that the modem is configured to over ride your settings.

knet2020,

Where are you setting your DNS entries?

If you're setting it on your local machine, and then routing that connection through the VM supplied modem, you may find that the modem is configured to over ride your settings.

A normal modem supplied by VM cannot be configured to override DNS settings on the users PC or Router. There is no facility to do that unless its been toyed with .;).

Personally i think the setting's on the Op's pc or router are set incorrectly.

A normal modem supplied by VM cannot be configured to override DNS settings on the users PC or Router. There is no facility to do that unless its been toyed with .;).

Personally i think the setting's on the Op's pc or router are set incorrectly.

Some routers can intercept DNS requests and force them elsewhere, Mine does allows me to use some of the opendns catagory filtering.

Some routers can intercept DNS requests and force them elsewhere, Mine does allows me to use some of the opendns catagory filtering.

Yes and i do the same. However the standard modem from VM cannot do that

knet2020,

Where are you setting your DNS entries?

If you're setting it on your local machine, and then routing that connection through the VM supplied modem, you may find that the modem is configured to over ride your settings.

Your name server, at 87.117.x.x, appears to be safe, but make sure the ports listed below aren't following an obvious pattern (:1001, :1002, :1003, or :30000, :30020, :30100...).

no dns redirection here, as for that opendns blog, i've been using 3rd party (well mine) dns servers for the past 3/4 years and it's always worked fine so the issue they speak of in that blog post probably was limited to opendns

Hi,
Thanks for the testing & feedback, I am using a Buffalo Airstation with DDWRT I am pretty confident with the router (I flashed the Buffalo firmware etc and have since upgraded it etc etc)

My settings are correct AFAIK set in the Router, I will hold up my hands and say it's not something major but def one of thoses things that drives you nuts. I dont want to speak with VM Tech Support as I'll get no where.

I just did the same tests and get the same result, BUT interestingly I now get a different message:

Your ISP's name server, 86.xx.xx.xx has other protections above and beyond port randomization against the recently discovered DNS flaws. There is no reason to be concerned about the results seen below.

Will keep looking and visit the Buffalo & DDWRT forums to see if I can find some answers.

running "ipconfig /all" from a command prompt, what does it list as the dns servers?

running "ipconfig /all" from a command prompt, what does it list as the dns servers?

It lists 192.168.1.1

however I *think* I have spotted the problem but will test a few more times before I confirm ;)

i expect your router is using VM's dns servers from what it gets told by the dhcp server :p:

Hi,
Thanks for the testing & feedback, I am using a Buffalo Airstation with DDWRT I am pretty confident with the router (I flashed the Buffalo firmware etc and have since upgraded it etc etc)

My settings are correct AFAIK set in the Router, I will hold up my hands and say it's not something major but def one of thoses things that drives you nuts. I dont want to speak with VM Tech Support as I'll get no where.

I just did the same tests and get the same result, BUT interestingly I now get a different message:



Will keep looking and visit the Buffalo & DDWRT forums to see if I can find some answers.

DNS intercept for DD-WRT.

http://www.dd-wrt.com/wiki/index.php/OpenDNS

At the bottom

Use DD-WRT at the moment (tomato doesn't support my wrt160n's yet :( )

---------- Post added at 11:10 ---------- Previous post was at 11:09 ----------

i expect your router is using VM's dns servers from what it gets told by the dhcp server :p:

That is quite likely unless it can be set to ingore the DNS handed to it by DHCP

Well u know what... it's been fine for the past 20 mins or so,

I unchecked the "Use DNSMasq for DNS" option and that seemed to do the trick i.e results as expected, so have added the setting "Under DNSMasq put strict-order in the Additional DNSMasq Options text box"

rebooted router and it still seem fine, thanks for finding this for me dragon. Just tested it again and all seems well so to quote:



So sorry no Phorm, No tin foil hat, Just plain old Internet :)



So it seems the mantra of RTFM applies (again) lol

So it seems the mantra of RTFM applies (again) lol

:LOL:

Well u know what... it's been fine for the past 20 mins or so,

I unchecked the "Use DNSMasq for DNS" option and that seemed to do the trick i.e results as expected, so have added the setting "Under DNSMasq put strict-order in the Additional DNSMasq Options text box"

rebooted router and it still seem fine, thanks for finding this for me dragon. Just tested it again and all seems well so to quote:



So it seems the mantra of RTFM applies (again) lol

No problem glad it helped but dev deserves credit If he hadn't have said about DHCP I'm not sure i'd have thought about it either.