Hello Brouerius, On Sat, 12 Apr 2014, C. Brouerius van Nidek wrote:
On Friday, April 11, 2014 08:01:39 PM David Haller wrote:
On Fri, 11 Apr 2014, C. Brouerius van Nidek wrote:
So, the suspect DNS server is "68.168.98.196" - but this DNS server
It looks fishy though. [..] That seems to be a Hosting-Provider in the US, though it's website seems unreachable (neither a IP for codero.net nor www.codero.net is found) at their DNS-Server. But codero.com is available. [..]
But one small question remains. I get a DNS from my ISP. My ISP is in Indonesia so I would expect to get a DNS closer home. Or am I wrong there?
Brouerius, your provider's DNS are these (assuming you use your provider's e-mail to mail here):
$ dig ns indo.net.id [..] The indo.net.id is my email address but I get my internet connection from telkom.net.
$ dig ns telkom.net [..] telkom.net. 900 IN NS ns3.plasa.com. telkom.net. 900 IN NS ns1.plasa.com. telkom.net. 900 IN NS dns1.plasa.com. telkom.net. 900 IN NS dns2.plasa.com. $ for h in ns1.plasa.com ns2.plasa.com ns3.plasa.com \ dns1.plasa.com dns2.plasa.com dns3.plasa.com ; do \ nslookup $h | grep -A1 Name ; done Name: ns1.plasa.com Address: 203.130.196.6 Name: ns2.plasa.com Address: 203.130.193.75 Name: ns3.plasa.com Address: 202.134.1.5 Name: dns1.plasa.com Address: 202.134.0.62 Name: dns2.plasa.com Address: 222.124.18.62 No sign of that rogue DNS at codero. So, again: that DNS hosted at codero is to be considered a rogue and (at least) compromised. Use 2-3 of those _hardcoded_ in your /etc/resolv.conf. Use 1-2 reliable, free (non google) others as fallback. Use e.g. FS-Attributes (man chattr) along with chmod 444 or so. E.g. chmod 444 /etc/resolv.conf chattr +i /etc/resolv.conf (no, I don't do that, but I don't do DHCP)
My router was connected at 36.69.96.1 and after I reset the router is now 180.252.96.1. The first one pointing my geographical center in the province and the second pointing towards Jakarta, the capital.
You can look up with "whois" what IPv4 (v6? different query? AAAA?) ranges are allocated to whom.
The first address showed up after are set done by a worker from telkom.net, the second done by me yesterday. Do not understand what this worker did different but do not care much. My home is some 60 km from Jakarta and some 90 km from Rankasbitung.
It's probably just a different IP from a pool of dynamic IPs from ranges which are a bit more fragmented that usual in the US or the EU. What matters, is who that IP is allocated to. And both above IPs (36.69.96.1, 180.252.96.1) are allocated to PT. Telekomunikasi Indonesia so, that works out ok. Use "whois" (all output shortened): $ whois 36.69.96.1 inetnum: 36.69.96.0 - 36.69.111.255 netname: TLKM_BB_SERVICE_36_69_DIVRE1-2 descr: PT TELKOM INDONESIA admin-c: AR165-AP $ whois 180.252.96.1 inetnum: 180.252.64.0 - 180.252.127.255 netname: TLKM_BB_SERVICE_180_252_DIVRE2 descr: PT TELKOM INDONESIA admin-c: AR165-AP Use those commands for more info ;) As you can see, telkom.net.id seems to be using some rather fragmented IPv4 ("leftover") ranges. Nothing wrong with that! Not every telco got one or more contiguous /8. What does make me wonder though: how did google get 8.8.8.8 etc. as they entered the game (of getting IPv4s) rather late). Hm, according to whois, it seems I'd have to read up on "Level 3 Comm.. Inc" that has apparently got 8.0.0.0/8 at some point. As I was saying. Early on, IPs were given out quite freely. A whole /8? Wow! Must have been in the earlyish 90ies ... or earlier when Level3 got that range.
Parental control is not common at my age (74) rofl.
It is discussed here (DE/EU?) to make a filter obligatory! *GAH* I can not eat as much as I have to puke. -dnh -- RAID: One more disk fails than can be recovered by the redundancy. -- Andreas Dau -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org