Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

OpenDNS nameservers -- Opinions Sought

14 views
Skip to first unread message

Jim Beard

unread,
Feb 18, 2008, 6:26:09 PM2/18/08
to

BitTwister listed the IP addresses for a couple of OpenDNS nameservers,
and I plugged them in. The idea of blocking advertising machines and
other crud does have definite appeal to me.

But suddenly I could not longer connect to the NOAA weather page for
my area. The first two or three times the message was 503, no
server available to service the request. Then, I got this nice
message saying the server was not responding, but this was not
unusual; try again later. And it offered a few other weather
sites (complete with advertising, I would assume).

I promptly pulled out the OpenDNS addresses, and bingo, the
NOAA weather service came up instantly as usual.

I really do not mind the idea of getting ads along with the
messages saying why a connection was not made, but I really
do not appreciate stumbling blocks intended to channel me from
very nice sites to sites with advertising...

I do note that you can sign up for the service rather than
just plug the addresses into your machine, and I assume this
would allow greater control, but I am not sure I want to
do the work required to play such games.

Opinions from those who use the service?

Cheers!

jim b.


--
UNIX is not user-unfriendly; UNIX merely expects users to be computer-
friendly!

Bit Twister

unread,
Feb 18, 2008, 6:41:18 PM2/18/08
to
On Mon, 18 Feb 2008 23:26:09 GMT, Jim Beard wrote:

> But suddenly I could not longer connect to the NOAA weather page for
> my area.

Give us the url

Jim Beard

unread,
Feb 18, 2008, 6:44:15 PM2/18/08
to


http://forecast.weather.gov/MapClick.php?
CityName=Annandale&state=VA&site=LWX&textField1=38.8332&textField2=-77.2121&e=1

All on one line, of course.

Bit Twister

unread,
Feb 18, 2008, 6:56:05 PM2/18/08
to
On Mon, 18 Feb 2008 23:44:15 GMT, Jim Beard wrote:
> On Mon, 18 Feb 2008 23:41:18 +0000, Bit Twister wrote:
>
>> On Mon, 18 Feb 2008 23:26:09 GMT, Jim Beard wrote:
>>
>>> But suddenly I could not longer connect to the NOAA weather page for my
>>> area.
>>
>> Give us the url
>
>
> http://forecast.weather.gov/MapClick.php?
> CityName=Annandale&state=VA&site=LWX&textField1=38.8332&textField2=-77.2121&e=1

What can I say, works for me.


$ cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 192.168.1.131
search home.test

$ grep 192.168.1.131 /etc/hosts
192.168.1.131 wm81.home.test wm81

$ hostname
wm81.home.test

$ grep hosts: /etc/nsswitch.conf
hosts: files dns

$ cat /etc/host.conf
order hosts,bind
multi on
nospoof on
spoofalert on

$ grep forward /var/lib/named/etc/named.conf
// forwarders { first_public_nameserver_ip; second_public_nameserver_ip; };
forwarders { 208.67.222.222; 208.67.220.220; };

Jim Beard

unread,
Feb 18, 2008, 8:26:27 PM2/18/08
to
On Mon, 18 Feb 2008 23:56:05 +0000, Bit Twister wrote:
<snip>

> What can I say, works for me.
<snip>

> $ grep forward /var/lib/named/etc/named.conf // forwarders {
> first_public_nameserver_ip; second_public_nameserver_ip; }; forwarders {
> 208.67.222.222; 208.67.220.220; };
<snip>

There are several problematic points about my attempt.
I simply added the two servers to resolv.conf. No forwarding or
named.conf involved. Also, I wonder if perhaps you are registered,
which might make a difference. I did not sign up.

I did surf around a bit. Wall Street Journal pages loaded fine, but
the ads often were blank with a (Error 503, no server available) message.
This did not really offend me.<g>

A few overseas sites selected to trigger blocking of dubious sites
likewise returned the 503 no server available. Inability to get to
NOAA's weather service was (from my perspective) no different from
inability to see the WSJ ads or the foreign sites, except that one
time of four or five it did provide a message that the server was not
responding, but that was common and I should try later. The other
times it was the standard 503 error.

Works for you. Plugging IP addresses into resolv.conf did not work
well for me. Sample of two.

Anyone else that has used OpenDNS? I like the idea, but trying to
scope things out is sort of like peering into a very dense fog.

Bit Twister

unread,
Feb 18, 2008, 8:56:18 PM2/18/08
to
On Tue, 19 Feb 2008 01:26:27 GMT, Jim Beard wrote:

> There are several problematic points about my attempt.
> I simply added the two servers to resolv.conf.

Ok, I'll show you mine if you will show me yours.


$ cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN

nameserver 208.67.222.222
nameserver 208.67.220.220
search home.test


> Also, I wonder if perhaps you are registered,
> which might make a difference. I did not sign up.

Not registered. Set resolv.conf and
http://forecast.weather.gov/MapClick.php?CityName=Annandale&state=VA&site=LWX&textField1=38.8332&textField2=-77.2121&e=1

Pop right up, clicking Radar and Sat images on the page also worked.

> I did surf around a bit. Wall Street Journal pages loaded fine, but
> the ads often were blank with a (Error 503, no server available) message.
> This did not really offend me.<g>

Give urls I'll check them from Dallas Texas.

Jim Beard

unread,
Feb 18, 2008, 9:18:29 PM2/18/08
to
On Tue, 19 Feb 2008 01:56:18 +0000, Bit Twister wrote:

> On Tue, 19 Feb 2008 01:26:27 GMT, Jim Beard wrote:
>
>
>
>> There are several problematic points about my attempt. I simply added
>> the two servers to resolv.conf.
>
> Ok, I'll show you mine if you will show me yours.
>
>
> $ cat /etc/resolv.conf
> # Dynamic resolv.conf(5) file for glibc resolver(3) generated by
> resolvconf(8) # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL
> BE OVERWRITTEN nameserver 208.67.222.222
> nameserver 208.67.220.220
> search home.test

[jim@localhost etc]$ cat resolv.conf
search home.invalid

nameserver 192.168.0.1
# nameserver 208.67.222.222
# nameserver 208.67.222.220

When in use, the two OpenDNS lines were on top
and the first two characters on the line deleted.

> Give urls I'll check them from Dallas Texas.

I'll have to reboot back to 2008.0 get URLs for
some pages that do not require a login.

First, I have some update packages to install.

Cheers!

jim b.

--
/home/jim/.signature

Jim Beard

unread,
Feb 18, 2008, 10:00:54 PM2/18/08
to

The last two items, far below, when loaded using resolv.conf as
below, had blank boxes on the right where ads once were. The pages
did load, and there were no 503 server not available error messages
(or any other error messages).

Separately, my machine is currently thinking over every command
entered for a few seconds before acting, so I suspect the
updates are taking their toll. I dropped back to
2.6.22.18-desktop-1mdv #1 SMP Mon Feb 11 12:42:52 EST 2008 x86_64 AMD
Athlon(tm) 64 X2 Dual Core Processor 5000+ GNU/Linux but even this
kernel is having problems. And this with 2008.0, not 2008.1.

FWIW, my attempt to install updates to 2008.1 from gatech failed,
with many files missing. I switched to urpmi and psu, and installed
45 packages just fine.


[root@jb etc]# cat resolv.conf
search home.invalid

nameserver 192.168.0.1
# nameserver 208.67.222.222
# nameserver 208.67.222.220


• BY THE NUMBERS: Fast, Not Furious
<http://ets.dowjones.com/trk/click?ref=zp91d7vhu_2-74abx33bd4x128127&>
*W10*
• TELEVISION: This One Will Kill You
<http://ets.dowjones.com/trk/click?ref=zp91d7vhu_2-74abx33bd5x128127&>
*W11*
• HOUSES OF WORSHIP: Strange Migration: An Unlikely Haven For Refugees
<http://ets.dowjones.com/trk/click?ref=zp91d7vhu_2-74abx33bd6x128127&>
• TASTE:
Intelligence Designer
<http://ets.dowjones.com/trk/click?ref=zp91d7vhu_2-74abx33bd7x128127&>
• DE
GUSTIBUS: Opportunity Makes a Thief
<http://ets.dowjones.com/trk/click?ref=zp91d7vhu_2-74abx33bd8x128127&>

Cheers!

jim b.

--
UNIX is not user-unfriendly; it merely
expects users to be computer-friendly.

Jim Beard

unread,
Feb 18, 2008, 10:10:38 PM2/18/08
to
Jim Beard wrote:
> Separately, my machine is currently thinking over every command entered
> for a few seconds before acting, so I suspect the
> updates are taking their toll. I dropped back to 2.6.22.18-desktop-1mdv
> #1 SMP Mon Feb 11 12:42:52 EST 2008 x86_64 AMD Athlon(tm) 64 X2 Dual
> Core Processor 5000+ GNU/Linux but even this
> kernel is having problems. And this with 2008.0, not 2008.1.

Problem found. I had turned on translucency this morning, hours ago,
and all had been working fine, through several reboots to and from
2008.0 to 2008.1. Perhaps the last few updates did something, or
perhaps the OSs finally realized something had changed, and slowed
to a halting crawl.

Turned off translucency in KDE Control, and machine response is back
to normal.

Bit Twister

unread,
Feb 18, 2008, 10:15:54 PM2/18/08
to
On Tue, 19 Feb 2008 03:00:54 GMT, Jim Beard wrote:
>
>
> • BY THE NUMBERS: Fast, Not Furious
><http://ets.dowjones.com/trk/click?ref=zp91d7vhu_2-74abx33bd4x128127&>
> *W10*
> • TELEVISION: This One Will Kill You
><http://ets.dowjones.com/trk/click?ref=zp91d7vhu_2-74abx33bd5x128127&>
> *W11*
> • HOUSES OF WORSHIP: Strange Migration: An Unlikely Haven For Refugees
><http://ets.dowjones.com/trk/click?ref=zp91d7vhu_2-74abx33bd6x128127&>
> • TASTE:
> Intelligence Designer
><http://ets.dowjones.com/trk/click?ref=zp91d7vhu_2-74abx33bd7x128127&>
> • DE
> GUSTIBUS: Opportunity Makes a Thief
><http://ets.dowjones.com/trk/click?ref=zp91d7vhu_2-74abx33bd8x128127&>

All the above showed ads and what not. No errors.

I had to disable my privoxy proxy add blocker I have installed.
Had to enable a bunch of sites in NoScript java* blocker.

Running firefox-2.0.0.12

$ cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 208.67.222.222

nameserver 208.67.222.220
nameserver 192.168.1.130
search home.test


All the above worked and
$ ping -c1 weather.gov
PING weather.gov (140.90.113.200) 56(84) bytes of data.
64 bytes from nws.noaa.gov (140.90.113.200): icmp_seq=1 ttl=49 time=53.9 ms

--- weather.gov ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 53.936/53.936/53.936/0.000 ms

---------------------------------------------------------------

$ cat /etc/sysconfig/network
NETWORKING_IPV6=no # speedup DNS lookups <-------- suggestion
NOZEROCONF=yes # no doze lookups needed
GATEWAYDEV=eth0 # needed for my DHCP scripts
GATEWAY=192.168.1.1 # needed for my DHCP scripts
NEEDHOSTNAME=no # I'll use my own hostname
NETWORKING=yes
HOSTNAME=wm80.home.test


$ cat /etc/modprobe.conf snippet:
alias eth0 tulip
alias sound-slot-0 snd_atiixp
alias eth1 8139too
alias net-pf-10 off <------------------------------------ suggestion
alias ieee1394-controller ohci1394
install ide-controller /sbin/modprobe atiixp; /bin/true

Service network restart

ping -c1 weather.gov

Bit Twister

unread,
Feb 18, 2008, 10:32:40 PM2/18/08
to
On Tue, 19 Feb 2008 03:15:54 +0000 (UTC), Bit Twister wrote:
>
> $ cat /etc/sysconfig/network
> NETWORKING_IPV6=no # speedup DNS lookups <-------- suggestion

NOZEROCONF=yes # no doze lookups needed

Also add the NOZEROCONF line.

Jim Beard

unread,
Feb 18, 2008, 10:54:41 PM2/18/08
to
Bit Twister wrote:
> All the above showed ads and what not. No errors.

