Having configured my router as per the instructions, how do I now verify from one of my other machines that I’m using the right DNS server?
Hi @paul.hargreaves, take a look at this info and if you have questions or problems verifying post back.
I also found this / may be helpful both for checking settings and overall router security.
F-Secure Router Checker
Router Checker is a free, web-based tool that checks your router’s settings and detects if it may have been hijacked by criminals. If your router is compromised, every single device on your network is at risk of being hacked.
This may help expedite your new DHCP settings from the router by clearing the DNS cache.
sudo killall -HUP mDNSResponder
Dig doesn’t help; it was the first thing I tried.
$ dig cnn.com ; <<>> DiG 9.10.3-P4-Ubuntu <<>> cnn.com [snip] cnn.com. 5 IN A 126.96.36.199 ;; Query time: 748 msec ;; SERVER: 127.0.0.53#53(127.0.0.53) ;; WHEN: Mon Apr 02 07:59:56 BST 2018 ;; MSG SIZE rcvd: 100
$ dig www.yahoo.com ; <<>> DiG 9.9.7-P3 <<>> www.yahoo.com [snip] atsv2-fp.wg1.b.yahoo.com. 26 IN A 188.8.131.52 ;; Query time: 22 msec ;; SERVER: 184.108.40.206#53(220.127.116.11) ;; WHEN: Mon Apr 02 08:00:36 BST 2018 ;; MSG SIZE rcvd: 92
(18.104.22.168 is the router)
I also tried the F-Secure but the ‘DNS IP’ returns an IP address from the same DSL provider I’m using.
That doesn’t mean the ISP is hijacking though, since cloudflare use them as a pop.
$ sudo ./dnstraceroute.py --expert -C -t A -s 22.214.171.124 facebook.com dnstraceroute.py DNS: 126.96.36.199:53, hostname: facebook.com, rdatatype: A 1 gateway (172.16.65.2) 1.626 ms 2 * 3 1dot1dot1dot1.cloudflare-dns.com (188.8.131.52) 27.947 ms
That’s still not conclusive however.
Try dig cnn.com @184.108.40.206 ANY
if it is Cloudflare under status you will see “status: NOTIMP,” as we don’t support the ANY query.
$ dig cnn.com @220.127.116.11 ANY ;; Warning: Message parser reports malformed message packet. ; <<>> DiG 9.10.3-P4-Ubuntu <<>> cnn.com @18.104.22.168 ANY ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25031 ;; flags: qr rd ra; QUERY: 1, ANSWER: 50, AUTHORITY: 0, ADDITIONAL: 1 ;; WARNING: Message has 2 extra bytes at end ;; QUESTION SECTION: ;cnn.com. IN ANY ;; ANSWER SECTION: cnn.com. 60 IN A 22.214.171.124 [snip]
So I should assume then that it’s not working correctly in this case?
Are you by chance using dnsmasq? It might be intercepting DNS queries on the ubuntu box…
Is this test 100% conclusive? I did get a return of “status: NOTIMP,” after changing the router settings. Just wanting to confirm if there is any other test I should be running? Thanks in advance to OP for starting this thread and the everyone who has responded.
If you’ve changed your router settings (and your Client is configured to use the router for DNS) doing dig cnn.com ANY (without needing to add @126.96.36.199) should return the “status: NOTIMP,”.
I get the same response via OSX,
BTW, ISP is Vodafone UK, so not a small one. Not sure if there are other VF users who have already had a go, so that I can figure out if it’s ‘user error’ (router not working properly etc) or VF messing with port 53.
dig cnn.com without adding @188.8.131.52 returns “status: NOERROR,” same as @paul.hargreaves mentioned above.
; <<>> DiG 9.10.3-P4-Ubuntu <<>> cnn.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52973
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 4, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;cnn.com. IN A
;; ANSWER SECTION: cnn.com. 60 IN A 184.108.40.206 cnn.com. 60 IN A 220.127.116.11 cnn.com. 60 IN A 18.104.22.168 cnn.com. 60 IN A 22.214.171.124 ;; AUTHORITY SECTION: cnn.com. 2903 IN NS ns-47.awsdns-05.com. cnn.com. 2903 IN NS ns-576.awsdns-08.net. cnn.com. 2903 IN NS ns-1086.awsdns-07.org. cnn.com. 2903 IN NS ns-1630.awsdns-11.co.uk. ;; Query time: 20 msec ;; SERVER: 127.0.1.1#53(127.0.1.1) ;; WHEN: Mon Apr 02 11:39:27 EDT 2018 ;; MSG SIZE rcvd: 236