Now I am beginning to wonder if indeed I do need to
think about swapping a motherboard.<g>


>
> I had to disable my privoxy proxy add blocker I have installed.
> Had to enable a bunch of sites in NoScript java* blocker.
>
> Running firefox-2.0.0.12

Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.11) Gecko/20070914
Mandriva/2.0.0.11-1.1mdv2008.0 (2008.0) Firefox/2.0.0.11


>
> $ ping -c1 weather.gov
> PING weather.gov (140.90.113.200) 56(84) bytes of data.
> 64 bytes from nws.noaa.gov (140.90.113.200): icmp_seq=1 ttl=49 time=53.9 ms
>
> --- weather.gov ping statistics ---
> 1 packets transmitted, 1 received, 0% packet loss, time 0ms
> rtt min/avg/max/mdev = 53.936/53.936/53.936/0.000 ms
>
> ---------------------------------------------------------------

/* Not using OpenDNS */

[jim@jb ~]$ ping -c1 weather.gov


PING weather.gov (140.90.113.200) 56(84) bytes of data.

64 bytes from nws.noaa.gov (140.90.113.200): icmp_seq=1 ttl=51
time=5.89 ms

--- weather.gov ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms

rtt min/avg/max/mdev = 5.899/5.899/5.899/0.000 ms

/* Yes, the decimal point is in the right place */

> $ cat /etc/sysconfig/network
> NETWORKING_IPV6=no # speedup DNS lookups <-------- suggestion
> NOZEROCONF=yes # no doze lookups needed
> GATEWAYDEV=eth0 # needed for my DHCP scripts
> GATEWAY=192.168.1.1 # needed for my DHCP scripts
> NEEDHOSTNAME=no # I'll use my own hostname
> NETWORKING=yes
> HOSTNAME=wm80.home.test

[jim@jb ~]$ cat /etc/sysconfig/network
NETWORKING_IPV6=no
NOZEROCONF=yes
NETWORKING=yes
GATEWAY=192.168.0.1
GATEWAYDEV=eth0
NEEDHOSTNAME=no
HOSTNAME=jb.home.invalid

> $ cat /etc/modprobe.conf snippet:
> alias eth0 tulip
> alias sound-slot-0 snd_atiixp
> alias eth1 8139too
> alias net-pf-10 off <------------------------------------ suggestion
> alias ieee1394-controller ohci1394
> install ide-controller /sbin/modprobe atiixp; /bin/true

[jim@jb ~]$ cat /etc/modprobe.conf complete:
alias eth0 forcedeth
install scsi_hostadapter /sbin/modprobe sata_nv; /sbin/modprobe \
usb_storage; /bin/true
remove snd-intel8x0 /sbin/modprobe -r snd-pcm-oss; /sbin/modprobe \
--first-time -r --ignore-remove snd-intel8x0
install snd-intel8x0 /sbin/modprobe --first-time --ignore-install \
snd-intel8x0 && { /sbin/modprobe snd-pcm-oss; /bin/true; }
install usb-interface /sbin/modprobe ohci_hcd; /sbin/modprobe \
ehci_hcd; /bin/true
alias net-pf-10 off
blacklist audio
blacklist snd-usb-audio
alias sound-slot-0 snd_intel8x0
install ide-controller /sbin/modprobe amd74xx; /bin/true


Nearly 1100 hours. Time for bed.

Bit Twister

unread,
Feb 18, 2008, 11:26:38 PM2/18/08
to
On Tue, 19 Feb 2008 03:54:41 GMT, Jim Beard wrote:
>
> /* Not using OpenDNS */
>
> [jim@jb ~]$ ping -c1 weather.gov
> PING weather.gov (140.90.113.200) 56(84) bytes of data.
> 64 bytes from nws.noaa.gov (140.90.113.200): icmp_seq=1 ttl=51
> time=5.89 ms
>
> --- weather.gov ping statistics ---
> 1 packets transmitted, 1 received, 0% packet loss, time 0ms
> rtt min/avg/max/mdev = 5.899/5.899/5.899/0.000 ms
>
> /* Yes, the decimal point is in the right place */

There's the problem, when using opendns your system forgets what it
was looking for. :-D

<snip same ipv6 suppression stuff I have>

There went the hope it was an ipv6 problem.

Just for fun, plug in
nameserver 4.2.2.1
nameserver 4.2.2.2


ping -c1 weather.gov

to see if it fails again.

If works, I have no idea why Open Dns fails.

You mentioned belt/suspenders.

You may want to consider installing privoxy and adding NoScrip add on to firefox.
http://www.privoxy.org/
http://noscript.net/getit

Black Hats have been cracking into ad servers and infecting banners and ads,
not to mention flash, pdf, ...

Sites you trust can be serving out malware via the banner/ads.

From my admin diary.

urpmi --wget privoxy --auto
server privoxy restart


# add privoxy server to firefox

firefox
Click Network tab
Connection
Settings button

click Manual proxy configuration:
HTTP Proxy: 127.0.0.1 Port: 8118
SSL Proxy: 127.0.0.1 Port: 8118
Click OK


# add the noscript extension to block/enable java
http://noscript.net/getit

In the NoScript Options screen
click Advanced tab
and set all check boxes checked in the Untrusted screen.

Whiskers

unread,
Feb 19, 2008, 10:24:57 AM2/19/08
to
On 2008-02-18, Jim Beard <jdb...@patriot.net> wrote:
>
> BitTwister listed the IP addresses for a couple of OpenDNS nameservers,
> and I plugged them in. The idea of blocking advertising machines and
> other crud does have definite appeal to me.

[...]

> Opinions from those who use the service?
>
> Cheers!

I've been using it for about a year, with no difficulty at all. Not
'registered', I just put the IP numbers into Mandriva's 'Network' settings
via MCC. (In Mdv2008 the only way to check or change the settings seems
to be to 'Set up a new network interface', which is a bad arrangement;
earlier versions allowed you to change existing network settings).

--
-- ^^^^^^^^^^
-- Whiskers
-- ~~~~~~~~~~

Whiskers

unread,
Feb 19, 2008, 10:25:27 AM2/19/08
to
On 2008-02-18, Jim Beard <jdb...@patriot.net> wrote:
> On Mon, 18 Feb 2008 23:41:18 +0000, Bit Twister wrote:
>
>> On Mon, 18 Feb 2008 23:26:09 GMT, Jim Beard wrote:
>>
>>> But suddenly I could not longer connect to the NOAA weather page for my
>>> area.
>>
>> Give us the url
>
>
> http://forecast.weather.gov/MapClick.php?
> CityName=Annandale&state=VA&site=LWX&textField1=38.8332&textField2=-77.2121&e=1
>
> All on one line, of course.
>
> Cheers!
>
> jim b.

Works fine from here in the UK.

Whiskers

unread,
Feb 19, 2008, 10:28:52 AM2/19/08
to
On 2008-02-19, Jim Beard <jdb...@patriot.net> wrote:
> On Mon, 18 Feb 2008 23:56:05 +0000, Bit Twister wrote:
> <snip>
>> What can I say, works for me.
> <snip>
>> $ grep forward /var/lib/named/etc/named.conf // forwarders {
>> first_public_nameserver_ip; second_public_nameserver_ip; }; forwarders {
>> 208.67.222.222; 208.67.220.220; };
> <snip>
>
> There are several problematic points about my attempt.
> I simply added the two servers to resolv.conf. No forwarding or
> named.conf involved. Also, I wonder if perhaps you are registered,
> which might make a difference. I did not sign up.

[...]

> Works for you. Plugging IP addresses into resolv.conf did not work
> well for me. Sample of two.

[...]

Mandriva doesn't like you to edit resolve.conf directly; I use the MCC to
set up DNS servers (in the 'Networking' section - Mdv2008 forces you to
create a whole new 'connection', but earlier versions had a GUI to 'change
network settings').

Whiskers

unread,
Feb 19, 2008, 10:44:01 AM2/19/08
to
On 2008-02-19, Jim Beard <jdb...@patriot.net> wrote:
> On Tue, 19 Feb 2008 01:56:18 +0000, Bit Twister wrote:
>
>> On Tue, 19 Feb 2008 01:26:27 GMT, Jim Beard wrote:
>>
>>
>>
>>> There are several problematic points about my attempt. I simply added
>>> the two servers to resolv.conf.
>>
>> Ok, I'll show you mine if you will show me yours.
>>
>>
>> $ cat /etc/resolv.conf
>> # Dynamic resolv.conf(5) file for glibc resolver(3) generated by
>> resolvconf(8) # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL
>> BE OVERWRITTEN nameserver 208.67.222.222
>> nameserver 208.67.220.220
>> search home.test
>
> [jim@localhost etc]$ cat resolv.conf
> search home.invalid
>
> nameserver 192.168.0.1
> # nameserver 208.67.222.222
> # nameserver 208.67.222.220

[...]

Looks to me as though you have set up Mandriva (when creating your network
settings via MCC?) to use your 'router' as the primary DNS server. Does
it actually function as one? What DNS servers is the router using? Just
as the comment at the top of the file says, any changes you make to
resolv.conf will be overwritten - using the settings you have made
"elsewhere", which in Mandriva seems to mean via the GUI tools).

Perhaps there are some clues in man resolvconf (note the absence of a dot
in that name).

Here's my resolv.conf as created by 'something in Mandriva':

[mark@tavy ~]$ cat /etc/resolv.conf


# Dynamic resolv.conf(5) file for glibc resolver(3) generated by
resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 208.67.222.222

nameserver 208.67.220.222
[mark@tavy ~]$

Notice that the difference between those two IP addresses is in the
penultimate triplet, not in the last one.

Bit Twister

unread,
Feb 19, 2008, 11:00:13 AM2/19/08
to
On Tue, 19 Feb 2008 15:24:57 +0000, Whiskers wrote:
>
> I've been using it for about a year, with no difficulty at all. Not
> 'registered', I just put the IP numbers into Mandriva's 'Network' settings
> via MCC. (In Mdv2008 the only way to check or change the settings seems
> to be to 'Set up a new network interface', which is a bad arrangement;
> earlier versions allowed you to change existing network settings).

Or just edit /etc/sysconfig/network-scripts/ifcfg-eth0 or -eth1
and change DNSx= values.

service network restart would set the new value in /etc/resolv.conf

For testing, just change /etc/resolv.conf, save, test,....

Bit Twister

unread,
Feb 19, 2008, 11:05:03 AM2/19/08
to
On Tue, 19 Feb 2008 15:28:52 +0000, Whiskers wrote:
>
> Mandriva doesn't like you to edit resolve.conf directly;

For the lurkers, Whiskers is correct in that if you re-boot or
re-start the network, your edited /etc/resolve.conf changes will be
overwritten from DNS values found in
/etc/sysconfig/network-scripts/ifcfg-eth0 or
/etc/sysconfig/network-scripts/ifcfg-eth1 depending on which one you
are using.

David W. Hodgins

unread,
Feb 19, 2008, 11:59:27 AM2/19/08
to
On Tue, 19 Feb 2008 10:44:01 -0500, Whiskers <catwh...@operamail.com> wrote:

> Perhaps there are some clues in man resolvconf (note the absence of a dot
> in that name).

The resolvconf utility uses the files in /etc/resolvconf/resolv.conf.d,
head, base, and tail, plus the information returned from the starting
of a network interface, which can return dns from a dhcp server, or
hard coded ip addresses in /etc/sysconfig/network-scripts/ifcfg-* file,
or /etc/ppp/options.

The easiest way to ensure a specific nameserver is always in the generated
/etc/resolv.conf file, is to edit the appropriate resolv.conf.d file.

In my case, I want the server on localhost prepended to the ip addresses
returned from the dhclient for ppp0, so I have

$ cat /etc/resolvconf/resolv.conf.d/head


# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN

nameserver 127.0.0.1

Note that the warning message in the head file applies to the generated
/etc/resolv.conf file, not the actual head file.

# grep dns /etc/ppp/options
usepeerdns

This results in

$ cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN

nameserver 127.0.0.1
nameserver 216.240.0.1 # ppp temp entry
nameserver 216.240.1.1 # ppp temp entry

Regards, Dave Hodgins

--
Change nomail.afraid.org to ody.ca to reply by email.
(nomail.afraid.org has been set up specifically for
use in usenet. Feel free to use it yourself.)

Whiskers

unread,
Feb 19, 2008, 11:56:40 AM2/19/08
to

My versions of ifcfg-eth* don't have a line starting DNSx= (but they do
have a line PEERDNS=yes).

Wes Newell

unread,
Feb 19, 2008, 12:25:24 PM2/19/08
to

Warning, bitch mode on.

I started working with resolv.cfg back in the dos days 15 or more years
ago. Simple, modify it for changes. Customize it for special and/or faster
lookups, etc. I had control over everything. Now they've gone and screwed
with something so simple and complicated it so now I have to try and
remember wtf files they have that overwrite my changes all the time. Does
anyone besides me wish they would have left well enough alone? I suppose
there's some way to disable what they've done, but why should you be
subjected to having to find out what it is. As can be noted here, all
they've done is confused the users. I moved away from windows for this
same thing. Stop messing with simple things that have worked for years.

And now back to your regularly scheduled........

--
Want the ultimate in free OTA SD/HDTV Recorder? http://mythtv.org
My Tivo Experience http://wesnewell.no-ip.com/tivo.htm
Tivo HD/S3 compared http://wesnewell.no-ip.com/mythtivo.htm
AMD cpu help http://wesnewell.no-ip.com/cpu.php

Bit Twister

unread,
Feb 19, 2008, 12:29:54 PM2/19/08
to
On Tue, 19 Feb 2008 16:56:40 +0000, Whiskers wrote:

> My versions of ifcfg-eth* don't have a line starting DNSx= (but they do
> have a line PEERDNS=yes).

Guessing your connection is dhcp, not static. Sorry I forgot about
dhcp users.

dhcp users would need to add the opendns servers to
/etc/resolvconf/resolv.conf.d/head
to override values from ISP dhcp server.


$ cat /2007_1/etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
IPADDR=192.168.1.135
NETMASK=255.255.255.0
NETWORK=192.168.1.0
BROADCAST=192.168.1.255
ONBOOT=yes
METRIC=10
MII_NOT_SUPPORTED=yes
USERCTL=yes
DNS1=192.168.1.1
RESOLV_MODS=no
IPV6INIT=no
IPV6TO4INIT=no

$ cat /2008_1/etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE=eth1
BOOTPROTO=static
IPADDR=192.168.1.131
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
ONBOOT=yes
METRIC=10
MII_NOT_SUPPORTED=no
USERCTL=no
DNS1=192.168.1.131
DOMAIN=home.test
RESOLV_MODS=yes
IPV6INIT=no
IPV6TO4INIT=no

Bit Twister

unread,
Feb 19, 2008, 1:02:16 PM2/19/08
to
On Tue, 19 Feb 2008 17:25:24 GMT, Wes Newell wrote:
>
> Warning, bitch mode on.
>
> I started working with resolv.cfg back in the dos days 15 or more years
> ago. Simple, modify it for changes. Customize it for special and/or faster
> lookups, etc. I had control over everything.

You still do. :)
Just not from the gui interface. :(

> Now they've gone and screwed
> with something so simple and complicated it so now I have to try and
> remember wtf files they have that overwrite my changes all the time.

Yes, been there. I now have an ascii file containg some key works and
file or command and/or data.
Any time I have to research something, I add it to my unix.help file.

I have a script to allow me to search for key works to locate an item.
Current example, I needed name of the resolver daemon directory, I
remembered it used head and tail files so:

$ uh res head
dns resolver directory /etc/resolvconf/resolv.conf.d/ (base, head, tail)

Another example:

$ uh resolv.co
prevent overwrite resolv.conf add PEERDNS=no to /etc/sysconfig/network-scripts/ifcfg-X
dns resolver directory /etc/resolvconf/resolv.conf.d/ (base, head, tail)
dns resolver tail /etc/resolvconf/resolv.conf.d/tail
eth0 dns resolution /etc/resolv.conf


> As can be noted here, all
> they've done is confused the users.

Just the users who knew now it used to work. :(
The newbies and gui users do not have this problem. :)

Oh, by the way, you might want to note this command
$ less $(locate /sysconfig.txt)

Locate will find the file I call the Rosetta Stone for config files.

For anyone wanting to see my unix help (uh) script.
http://groups.google.com/group/alt.os.linux.mandriva/msg/264e0cb1b38563f2

Whiskers

unread,
Feb 19, 2008, 1:41:18 PM2/19/08
to
On 2008-02-19, Bit Twister <BitTw...@mouse-potato.com> wrote:
> On Tue, 19 Feb 2008 16:56:40 +0000, Whiskers wrote:
>
>> My versions of ifcfg-eth* don't have a line starting DNSx= (but they do
>> have a line PEERDNS=yes).
>
> Guessing your connection is dhcp, not static. Sorry I forgot about
> dhcp users.
>
> dhcp users would need to add the opendns servers to
> /etc/resolvconf/resolv.conf.d/head
> to override values from ISP dhcp server.

In my case, the local DHCP is hosted by the router - which has the OpenDNS
servers configured into it (for telling local machines which servers to
use - the router is not itself a DNS server).

My ISP connection is 'static IP' and the ISP's servers offer no automated
DNS configuration. The ISP does offer DNS servers, but they have to be
configured manually by by each customer.

[...]

Bit Twister

unread,
Feb 19, 2008, 2:02:21 PM2/19/08
to
On Tue, 19 Feb 2008 18:41:18 +0000, Whiskers wrote:

> In my case, the local DHCP is hosted by the router - which has the OpenDNS
> servers configured into it (for telling local machines which servers to
> use - the router is not itself a DNS server).

Downside to that is if a router is cracked by a black hat who changes
the DNS values, all look ups go through black hat's servers. :(

I also saw my router DNS values wiped out by my ISP pushing out a
router update.

Robert M. Riches Jr.

unread,
Feb 19, 2008, 2:19:48 PM2/19/08
to

A few years ago, when I was using HatRed, I made a script
called fixresolvconf to fix /etc/resolv.conf to what _I_
wanted it to contain after the system utilities had messed
it up. I ran that from rc.local and manually as needed.

HTH

--
Robert Riches
spamt...@verizon.net
(Yes, that is one of my email addresses.)

Bit Twister

unread,
Feb 19, 2008, 2:40:05 PM2/19/08
to
On Tue, 19 Feb 2008 19:19:48 GMT, Robert M. Riches Jr. wrote:
>
> A few years ago, when I was using HatRed, I made a script
> called fixresolvconf to fix /etc/resolv.conf to what _I_
> wanted it to contain after the system utilities had messed
> it up. I ran that from rc.local and manually as needed.

Bad location there if network is restarted. :(

Now adays, on Mandriva, you would put the script in
/etc/sysconfig/network-scripts/ifup.d/

Or for use on Fedora and Mandriva you would create a /sbin/ifup-local
to do clean up.

I used to use my /sbin/ifup-local to put my dhcp address in /etc/hosts,
modify /etc/shorewall/params file and strip the search ISPs_domain
line from resolv.conf.

ERACC

unread,
Feb 19, 2008, 2:48:21 PM2/19/08
to
On Tue, 19 Feb 2008 16:00:13 +0000, Bit Twister wrote:

Hi Bit Twister, et al. I figured out how to work with resolvconf a while
back and decided today to put the information on my company technical blog
after following this thread. Feel free to plagiarize me. :)

http://blog.eracc.com/?p=21

Gene (e-mail: gene \a\t eracc \d\o\t com)
--
Mandriva Linux release 2007.1 (Official) for i586
Got Rute? http://www.anrdoezrs.net/email-2546588-42121?isbn=0130333514
ERA Computers & Consulting - http://www.eracc.com/
Preloaded PCs - eComStation, Linux, FreeBSD, OpenServer & UnixWare

Jim Beard

unread,
Feb 19, 2008, 6:18:14 PM2/19/08
to
Whiskers wrote:
> On 2008-02-19, Jim Beard <jdb...@patriot.net> wrote:
>> On Tue, 19 Feb 2008 01:56:18 +0000, Bit Twister wrote:
>>
>>> On Tue, 19 Feb 2008 01:26:27 GMT, Jim Beard wrote:
>>>> There are several problematic points about my attempt. I simply added
>>>> the two servers to resolv.conf.
>>>
>> [jim@localhost etc]$ cat resolv.conf
>> search home.invalid
>>
>> nameserver 192.168.0.1
>> # nameserver 208.67.222.222
>> # nameserver 208.67.222.220
>
> [...]
>
> Looks to me as though you have set up Mandriva (when creating your network
> settings via MCC?) to use your 'router' as the primary DNS server. Does
> it actually function as one? What DNS servers is the router using?

Yes, the router (D-Link DI624) handles DNS. It uses the Verizon
DNS servers.

> Just
> as the comment at the top of the file says, any changes you make to
> resolv.conf will be overwritten - using the settings you have made
> "elsewhere", which in Mandriva seems to mean via the GUI tools).

Yes, and no. I can make changes in resolv.conf, and they will be
picked up and used immediately. A reboot will wipe them out, and I
think there may some other mechanism that will wipe them out and
restore the settings "made elsewhere." But for temporary testing,
entering the nameservers works fine.


>
> Perhaps there are some clues in man resolvconf (note the absence of a dot
> in that name).

Actually, I think there are some clues in /var/run/resolvconf, but
I don't think I need to tinker with that until I know I want the
change to be permanent.

> Here's my resolv.conf as created by 'something in Mandriva':
>
> [mark@tavy ~]$ cat /etc/resolv.conf
> # Dynamic resolv.conf(5) file for glibc resolver(3) generated by
> resolvconf(8)
> # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
> nameserver 208.67.222.222
> nameserver 208.67.220.222
> [mark@tavy ~]$
>
> Notice that the difference between those two IP addresses is in the
> penultimate triplet, not in the last one.
>

[The OpenDNS] nameservers are 208.67.222.222 and 208.67.220.220,
according to their website instructions. The two I used earlier
were from BitTwister, and I may have mistyped something. Or,
OpenDNS may have more addresses than listed in any one place. But
my top one was correct in any case. Should have worked.

Cheers!

jim b.

--
UNIX is not user-unfriendly; it merely
expects users to be computer-friendly.

Jim Beard

unread,
Feb 19, 2008, 6:28:15 PM2/19/08
to
Bit Twister wrote:
> On Tue, 19 Feb 2008 03:54:41 GMT, Jim Beard wrote:
>> /* Not using OpenDNS */
>>
>> [jim@jb ~]$ ping -c1 weather.gov
>> PING weather.gov (140.90.113.200) 56(84) bytes of data.
>> 64 bytes from nws.noaa.gov (140.90.113.200): icmp_seq=1 ttl=51
>> time=5.89 ms
>>
>> --- weather.gov ping statistics ---
>> 1 packets transmitted, 1 received, 0% packet loss, time 0ms
>> rtt min/avg/max/mdev = 5.899/5.899/5.899/0.000 ms
>>
>> /* Yes, the decimal point is in the right place */
>
> There's the problem, when using opendns your system forgets what it
> was looking for. :-D
>
> <snip same ipv6 suppression stuff I have>
>
> There went the hope it was an ipv6 problem.
>
> Just for fun, plug in
> nameserver 4.2.2.1
> nameserver 4.2.2.2
>
>
> ping -c1 weather.gov
>
> to see if it fails again.
>
> If works, I have no idea why Open Dns fails.

See below. All worked, though OpenDNS was slightly slower.

> You mentioned belt/suspenders.
>
> You may want to consider installing privoxy and adding NoScrip add on to firefox.
> http://www.privoxy.org/
> http://noscript.net/getit
>
> Black Hats have been cracking into ad servers and infecting banners and ads,
> not to mention flash, pdf, ...
>
> Sites you trust can be serving out malware via the banner/ads.
>
> From my admin diary.
>
> urpmi --wget privoxy --auto
> server privoxy restart
>
>
> # add privoxy server to firefox
>
> firefox
> Click Network tab
> Connection
> Settings button
>
> click Manual proxy configuration:
> HTTP Proxy: 127.0.0.1 Port: 8118
> SSL Proxy: 127.0.0.1 Port: 8118
> Click OK
>
>
> # add the noscript extension to block/enable java
> http://noscript.net/getit
>
> In the NoScript Options screen
> click Advanced tab
> and set all check boxes checked in the Untrusted screen.

Using 4.2.2.1 and 4.2.2.2

PING weather.gov (140.90.113.200) 56(84) bytes of data.
64 bytes from nws.noaa.gov (140.90.113.200): icmp_seq=1 ttl=51

time=5.85 ms

Using OpenDNS 208.67.222.222 208.67.220.220


--- weather.gov ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms

rtt min/avg/max/mdev = 6.050/6.050/6.050/0.000 ms
[root@jb etc]# pin -c1 weather.gov

[root@jb etc]# ping -c1 weather.gov


PING weather.gov (140.90.113.200) 56(84) bytes of data.
64 bytes from nws.noaa.gov (140.90.113.200): icmp_seq=1 ttl=51

time=6.05 ms...

Bit Twister

unread,
Feb 19, 2008, 7:09:33 PM2/19/08
to
On Tue, 19 Feb 2008 23:28:15 GMT, Jim Beard wrote:
>
> See below. All worked,

So, with opendns servers loaded did your weather site still fail?

> though OpenDNS was slightly slower.

Yes, pings will vary based on traffic load.

You can speed up pings by using ip addy instead of name.

Whiskers

unread,
Feb 20, 2008, 6:59:11 AM2/20/08
to
On 2008-02-19, Jim Beard <jim....@verizon.net> wrote:
> Whiskers wrote:
>> On 2008-02-19, Jim Beard <jdb...@patriot.net> wrote:
>>> On Tue, 19 Feb 2008 01:56:18 +0000, Bit Twister wrote:
>>>> On Tue, 19 Feb 2008 01:26:27 GMT, Jim Beard wrote:

[...]

>> Looks to me as though you have set up Mandriva (when creating your network
>> settings via MCC?) to use your 'router' as the primary DNS server. Does
>> it actually function as one? What DNS servers is the router using?
>
> Yes, the router (D-Link DI624) handles DNS. It uses the Verizon
> DNS servers.

Are you sure that your router functions as a DNS server? If the DNS IP
numbers in the setup interface are under the DHCP settings, then I think
that just means that local computers getting a DHCP connection from your
router will be told to use those IP numbers in their own resolving setup.
In that case, if you set up your computer to use the router as a DNS
server, that will fail and whatever the second or third DNS server is in
your computer's setup will be resorted to. That could account for
'slowness'.

[...]

>> Here's my resolv.conf as created by 'something in Mandriva':
>>
>> [mark@tavy ~]$ cat /etc/resolv.conf
>> # Dynamic resolv.conf(5) file for glibc resolver(3) generated by
>> resolvconf(8)
>> # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
>> nameserver 208.67.222.222
>> nameserver 208.67.220.222
>> [mark@tavy ~]$
>>
>> Notice that the difference between those two IP addresses is in the
>> penultimate triplet, not in the last one.
>>
> [The OpenDNS] nameservers are 208.67.222.222 and 208.67.220.220,
> according to their website instructions. The two I used earlier
> were from BitTwister, and I may have mistyped something. Or,
> OpenDNS may have more addresses than listed in any one place. But
> my top one was correct in any case. Should have worked.
>
> Cheers!

I just looked and you're right, there was a typo in the setup of my router
so it was telling my computer the wrong IP number for the second DNS
server. Having re-started my computer's wifi connection, it's resolv.conf
has been updated :))

Jim Beard

unread,
Feb 20, 2008, 5:35:52 PM2/20/08
to
Whiskers wrote:
> Are you sure that your router functions as a DNS server? If the DNS IP
> numbers in the setup interface are under the DHCP settings, then I think
> that just means that local computers getting a DHCP connection from your
> router will be told to use those IP numbers in their own resolving setup.
> In that case, if you set up your computer to use the router as a DNS
> server, that will fail and whatever the second or third DNS server is in
> your computer's setup will be resorted to. That could account for
> 'slowness'.

The only thing set as a nameserver anywhere on my system was
nameserver 192.168.0.1, my router's LAN address. I looked at
resolv.conf, in the files under resolvconf, and in the files below
/var/run/resolvconf/ and /var/spool/postfix/etc/. In addition,
I just did a grep -R for 192 and separately for IPADD in
/etc/sysconfig and got nothing except references to resolv.conf.

If the router were caching the addresses, that would make a
difference but when I shifted to 4.2.2.1 and immediately did a
ping -c1 weather.gov I still got a response in under 6 ms,
whereas OpenDNS took 53 ms. FWIW, I just did a ping -c1 yahoo.com
which is a server I do not use, and that returned in 2.96 ms.
Seems Verizon nameservers serving my machine are _real_ fast.
They have to be caching, but then, I would expect OpenDNS to be
doing so, too.

Bit Twister

unread,
Feb 20, 2008, 6:08:18 PM2/20/08
to
On Wed, 20 Feb 2008 22:35:52 GMT, Jim Beard wrote:
>

> If the router were caching the addresses, that would make a
> difference but when I shifted to 4.2.2.1 and immediately did a
> ping -c1 weather.gov I still got a response in under 6 ms,
> whereas OpenDNS took 53 ms.

<snip>


> but then, I would expect OpenDNS to be doing so, too.

To prove your OpenDNS caching theory, set OpenDNS server in /etc/resolv.conf
ping -c1 weather.gov should be slow, quick up arrow, return, to run
ping -c1 weather.gov should be fast :-)

You can use "dig" to see how fast a DNS server is.

Still wondering if your weather page is broke under OpenDNS. :)

Jim Beard

unread,
Feb 20, 2008, 9:25:33 PM2/20/08
to
On Wed, 20 Feb 2008 23:08:18 +0000, Bit Twister wrote:
> You can use "dig" to see how fast a DNS server is.
>
> Still wondering if your weather page is broke under OpenDNS. :)

All seems to be working today. There definitely is some caching
involved, though.

I ran dig queries against www.pipes.org yahoo.com and weather.gov
for 208.67.222.222 208.67.220.220 192.168.0.1 and 4.2.2.1

Longest query time was 82 ms to pipes.org, with 4.2.2.1 coming in
at 43 ms on its slowest response. On weather.gov, all had a query
time of under 7 ms. Overall 4.2.2.1 had the shortest query times,
with 192.168.0.1 about 1 ms longer and the OpenDNS servers
maybe 1 ms longer than that. 4 ms, 5 ms, 6 ms, more or less,
respectively.

Aterm/Eterm does not cut/paste nicely, and I forget
I needed to load an x-term so you do not get the details. When
I did shift to an x-term, all three DNS serserv were running mostly
6 ms or less.

Cheers!

jim b.

--

Jim Beard

unread,
Feb 20, 2008, 9:27:14 PM2/20/08
to

Using OpenDNS:
[root@localhost etc]# ping weather.gov


PING weather.gov (140.90.113.200) 56(84) bytes of data.

64 bytes from nws.noaa.gov (140.90.113.200): icmp_seq=1 ttl=51 time=6.15 ms
64 bytes from nws.noaa.gov (140.90.113.200): icmp_seq=2 ttl=51 time=6.05 ms
64 bytes from nws.noaa.gov (140.90.113.200): icmp_seq=3 ttl=51 time=6.00 ms
64 bytes from nws.noaa.gov (140.90.113.200): icmp_seq=4 ttl=51 time=5.90 ms
64 bytes from nws.noaa.gov (140.90.113.200): icmp_seq=5 ttl=51 time=5.99 ms
64 bytes from nws.noaa.gov (140.90.113.200): icmp_seq=6 ttl=51 time=6.05 ms
64 bytes from nws.noaa.gov (140.90.113.200): icmp_seq=7 ttl=51 time=6.07 ms
64 bytes from nws.noaa.gov (140.90.113.200): icmp_seq=8 ttl=51 time=6.07 ms
64 bytes from nws.noaa.gov (140.90.113.200): icmp_seq=9 ttl=51 time=5.95 ms
64 bytes from nws.noaa.gov (140.90.113.200): icmp_seq=10 ttl=51 time=6.33 ms

Back to router as nameserver:


--- weather.gov ping statistics ---

10 packets transmitted, 10 received, 0% packet loss, time 9000ms
rtt min/avg/max/mdev = 5.909/6.058/6.335/0.145 ms
[root@localhost etc]# vi resolv.conf
[root@localhost etc]# ping weather.gov


PING weather.gov (140.90.113.200) 56(84) bytes of data.

64 bytes from nws.noaa.gov (140.90.113.200): icmp_seq=1 ttl=51 time=6.16 ms
64 bytes from nws.noaa.gov (140.90.113.200): icmp_seq=2 ttl=51 time=6.03 ms
64 bytes from nws.noaa.gov (140.90.113.200): icmp_seq=3 ttl=51 time=6.09 ms
64 bytes from nws.noaa.gov (140.90.113.200): icmp_seq=4 ttl=51 time=6.17 ms
64 bytes from nws.noaa.gov (140.90.113.200): icmp_seq=5 ttl=51 time=6.13 ms
64 bytes from nws.noaa.gov (140.90.113.200): icmp_seq=6 ttl=51 time=6.03 ms
64 bytes from nws.noaa.gov (140.90.113.200): icmp_seq=7 ttl=51 time=5.94 ms
64 bytes from nws.noaa.gov (140.90.113.200): icmp_seq=8 ttl=51 time=6.40 ms
64 bytes from nws.noaa.gov (140.90.113.200): icmp_seq=9 ttl=51 time=6.10 ms

--- weather.gov ping statistics ---

9 packets transmitted, 9 received, 0% packet loss, time 8000ms
rtt min/avg/max/mdev = 5.946/6.120/6.401/0.149 ms
[root@localhost etc]# urpmi kdebindings3-python/python-kde3
No package named kdebindings3-python/python-kde3

Today, OpenDNS looks a little better. Given the responses in
favor of OpenDNS, looks like time to put it in and let it go for
a while.

--
/home/jim/.signature

Bit Twister

unread,
Feb 20, 2008, 9:36:31 PM2/20/08
to
On Thu, 21 Feb 2008 02:27:14 GMT, Jim Beard wrote:

> Today, OpenDNS looks a little better. Given the responses in
> favor of OpenDNS, looks like time to put it in and let it go for
> a while.

I would have to say the day you started this thread there were
problems from your gateway and beyond, not with OpenDNS.

Those ping time fluctuations are "normal network" variations.

Whiskers

unread,
Feb 21, 2008, 7:17:16 AM2/21/08
to
On 2008-02-20, Jim Beard <jim....@verizon.net> wrote:
> Whiskers wrote:
>> Are you sure that your router functions as a DNS server? If the DNS IP
>> numbers in the setup interface are under the DHCP settings, then I think
>> that just means that local computers getting a DHCP connection from your
>> router will be told to use those IP numbers in their own resolving setup.
>> In that case, if you set up your computer to use the router as a DNS
>> server, that will fail and whatever the second or third DNS server is in
>> your computer's setup will be resorted to. That could account for
>> 'slowness'.
>
> The only thing set as a nameserver anywhere on my system was
> nameserver 192.168.0.1, my router's LAN address.

I don't think your router functions as a DNS server of any sort. So if
your comnputer asks it to be one, it will fail and then your computer will
have to fall back onto whatever else it finds in resolv.conf. That will
introduce a noticeable delay. If at that moment there are no secondary
entries in your resolv.conf you won't be able to lookup any DNS
information so eg web pages will be 'unavailable'.

If your LAN uses DHCP then each time your computer connects to the router,
or the DHCP system 'refreshes', it will be told by the router what DNS
server addresses to put into resolv.conf - over-writing anything else you
might have had in there before.

> I looked at
> resolv.conf, in the files under resolvconf, and in the files below
> /var/run/resolvconf/ and /var/spool/postfix/etc/. In addition,
> I just did a grep -R for 192 and separately for IPADD in
> /etc/sysconfig and got nothing except references to resolv.conf.
>
> If the router were caching the addresses, that would make a
> difference but when I shifted to 4.2.2.1 and immediately did a
> ping -c1 weather.gov I still got a response in under 6 ms,
> whereas OpenDNS took 53 ms. FWIW, I just did a ping -c1 yahoo.com
> which is a server I do not use, and that returned in 2.96 ms.
> Seems Verizon nameservers serving my machine are _real_ fast.
> They have to be caching, but then, I would expect OpenDNS to be
> doing so, too.
>
> Cheers!
>
> jim b.

I don't think ping is a useful indicator of how fast your DNS server is at
responding to your requests - too many other factors effect the response
of ping, not least the performance and settings of the target of the ping.
I would suggest that dig will tell you how quick the DNS server itself is.
(If the target machine is set to drop all ping requests, you'll get no
response at all, of course).

I just got a dig yahoo.com query back from OpenDNS in 31ms (which isn't too
bad for a transatlantic connection during office hours). That feels
instantaneous to me. Pinging yahoo.com gets a round-trip time of about
188ms - and so does pinging 66.94.234.13 thus eliminating any DNS element
at all in the response of the ping.

(My internet connection is rate-adaptive DSL; "up to" 8Mbps download,
512kbps dowload, but usually well below that speed).

Jim Beard

unread,
Feb 21, 2008, 8:14:04 PM2/21/08
to
Whiskers wrote:
> I don't think your router functions as a DNS server of any sort. So if
> your comnputer asks it to be one, it will fail and then your computer will
> have to fall back onto whatever else it finds in resolv.conf. That will
> introduce a noticeable delay. If at that moment there are no secondary
> entries in your resolv.conf you won't be able to lookup any DNS
> information so eg web pages will be 'unavailable'.

The router has a place in the configuration gui to insert dnsserver
addresses (optional), and a button to click to enable or disable dns
relay. The addresses are left blank and the router is set for dns
relay enabled. If the router were not getting involved, I would
expect a straight passthrough (dns relay disabled).

Just for grins, I ran dig with no arguments, when 192.168.0.1 was
the only thing in resolv.conf. I am not quite sure what to make of
the response, but perhaps you can sort it. Note that the SERVER
is identified at the bottom as 192.168.0.1.

[jim@localhost etc]$ dig

; <<>> DiG 9.5.0b2 <<>>
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9541
;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 14

;; QUESTION SECTION:
;. IN NS

;; ANSWER SECTION:
. 40105 IN NS I.ROOT-SERVERS.NET.
. 40105 IN NS J.ROOT-SERVERS.NET.
. 40105 IN NS K.ROOT-SERVERS.NET.
. 40105 IN NS L.ROOT-SERVERS.NET.
. 40105 IN NS M.ROOT-SERVERS.NET.
. 40105 IN NS A.ROOT-SERVERS.NET.
. 40105 IN NS B.ROOT-SERVERS.NET.
. 40105 IN NS C.ROOT-SERVERS.NET.
. 40105 IN NS D.ROOT-SERVERS.NET.
. 40105 IN NS E.ROOT-SERVERS.NET.
. 40105 IN NS F.ROOT-SERVERS.NET.
. 40105 IN NS G.ROOT-SERVERS.NET.
. 40105 IN NS H.ROOT-SERVERS.NET.

;; ADDITIONAL SECTION:
J.ROOT-SERVERS.NET. 531725 IN A 192.58.128.30
J.ROOT-SERVERS.NET. 126647 IN AAAA 2001:503:c27::2:30
K.ROOT-SERVERS.NET. 540676 IN A 193.0.14.129
K.ROOT-SERVERS.NET. 540676 IN AAAA 2001:7fd::1
L.ROOT-SERVERS.NET. 531725 IN A 199.7.83.42
M.ROOT-SERVERS.NET. 531725 IN A 202.12.27.33
M.ROOT-SERVERS.NET. 126647 IN AAAA 2001:dc3::35
A.ROOT-SERVERS.NET. 597289 IN A 198.41.0.4
A.ROOT-SERVERS.NET. 597289 IN AAAA 2001:503:ba3e::2:30
B.ROOT-SERVERS.NET. 597289 IN A 192.228.79.201
C.ROOT-SERVERS.NET. 597289 IN A 192.33.4.12
D.ROOT-SERVERS.NET. 597289 IN A 128.8.10.90
E.ROOT-SERVERS.NET. 597289 IN A 192.203.230.10
F.ROOT-SERVERS.NET. 597289 IN A 192.5.5.241

;; Query time: 5 msec
;; SERVER: 192.168.0.1#53(192.168.0.1)
;; WHEN: Thu Feb 21 17:12:06 2008
;; MSG SIZE rcvd: 500

>
> If your LAN uses DHCP then each time your computer connects to the router,
> or the DHCP system 'refreshes', it will be told by the router what DNS
> server addresses to put into resolv.conf - over-writing anything else you
> might have had in there before.

My computers do use DHCP, but the only address that ever appears in
resolv.conf (other than the ones I enter by hand) is 192.168.0.1.

>> If the router were caching the addresses, that would make a
>> difference but when I shifted to 4.2.2.1 and immediately did a
>> ping -c1 weather.gov I still got a response in under 6 ms,
>> whereas OpenDNS took 53 ms. FWIW, I just did a ping -c1 yahoo.com
>> which is a server I do not use, and that returned in 2.96 ms.
>> Seems Verizon nameservers serving my machine are _real_ fast.
>> They have to be caching, but then, I would expect OpenDNS to be
>> doing so, too.

I tried using the OpenDNS servers earlier this evening, and an
attempt to get to my home banking was slower than molasses in
January, or February. Minutes to get in. Then seconds by the score
to move between pages. I switched back to the router address in
resolv.conf, and everything moves along briskly.

There are, I think, a couple of things involved here. One is
caching. Second, I have a feeling that the Home Banking server
may be watching the header data on incoming packets. When I did get
in using OpenDNS, the first thing that happened was I had to answer
the questions used to validate my loging when using a computer other
than one I normally use. This could be a result of my using a new
Beta kernel, I suppose, but it may be that the server is watching
the originating addresses.

Another factor is (I assume) that the DNS machine watches and blocks
ad servers, malware servers, etc, on a packet by packet (or maybe
session) basis. Just checking those addresses will
take some amount of time, and if caching is involved at this point,
that would be one more place where things could slow down.

So, for a valid comparison, I would have to use OpenDNS for several
days to see if it starts caching the addys I need, and if the servers
I use start responding more promptly to recognized points/paths of
origin. A pain in the posterior, as OpenDNS currently is ok part
of the time, but part of the time it flat out s*cks.

On the plus side, using OpenDNS this evening, the ads I find most
obnoxious in the WSJ pages (the animated flashing things -- I despise
them; have to keep switching between all java off to stop it, and
turning java-script on to forward articles now and then) did not
appear. I suspect they were blocked by OpenDNS (Yea!). I did get
ads in their place, but static ones. Much easier to tolerate.

> I don't think ping is a useful indicator of how fast your DNS server is at
> responding to your requests - too many other factors effect the response
> of ping, not least the performance and settings of the target of the ping.
> I would suggest that dig will tell you how quick the DNS server itself is.
> (If the target machine is set to drop all ping requests, you'll get no
> response at all, of course).

I did use dig a bit. Using my router, and the Verizon nameservers,
both delivered query times of around 5 ms, give or take a ms or so,
with a rare exception in the 30-45 ms range. OpenDNS at its best was
in the 6 ms range, but query time between 45 and 60 ms was common,
and it took 82 or 83 ms for one site located on the Left Coast.


>
> I just got a dig yahoo.com query back from OpenDNS in 31ms (which isn't too
> bad for a transatlantic connection during office hours). That feels
> instantaneous to me. Pinging yahoo.com gets a round-trip time of about
> 188ms - and so does pinging 66.94.234.13 thus eliminating any DNS element
> at all in the response of the ping.


; <<>> DiG 9.4.1-P1 <<>> yahoo.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65441
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;yahoo.com. IN A

;; ANSWER SECTION:
yahoo.com. 204 IN A 216.109.112.135
yahoo.com. 204 IN A 66.94.234.13

;; Query time: 13 msec
;; SERVER: 192.168.0.1#53(192.168.0.1)
;; WHEN: Thu Feb 21 19:56:59 2008
;; MSG SIZE rcvd: 59

[jim@jb jim]$ ping 66.94.234.13
PING 66.94.234.13 (66.94.234.13) 56(84) bytes of data.
64 bytes from 66.94.234.13: icmp_seq=1 ttl=54 time=89.7 ms
64 bytes from 66.94.234.13: icmp_seq=2 ttl=53 time=89.7 ms
64 bytes from 66.94.234.13: icmp_seq=3 ttl=53 time=89.5 ms

As you can see from the above, fiber to the home in my case
does deliver better speed. It probably helps that I live
near MAE-East. (Maybe when I die, I will get to live near
Mae West. What think you? But I would be willing to settle
for Dorothy Parker.)

> (My internet connection is rate-adaptive DSL; "up to" 8Mbps download,
> 512kbps dowload, but usually well below that speed).

FIOS (fiber to the outside wall of the house) 5 MB down, maybe 2 up.

Bit Twister

unread,
Feb 21, 2008, 8:31:26 PM2/21/08
to
On Fri, 22 Feb 2008 01:14:04 GMT, Jim Beard wrote:


> My computers do use DHCP, but the only address that ever appears in
> resolv.conf (other than the ones I enter by hand) is 192.168.0.1.

As a rule, the dhcp server sends in what DNS server(s) to use.


> I tried using the OpenDNS servers earlier this evening, and an
> attempt to get to my home banking was slower than molasses in
> January, or February. Minutes to get in. Then seconds by the score
> to move between pages. I switched back to the router address in
> resolv.conf, and everything moves along briskly.

I would like you to run the test again, but switch back to opendns
to verify the visible slowness shows back up.

> There are, I think, a couple of things involved here. One is
> caching. Second, I have a feeling that the Home Banking server
> may be watching the header data on incoming packets. When I did get
> in using OpenDNS, the first thing that happened was I had to answer
> the questions used to validate my loging when using a computer other
> than one I normally use.

Yep, my bank's page will store a cookie with my Internet ip address
and I will get the same kind of warning plus an email to use to get
back into my account.


> Another factor is (I assume) that the DNS machine watches and blocks
> ad servers, malware servers, etc, on a packet by packet (or maybe
> session) basis.

It would be the ip address of the ad.

> wJust checking those addresses will


> take some amount of time, and if caching is involved at this point,
> that would be one more place where things could slow down.

That is what I do not understand. I ran all the urls you gave and none
of them were slow.


> So, for a valid comparison, I would have to use OpenDNS for several
> days to see if it starts caching the addys I need, and if the servers
> I use start responding more promptly to recognized points/paths of
> origin. A pain in the posterior, as OpenDNS currently is ok part
> of the time, but part of the time it flat out s*cks.

Next time you have the slow problem. I would like to work with you on
the problem. If you have/get an skype account, I can stay logged into skype
and we can trouble shoot the problem a little bit in real time if you
like. Just give my your skype id and I'll watch for you.


> On the plus side, using OpenDNS this evening, the ads I find most
> obnoxious in the WSJ pages (the animated flashing things -- I despise
> them; have to keep switching between all java off to stop it, and
> turning java-script on to forward articles now and then) did not
> appear. I suspect they were blocked by OpenDNS (Yea!). I did get
> ads in their place, but static ones. Much easier to tolerate.

If you install privoxy, you may be able to improve your surfing
experience all around.

click up a terminal

su - root
urpmi --wget privoxy -- auto
exit
exit

In firefox,
Edit->Preference->Advanced


Click Network tab
Connection
Settings button

click Manual proxy configuration:
HTTP Proxy: 127.0.0.1 Port: 8118
SSL Proxy: 127.0.0.1 Port: 8118
Click OK

Click Close

Whiskers

unread,
Feb 22, 2008, 8:58:18 AM2/22/08
to
On 2008-02-22, Jim Beard <jim....@verizon.net> wrote:
> Whiskers wrote:
>> I don't think your router functions as a DNS server of any sort. So if
>> your comnputer asks it to be one, it will fail and then your computer will
>> have to fall back onto whatever else it finds in resolv.conf. That will
>> introduce a noticeable delay. If at that moment there are no secondary
>> entries in your resolv.conf you won't be able to lookup any DNS
>> information so eg web pages will be 'unavailable'.
>
> The router has a place in the configuration gui to insert dnsserver
> addresses (optional), and a button to click to enable or disable dns
> relay. The addresses are left blank and the router is set for dns
> relay enabled. If the router were not getting involved, I would
> expect a straight passthrough (dns relay disabled).

I'd be interested to know what 'dns relay' means in that context. I
suspect that it means that whenever a computer on your LAN directs a DNS
query to your router, the router relays that request to your ISP's DNS
server(s). If you enter the DNS server addresses you want to use and turn
of 'relay', then the router will use the specified DNS servers for its own
purposes and tell any DHCP clients on your LAN to use those same servers
in resolv.conf. In neither case is your router functioning as a DNS
server itself (although enabling DNS Relay will make it look as though it
is).

I've never used a 'static' setup for my LAN so I haven't looked into the
DNS arrangements for that.

> Just for grins, I ran dig with no arguments, when 192.168.0.1 was
> the only thing in resolv.conf. I am not quite sure what to make of
> the response, but perhaps you can sort it. Note that the SERVER
> is identified at the bottom as 192.168.0.1.
>
> [jim@localhost etc]$ dig

[...]

Doing that, I get

$ dig

; <<>> DiG 9.4.1-P1 <<>>


;; global options: printcmd
;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16290
;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;. IN NS

;; ANSWER SECTION:
. 518377 IN NS M.ROOT-SERVERS.NET.
. 518377 IN NS A.ROOT-SERVERS.NET.
. 518377 IN NS B.ROOT-SERVERS.NET.
. 518377 IN NS C.ROOT-SERVERS.NET.
. 518377 IN NS D.ROOT-SERVERS.NET.
. 518377 IN NS E.ROOT-SERVERS.NET.
. 518377 IN NS F.ROOT-SERVERS.NET.
. 518377 IN NS G.ROOT-SERVERS.NET.
. 518377 IN NS H.ROOT-SERVERS.NET.
. 518377 IN NS I.ROOT-SERVERS.NET.
. 518377 IN NS J.ROOT-SERVERS.NET.
. 518377 IN NS K.ROOT-SERVERS.NET.
. 518377 IN NS L.ROOT-SERVERS.NET.

;; Query time: 34 msec
;; SERVER: 208.67.222.222#53(208.67.222.222)
;; WHEN: Fri Feb 22 12:30:39 2008
;; MSG SIZE rcvd: 228

>>
>> If your LAN uses DHCP then each time your computer connects to the router,
>> or the DHCP system 'refreshes', it will be told by the router what DNS
>> server addresses to put into resolv.conf - over-writing anything else you
>> might have had in there before.
>
> My computers do use DHCP, but the only address that ever appears in
> resolv.conf (other than the ones I enter by hand) is 192.168.0.1.

That'll be the effect of enabling 'DNS Relay' in the router setup, I
expect. You'll actually be using the DNS servers provided by your ISP.

>>> If the router were caching the addresses, that would make a
>>> difference but when I shifted to 4.2.2.1 and immediately did a
>>> ping -c1 weather.gov I still got a response in under 6 ms,
>>> whereas OpenDNS took 53 ms. FWIW, I just did a ping -c1 yahoo.com
>>> which is a server I do not use, and that returned in 2.96 ms.
>>> Seems Verizon nameservers serving my machine are _real_ fast.
>>> They have to be caching, but then, I would expect OpenDNS to be
>>> doing so, too.

A DNS server only caches its list of domain name to IP number conversions,
it doesn't have anything to do with the actual content of anywhere you
might visit on the internet.

Your ISP might have a caching proxy web server providing its customers a
quicker access to popular web pages, but that's a different matter - and
'secure' pages such as your bank's login and account information etc will
never be cached.

> I tried using the OpenDNS servers earlier this evening, and an
> attempt to get to my home banking was slower than molasses in
> January, or February. Minutes to get in. Then seconds by the score
> to move between pages. I switched back to the router address in
> resolv.conf, and everything moves along briskly.

That sort of delay is far too long for DNS lookups to have anything to do
with it.

> There are, I think, a couple of things involved here. One is
> caching. Second, I have a feeling that the Home Banking server
> may be watching the header data on incoming packets. When I did get
> in using OpenDNS, the first thing that happened was I had to answer
> the questions used to validate my loging when using a computer other
> than one I normally use. This could be a result of my using a new
> Beta kernel, I suppose, but it may be that the server is watching
> the originating addresses.

The headers on the packets coming from your computer won't tell the bank
which DNS server you used to get the IP number you used to get to the
bank's server.

But if you use a DNS server that gives you the 'wrong' IP numbers, then
that suggests that your bank has a problem with it's own DNS arrangements
(for telling the public DNS servers what IP number matches the domain
names in use). Or perhaps even deliberately arranges for OpenDNS to get a
duff IP number so as to discourage customers from using that service? Or
OpenDNS have instigated their own re-direct for your bank's domain?
Perhaps asking OpneDNS and your bank to comment would be interesting.

> Another factor is (I assume) that the DNS machine watches and blocks
> ad servers, malware servers, etc, on a packet by packet (or maybe
> session) basis. Just checking those addresses will
> take some amount of time, and if caching is involved at this point,
> that would be one more place where things could slow down.

I'm not sure you've quite grasped what OpenDNS, or any DNS server, actually
does.

I doubt if OpenDNS inspects any of the packets between your computer and
any other computer apart from theirs. Once a DNS server has told your
computer which IP number to use for a given domain name the DNS server is
no longer involved at all - the traffic goes between you and your bank, the
DNS server doesn't see any of it. Use a packet sniffer to get a look at
the conversations your computer has when you visit a web site.

> So, for a valid comparison, I would have to use OpenDNS for several
> days to see if it starts caching the addys I need, and if the servers
> I use start responding more promptly to recognized points/paths of
> origin. A pain in the posterior, as OpenDNS currently is ok part
> of the time, but part of the time it flat out s*cks.

Unless different DNS servers are being told to associate different IP
numbers with particular domain names, your bank has no way of knowing
which DNS servers you are using.

> On the plus side, using OpenDNS this evening, the ads I find most
> obnoxious in the WSJ pages (the animated flashing things -- I despise
> them; have to keep switching between all java off to stop it, and
> turning java-script on to forward articles now and then) did not
> appear. I suspect they were blocked by OpenDNS (Yea!). I did get
> ads in their place, but static ones. Much easier to tolerate.

Java and javascript aren't the same thing. Unless you've told OpenDNS to
block a specific URL or IP number, they won't. I'd suspect a change in
the embedded adverts in the WSJ pages between your visits.

I normally browse using Opera, with Java, javascript, plugins, and images,
all disabled. Saves a lot of time and annoyance! Visiting
<http://online.wsj.com/public/us> in that way is a very different
experience (far quicker, for a start) to what I get with everything turned
on - when in fact the page never loads fully. Opera does successfully
block content on that page from burstnet and doubleclick, which I can see
if I fire up Firefox. Try going there with Dillo and Lynx <G>

>> I don't think ping is a useful indicator of how fast your DNS server is at
>> responding to your requests - too many other factors effect the response
>> of ping, not least the performance and settings of the target of the ping.
>> I would suggest that dig will tell you how quick the DNS server itself is.
>> (If the target machine is set to drop all ping requests, you'll get no
>> response at all, of course).
>
> I did use dig a bit. Using my router, and the Verizon nameservers,
> both delivered query times of around 5 ms, give or take a ms or so,
> with a rare exception in the 30-45 ms range. OpenDNS at its best was
> in the 6 ms range, but query time between 45 and 60 ms was common,
> and it took 82 or 83 ms for one site located on the Left Coast.

Any of those times would seem pretty 'instant'; 100ms is one tenth of a
second. 5ms is one two-hundredth of a second - and I don't think I've ever
seen a DNS lookup as fast as that; even using my ISP's DNS server 25ms
would be unusually quick.

Show-off :))

> (Maybe when I die, I will get to live near
> Mae West. What think you? But I would be willing to settle
> for Dorothy Parker.)

Careful, with modern computerised bureaucracy you could end up with Charley
Parker or a mouldy life-jacket.

[...]

Jim Beard

unread,
Feb 22, 2008, 11:08:21 AM2/22/08
to
On Fri, 22 Feb 2008 01:31:26 +0000, Bit Twister wrote:

> On Fri, 22 Feb 2008 01:14:04 GMT, Jim Beard wrote:
>> My computers do use DHCP, but the only address that ever appears in
>> resolv.conf (other than the ones I enter by hand) is 192.168.0.1.
>
> As a rule, the dhcp server sends in what DNS server(s) to use.
>

My D-Link DI-624 appears to be an exception.


>
>> I tried using the OpenDNS servers earlier this evening, and an attempt
>> to get to my home banking was slower than molasses in January, or
>> February. Minutes to get in. Then seconds by the score to move
>> between pages. I switched back to the router address in resolv.conf,
>> and everything moves along briskly.
>
> I would like you to run the test again, but switch back to opendns to
> verify the visible slowness shows back up.
>

Well, I am back to OpenDNS this morning, and machine response
is not as snappy as I am accustomed to, but it is tolerable.


>
>> There are, I think, a couple of things involved here. One is caching.
>> Second, I have a feeling that the Home Banking server may be watching

> Yep, my bank's page will store a cookie with my Internet ip address and


> I will get the same kind of warning plus an email to use to get back
> into my account.
>
>
>> Another factor is (I assume) that the DNS machine watches and blocks ad
>> servers, malware servers, etc, on a packet by packet (or maybe session)
>> basis.
>
> It would be the ip address of the ad.
>
>> wJust checking those addresses will
>> take some amount of time, and if caching is involved at this point,
>> that would be one more place where things could slow down.
>
> That is what I do not understand. I ran all the urls you gave and none
> of them were slow.
>

Perhaps they had gone into cache and were still there?


>
>> So, for a valid comparison, I would have to use OpenDNS for several
>> days to see if it starts caching the addys I need, and if the servers I
>> use start responding more promptly to recognized points/paths of
>> origin. A pain in the posterior, as OpenDNS currently is ok part of
>> the time, but part of the time it flat out s*cks.
>
> Next time you have the slow problem. I would like to work with you on
> the problem. If you have/get an skype account, I can stay logged into
> skype and we can trouble shoot the problem a little bit in real time if
> you like. Just give my your skype id and I'll watch for you.
>

I don't have the skype account, and do not have a microphone set up
on this machine. For the moment, with things working in acceptable
fashion, I do not think we have trouble worth shooting. Should we
need it, I can pass you my voice phone and then call back if you pay
by the minute rather than monthly flat rate.


>
>> On the plus side, using OpenDNS this evening, the ads I find most
>> obnoxious in the WSJ pages (the animated flashing things -- I despise
>> them; have to keep switching between all java off to stop it, and
>> turning java-script on to forward articles now and then) did not
>> appear. I suspect they were blocked by OpenDNS (Yea!). I did get ads
>> in their place, but static ones. Much easier to tolerate.
>
> If you install privoxy, you may be able to improve your surfing
> experience all around.
>

Installed, but I must configure it. On first try it wanted a config
file, and declared its absence a fatal error.

Cheers!

Bit Twister

unread,
Feb 22, 2008, 11:33:08 AM2/22/08
to
On Fri, 22 Feb 2008 16:08:21 GMT, Jim Beard wrote:
> On Fri, 22 Feb 2008 01:31:26 +0000, Bit Twister wrote:
>>
>> As a rule, the dhcp server sends in what DNS server(s) to use.
>>
> My D-Link DI-624 appears to be an exception.

Hence, "As a rule" :)
if you set eth0 as dhcp (automatic) and resolv.conf gets router's ip
then rouer's dhcp server did send DNS servers. :)

If ISP's dns ips show up in resolv.conf router's dhcp server did send
DNS server values. :-D

>> That is what I do not understand. I ran all the urls you gave and none
>> of them were slow.
>>
> Perhaps they had gone into cache and were still there?

AH YES, but you can test that theory, Set resolv.conf as
# nameserver router_ip_here
namesever opendns_ip_here

First time browser boggs down,
click up a root terminal
kwrite /etc/resolv.conf &

wait for browser page completion,
Uncomment router_ip line
Ctl s
click refresh/reload on web page.
Snaps right up, Ok,
comment out router_ip_here
Ctl s
click refresh/reload on web page.


>> you like. Just give my your skype id and I'll watch for you.
>>
> I don't have the skype account, and do not have a microphone set up
> on this machine.

Not a problem, skype has a chat/im type screen, no mic needed.
I think I have been able to voice at someone without a mic and they
chat'ed answers at me.


> For the moment, with things working in acceptable
> fashion, I do not think we have trouble worth shooting.

>>

>> If you install privoxy, you may be able to improve your surfing
>> experience all around.
>>
> Installed, but I must configure it. On first try it wanted a config
> file, and declared its absence a fatal error.

Guess, I will have to uninstall, install to see the name of the config
file. :(

New rpm may have changed and I never see the problem because I copy in
my custom changes hiding the problem from me.

Jim Beard

unread,
Feb 22, 2008, 11:49:50 AM2/22/08
to
On Fri, 22 Feb 2008 13:58:18 +0000, Whiskers wrote:
> On 2008-02-22, Jim Beard <jim....@verizon.net> wrote:
>> Whiskers wrote:
W>>> I don't think your router functions as a DNS server of any sort.
>>
J>> The router has a place in the configuration gui to insert dnsserver

>> addresses (optional), and a button to click to enable or disable dns
>> relay.
>
W> I'd be interested to know what 'dns relay' means in that context. I

> suspect that it means that whenever a computer on your LAN directs a DNS
> query to your router, the router relays that request to your ISP's DNS
> server(s). If you enter the DNS server addresses you want to use and
> turn of 'relay', then the router will use the specified DNS servers for
> its own purposes and tell any DHCP clients on your LAN to use those same
> servers in resolv.conf. In neither case is your router functioning as a
> DNS server itself (although enabling DNS Relay will make it look as
> though it is).

My guess is you have hit the nail on the head.

It seems I got more IP addresses, and some numbers that were
either IPv6 or MAC numbers or something. Why? I have no idea.

J>> My computers do use DHCP, but the only address that ever appears in


>> resolv.conf (other than the ones I enter by hand) is 192.168.0.1.
>

W> That'll be the effect of enabling 'DNS Relay' in the router setup, I


> expect. You'll actually be using the DNS servers provided by your ISP.
>

W> A DNS server only caches its list of domain name to IP number


> conversions, it doesn't have anything to do with the actual content of
> anywhere you might visit on the internet.
>

W> Your ISP might have a caching proxy web server providing its customers a


> quicker access to popular web pages, but that's a different matter - and
> 'secure' pages such as your bank's login and account information etc
> will never be cached.

I had not thought of that, but my guess is that an outfit as large as
Verizon would be doing exactly that. And its customer base in the
Washington DC area would probably mean a lot of pages cached,
by people with interests similar to mine.
>
J>> I tried using the OpenDNS servers earlier this evening, and an attempt


>> to get to my home banking was slower than molasses in January,
>

W> That sort of delay is far too long for DNS lookups to have anything to
> do with it.

Unless misdirection were involved. The idea below about the site
deliberately providing a "tailored" address to nonpreferred DNS
servers could dump the connection into a "look at this one carefully"
honeypot, and if the pot were full at the time that could slow things
down dramatically.

W> The headers on the packets coming from your computer won't tell the bank


> which DNS server you used to get the IP number you used to get to the
> bank's server.
>

W> But if you use a DNS server that gives you the 'wrong' IP numbers, then


> that suggests that your bank has a problem with it's own DNS
> arrangements (for telling the public DNS servers what IP number matches
> the domain names in use). Or perhaps even deliberately arranges for
> OpenDNS to get a duff IP number so as to discourage customers from using
> that service? Or OpenDNS have instigated their own re-direct for your
> bank's domain? Perhaps asking OpneDNS and your bank to comment would be
> interesting.
>
>> Another factor is (I assume) that the DNS machine watches and blocks ad
>> servers, malware servers, etc, on a packet by packet (or maybe session)
>> basis. Just checking those addresses will take some amount of time,
>> and if caching is involved at this point, that would be one more place
>> where things could slow down.
>
> I'm not sure you've quite grasped what OpenDNS, or any DNS server,
> actually does.
>
> I doubt if OpenDNS inspects any of the packets between your computer and
> any other computer apart from theirs. Once a DNS server has told your
> computer which IP number to use for a given domain name the DNS server
> is no longer involved at all - the traffic goes between you and your
> bank, the DNS server doesn't see any of it. Use a packet sniffer to get
> a look at the conversations your computer has when you visit a web site.

I assumed that selectively blocking ads within a page required packet-by-
packet inspection. If not, my understanding was wrong. ... I am going to
have to learn how to use wireshark, but that is a topic for another time.


>
>> So, for a valid comparison, I would have to use OpenDNS for several
>> days to see if it starts caching the addys I need, and if the servers I
>> use start responding more promptly to recognized points/paths of
>> origin. A pain in the posterior, as OpenDNS currently is ok part of
>> the time, but part of the time it flat out s*cks.
>
> Unless different DNS servers are being told to associate different IP
> numbers with particular domain names, your bank has no way of knowing
> which DNS servers you are using.

Possible. I do not know if it is being done, but banks and credit unions
have been told to tighten up security, with little definitive guidance on
how they should do it.

>> On the plus side, using OpenDNS this evening, the ads I find most
>> obnoxious in the WSJ pages (the animated flashing things -- I despise
>> them; have to keep switching between all java off to stop it, and
>> turning java-script on to forward articles now and then) did not
>> appear. I suspect they were blocked by OpenDNS (Yea!). I did get ads
>> in their place, but static ones. Much easier to tolerate.
>
> Java and javascript aren't the same thing. Unless you've told OpenDNS
> to block a specific URL or IP number, they won't. I'd suspect a change
> in the embedded adverts in the WSJ pages between your visits.

Yes, I know j & js are entirely separate beasts, and I had not (still have not)
told OpenDNS to block anything. The change in adverts between visits is
possible, but a wholesale change from flashing animated things to static
images is a pretty big change. Not something I would expect to happen
on a day-to-day basis.

> I normally browse using Opera, with Java, javascript, plugins, and
> images, all disabled. Saves a lot of time and annoyance!

Problem is, I sometimes wish to forward an item, and javascript (and
maybe java as well) have to be turned on to do that. Turning off
things does diminish utility to some extent, and the bother of switching
back and forth is a bother.

The sites play on that, of course, to keep you looking at what they
prefer you to see. If I were younger, perhaps I would simply be
accustomed to it from exposure while in the cradle, but I had to
learn to tolerate TV ads after age 7 and I do not do that well even
today. I don't think I am going to fare well with animated versions o
f Madison Avenue output on the monitor screen.

W>>> I don't think ping is a useful indicator of how fast your DNS server


>>> is at responding to your requests - too many other factors
>>

J>> I did use dig a bit. Using my router, and the Verizon nameservers,


>> both delivered query times of around 5 ms, give or take a ms or so,
>> with a rare exception in the 30-45 ms range. OpenDNS at its best was
>> in the 6 ms range, but query time between 45 and 60 ms was common, and
>> it took 82 or 83 ms for one site located on the Left Coast.
>

W> Any of those times would seem pretty 'instant'; 100ms is one tenth of a


> second. 5ms is one two-hundredth of a second - and I don't think I've
> ever seen a DNS lookup as fast as that; even using my ISP's DNS server
> 25ms would be unusually quick.
>

W>>> I just got a dig yahoo.com query back from OpenDNS in 31ms (which


>>> isn't too bad for a transatlantic connection during office hours).
>>> That feels instantaneous to me. Pinging yahoo.com gets a round-trip
>>> time of about 188ms - and so does pinging 66.94.234.13 thus
>>> eliminating any DNS element at all in the response of the ping.
>>
>>
>> ; <<>> DiG 9.4.1-P1 <<>> yahoo.com
>> ;; global options: printcmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65441 ;; flags: qr
>> rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
>>
>> ;; QUESTION SECTION:
>> ;yahoo.com. IN A
>>
>> ;; ANSWER SECTION:
>> yahoo.com. 204 IN A 216.109.112.135
>> yahoo.com. 204 IN A 66.94.234.13
>>
>> ;; Query time: 13 msec
>> ;; SERVER: 192.168.0.1#53(192.168.0.1) ;; WHEN: Thu Feb 21 19:56:59
>> 2008
>> ;; MSG SIZE rcvd: 59
>>
>> [jim@jb jim]$ ping 66.94.234.13
>> PING 66.94.234.13 (66.94.234.13) 56(84) bytes of data. 64 bytes from
>> 66.94.234.13: icmp_seq=1 ttl=54 time=89.7 ms 64 bytes from
>> 66.94.234.13: icmp_seq=2 ttl=53 time=89.7 ms 64 bytes from
>> 66.94.234.13: icmp_seq=3 ttl=53 time=89.5 ms
>>

J>> As you can see from the above, fiber to the home in my case does


>> deliver better speed. It probably helps that I live near MAE-East.
>

W> Show-off :))
>
W>> (Maybe when I die, I will get to live near Mae West. What think you?

>> But I would be willing to settle for Dorothy Parker.)
>
> Careful, with modern computerised bureaucracy you could end up with
> Charley Parker or a mouldy life-jacket.

Well, Charley is pleasant enough to listen to, though he does not
measure up in other respects. A fungus-laden garment just would
not be what the Dr. ordered, though.

Cheers!

jim b.

Bit Twister

unread,
Feb 22, 2008, 12:03:20 PM2/22/08
to
On Fri, 22 Feb 2008 16:08:21 GMT, Jim Beard wrote:

> Installed, but I must configure it. On first try it wanted a config
> file, and declared its absence a fatal error.

Ok, I did a
urpme privoxy

and it saved user.actions because I had added in more sites I want filtered.
I did a rm -r /etc/privoxy
so it will be a clean install and no privoxy files set.

did an
urpmi --wget privoxy --auto
service privoxy start

clicked up the browser with
Manual proxy configuration set:


HTTP Proxy: 127.0.0.1 Port: 8118
SSL Proxy: 127.0.0.1 Port: 8118

and it worked. You may want to
cp /etc/privoxy/user.action /etc/privoxy/user.action_orig
and use mine for more filtering.

######################################################################
#
# File : $Source: /cvsroot/ijbswa/current/user.action,v $
#
# $Id: user.action,v 1.7 2006/10/04 00:37:05 hal9 Exp $
#
# Purpose : User-maintained actions file, see
# http://www.privoxy.org/user-manual/actions-file.html
#
######################################################################

# This is the place to add your personal exceptions and additions to
# the general policies as defined in default.action. (Here they will be
# safe from updates to default.action.) Later defined actions always
# take precedence, so anything defined here should have the last word.

# See http://www.privoxy.org/user-manual/actions-file.html, or the
# comments in default.action, for an explanation of what an "action" is
# and what each action does.

# The examples included here either use bogus sites, or have the actual
# rules commented out (with the '#' character). Useful aliases are
# included in the top section as a convenience.

#############################################################################
# Aliases
#############################################################################
{{alias}}
#############################################################################
#
# Aliases must be defined before they are used and are local to the
# actions file that they are defined in, you can't use the ones from
# default.action, unless you repeat them here:

#
# These aliases just save typing later, and the alias names should
# be self explanatory.
#
+crunch-all-cookies = +crunch-incoming-cookies +crunch-outgoing-cookies
-crunch-all-cookies = -crunch-incoming-cookies -crunch-outgoing-cookies
allow-all-cookies = -crunch-all-cookies -session-cookies-only -filter{content-cookies}
allow-popups = -filter{all-popups} -kill-popups -filter{unsolicited-popups}
+block-as-image = +block +handle-as-image
-block-as-image = -block

# These aliases define combinations of actions that are useful for
# certain types of sites:
#
fragile = -block -crunch-all-cookies -filter -fast-redirects -hide-referer -kill-popups -prevent-compression
shop = -crunch-all-cookies allow-popups

# Your favourite blend of filters:
#
myfilters = +filter{html-annoyances} +filter{js-annoyances} +filter{all-popups}\
+filter{webbugs} +filter{banners-by-size} +filter{fun}

# Allow ads for selected useful free sites:
#
allow-ads = -block -filter{banners-by-size} -filter{banners-by-link}
#... etc. Customize to your heart's content.

## end aliases ########################################################
#######################################################################

# Begin examples: #####################################################

# Say you have accounts on some sites that you visit regularly, and you
# don't want to have to log in manually each time. So you'd like to allow
# persistent cookies for these sites. The allow-all-cookies alias defined
# above does exactly that, i.e. it disables crunching of cookies in any
# direction, and the processing of cookies to make them only temporary.
#
{ allow-all-cookies }
#.sourceforge.net
#sunsolve.sun.com
#slashdot.org
#.yahoo.com
#.msdn.microsoft.com
#.redhat.com

# Say the site where you do your homebanking needs to open popup
# windows, but you have chosen to kill popups uncoditionally by default.
# This will allow it for your-example-bank.com:
#
{ -filter{all-popups} -kill-popups }
.banking.example.com

# Some hosts and some file types you may not want to filter for
# various reasons:
#
{ -filter }


# Example of a simple "block" action. Say you've seen an ad on your
# favourite page on example.com that you want to get rid of. You have
# right-clicked the image, selected "copy image location" and pasted
# the URL below while removing the leading http://, into a { +block }
# section. Note that { +handle-as-image } need not be specified, since
# all URLs ending in .gif will be tagged as images by the general rules
# as set in default.action anyway:
#
{ +block }
.theweathernetwork.com/common/images/internalads/
/.*affiliate/
.cnn.net/cnn/.element/img/2.0/content/partners/
.cnn.com/virtual/ie/cnet/
.nytstore.com
.theweathernetwork.com/common/images/contest*
.theweathernetwork.com/common/images/feature*
.twistermc.com
worsethanfailure.com/Resources/Tizes
.zdnet.com.au/i/
poncho.ucomics.com
wt.o.nytimes.com
www.wulffmorgenthaler.com/flash/
i.a.cnn.net/cnn/images/time/
images.infoworld.com
.adinterax.com
images.gocomics.com/images/gc1/
.cc-dt.com
.andrewsmcmeel.com
.tokyofriends.com
.imagehosting.us/img
.it-observer.com/img/
calsun.canoe.ca/images/
i.a.cnn.net/cnn/.element/img/1.5/main/video/overlay/
i.cnn.net/cnn/.element/img/1.3/pipeline/keyframes/88x49/
.canoe.ca/Canoe/CanoeClassic/Images/btn*.*
.klipmart.com
.pointroll.com
.itwire.com.au/images/
.tribalfusion.com
.courttv.com/graphics/inc/
.nextag.com
.feedlounge.com
.cnn.net/cnn/cnn_adspaces/
images.businessweek.com/autos/
lxer.com/content/
.llnwd.net
.advertising.com
.google-analytics.com
.nyadmcncserve*.com/
boards.epicurious.com/templates/epicurious/images/gourmet.jpg
.600z.com
.backbeatmedia.com
news.com.com/i/ne/pg/
.egcorporate.org/phpads/
te.nytimes.com
.clicktracks.com
.tacoda.net
.adrevolver.com
theweathernetwork.com/common/flash/
.bizrate.com
.ad-logics.com
.imrworldwide.com
.comicspage.com/images/
.casalemedia.com
adimg.com.com
.interclick.com
.hitbox.com
.about.com
.dcswx.com
.eyereturn.com
.monkeyads.com
.hitslink.com
.dvlabs.com
.travelzoo.com
.dealtime.com
.midaddle.com
www.canoe.ca/EdmontonSunImages/
lemauricien.com/mauricien/pub/pub.gif
.web-merchand.com/
sc.msn.com
.devx.com
www.canoe.ca/Moneyimages/
.theahl.com
www.canoe.ca/JamHomeGraphics/
scripts.canoe.ca
media.msnbc.msn.com
msnbcmedia.msn.com
.kanoodle.com
te.businessweek.com
te.sfgate.com
.specificclick.net
209.210.181.2
.webtrendslive.com
.humanclick.com
.2o7.net
.360i.com
www.canoe.ca/NewHomeImages/ban*.*
.inet1.com
.statcounter.com
.clickability.com
shopping.msn.com
.centrport.net
.mnginteractive.com
.uclick.com
www.canoe.ca/Lifewise2Images/top-comics2.gif
.google.com/images/cleardot.gif
.konversation.com
.zedo.com
.interpolls.com
.lygo.com
.trafficfile.com
calgarysun.com/images/site/bn/
www.osviews.com/themes/osViews/images/linkbar/getpublished.gif
.maxserving.com
.adserver.com
.shopping.com
.zdmcirc.com
common.ziffdavisinternet.com
.fastclick.net
.passportimages.com
.surveymonkey.com
.checkm8.com
.eyewonder.com
/.*adimage*/*
/.*adserver/*
.247realmedia.com
robots.cnn.com
.eshop.msn.com
robots.cnnfn.com
.serving-sys.com
i.cnn.net/cnn/.element/img/1.1/misc/
i.a.cnn.net/cnn/.element/img/1.0/sect/LAW/
.ru4.com
ads2.osdn.com
.highbeam.com
.resellerratings.com
.tripadvisor.com
images.vnunet.com
.bridgetrack.com
.unicast.com
.webhitsdirect.com
.itnation.com
.dtmpub.com
.superpages.ca
.a1.yimg.com
.questionmarket.com
images.thestreet.com
events.theregister.co.uk
.egullet.com/adrotation/
.canoe.ca/CanoeHomepageImages/
imageads.canoe.ca
.scripps.com
/.*/*sponsor*/*
.nnselect.com
.dnps.com
.adbureau.net
.speedera.net
.proximi-t.com
/.*/*banner*/*
/advert*/*
.sageanalyst.net
/.*/cdxpo-top.gif
.falkag.net
.i.com.com
.targetnet.com
.thruport.com
.lfpress.com/adserver/
.tridentads.com
www.bns2.net
www.bns1.net
www.rgs2.net
www.rgs1.net
www.cms2.net
www.cms1.net
rps2.opera.com
rps1.opera.com
rgs2.opera.com
rgs1.opera.com
ins2.opera.com
ins1.opera.com
.adjuggler.com
.gatorcorporation.com
banner*.*
.xlontech.net/
www.comics.com/comics/peanuts/images/
.canoe.ca/londonimages/
.fyilondon.com/
i.a.cnn.net/cnn/LAW/images/martindale.gif
.realmedia.com
.googlesyndication.com/
.fyicalgary.com/
.fyiwinnipeg.com/
.fyiedmonton.com/
www.canoe.ca/Match_Com/
www.comics.com/images_new/
.*/ads/.*
.canoe.ca/AdsCanoe/
68.46.203.153/
logs.comics.com
.spinbox.net
i.cnn.net/cnn/LAW/images/martindale.gif
i.cnn.net/cnn/.element/img/1.0/sect/
mirror.canada.com/images/prCA39fs120x601.gif
track.
images.slashdot.org/banner/
168.143.181.42/
.infinit.com/
www.comics.com/comics/pearls/images/pearls_cafepress.gif
us.i1.yimg.com/us.yimg.com/i/promo/
adserver.
/.*/ads/.*
.canoe.ca/SunShopImages/
.ad-flow.com
sfads.osdn.com
.atdmt.com/
.mediaplex.com/
ads.
.doubleclick.net/
mirror.canada.com/barterads/
images.salon.com/src/
www.salon.com/Creatives/
.atwola.com/
130.94.70.82/~web_ani/
www.theregister.co.uk/media/
.ucomics.com/images/
www.canoe.ca/NewHomeImages/logo.gif
www.canoe.ca/NewHomeImages/ban_ad_subscribe.gif
.matchcontact.com/
toolbar.aol.com/
www.canoe.ca/TorontoSunImages/
media.exitravel.com
www.canoe.ca/AutoNet/

# The URLs of dynamically generated banners, especially from large banner
# farms, often don't use the well-known image file name extensions, which
# makes it impossible for Privoxy to guess the file type just by looking
# at the URL.
# You can use the +block-as-image alias defined above for these cases.
# Note that objects which match this rule but then turn out NOT to be an
# image are typically rendered as a "broken image" icon by the browser.
# Use cautiously.
#
{ +block-as-image }
.doubleclick.net
#/Realmedia/ads/
#ar.atwola.com/

# Now you noticed that the default configuration breaks Forbes
# Magazine, but you were too lazy to find out which action is the
# culprit, and you were again too lazy to give feedback, so you just
# used the fragile alias on the site, and -- whoa! -- it worked. The
# 'fragile' aliases disables those actions that are most likely to break
# a site. Also, good for testing purposes to see if it is Privoxy that
# is causing the problem or not.
#
{ fragile }
#.forbes.com
images.google.com
images.google.ca
www.cooking.speedera.net
gk.nytimes.com/mem/
www.nytimes.com
login.yahoo.com
us.ard.yahoo.com


# Here are some sites we wish to support, and we will allow their ads
# through.
#
{ allow-ads }
#.sourceforge.net
#.slashdot.org
#.osdn.net

# user.action is generally the best place to define exceptions and
# additions to the default policies of default.action. Some actions are
# safe to have their default policies set here though. So let's set a
# default policy to have a 'blank' image as opposed to the checkerboard
# pattern for ALL sites. '/' of course matches all URLs.
# patterns:
#
{ +set-image-blocker{blank} }
#/

## set vi:nowrap tw=72

Wes Newell

unread,
Feb 22, 2008, 12:42:19 PM2/22/08
to
On Fri, 22 Feb 2008 13:58:18 +0000, Whiskers wrote:

> I've never used a 'static' setup for my LAN so I haven't looked into the
> DNS arrangements for that.

And I've never used DHCP for mine. At least not for any length of time. It
really has nothing to do with dns. The router dns server works the same
for both static and dhcp. You can leave the router as your dns server or
you can change it to something different on any machine behind it. The
router is a dns server. It's just gets the url's ip adress from another
dns server instead of having the huge lookup file itself.

Whiskers

unread,
Feb 22, 2008, 12:34:12 PM2/22/08
to
On 2008-02-22, Jim Beard <jdb...@patriot.net> wrote:
> On Fri, 22 Feb 2008 13:58:18 +0000, Whiskers wrote:
>> On 2008-02-22, Jim Beard <jim....@verizon.net> wrote:
>>> Whiskers wrote:

[...]

>> I normally browse using Opera, with Java, javascript, plugins, and
>> images, all disabled. Saves a lot of time and annoyance!
>
> Problem is, I sometimes wish to forward an item, and javascript (and
> maybe java as well) have to be turned on to do that. Turning off
> things does diminish utility to some extent, and the bother of switching
> back and forth is a bother.

[...]

I don't know what you mean my 'forward an item' with regard to viewig a web
page. Do you mean you like to email snippets to people? If so a normal
copy/paste would work, if you don't just want to email the URL of the
page. No scripting involved, let alone Java.

Jim Beard

unread,
Feb 22, 2008, 4:19:34 PM2/22/08
to
I copied in your user.action file, looked at config
in /etc/privoxy and set the vi options, restarted
by running privoxy twice, and no problems noted so far.

Jim Beard

unread,
Feb 22, 2008, 4:22:29 PM2/22/08
to
Whiskers wrote:
> I don't know what you mean my 'forward an item' with regard to viewig a web
> page. Do you mean you like to email snippets to people? If so a normal
> copy/paste would work, if you don't just want to email the URL of the
> page. No scripting involved, let alone Java.

The WSJ has an option to send an article being read to
someone else. You click on an e-mail this item box,
and it gives you a dialog box where you enter the
destination, your email address, and any text you wish
to add, and it sends it off. javascript must be working
for this to work.

Whiskers

unread,
Feb 22, 2008, 5:20:47 PM2/22/08
to
On 2008-02-22, Jim Beard <jim....@verizon.net> wrote:
> Whiskers wrote:
>> I don't know what you mean my 'forward an item' with regard to viewig a web
>> page. Do you mean you like to email snippets to people? If so a normal
>> copy/paste would work, if you don't just want to email the URL of the
>> page. No scripting involved, let alone Java.
>
> The WSJ has an option to send an article being read to
> someone else. You click on an e-mail this item box,
> and it gives you a dialog box where you enter the
> destination, your email address, and any text you wish
> to add, and it sends it off. javascript must be working
> for this to work.
>
> jim b.

Hmmm. I hope your recipients don't mind their email addresses being put
on WSJ's little list ;))

Jim Beard

unread,
Feb 22, 2008, 9:02:45 PM2/22/08
to
Whiskers wrote:
> Hmmm. I hope your recipients don't mind their email addresses being put
> on WSJ's little list ;))

Correct. Most go to one recipient. She has yet to complain.

Cheers!

snoopy2

unread,
Mar 14, 2008, 3:36:40 PM3/14/08
to
On Feb 22, 12:08 pm, Jim Beard <jdbe...@patriot.net> wrote:

> Well, I am back toOpenDNSthis morning, and machine response


> is not as snappy as I am accustomed to, but it is tolerable.
>

Well, if you're ever in doubt, you can try switching from OpenDNS to
ifirefly, a free DNS service.
http://www.ifirefly.com

If you're slow with both, it's probably neither's fault. Your problem
is probably elsewhere.

0 new messages