DNS and hosts file

crankypuss

unread,

Mar 28, 2013, 5:07:43 AM3/28/13

to

This is probably a very naive question, I don't claim much networking
expertise... I've been busy learning some aspects of linux but others
I've left alone from simple lack of time. Isn't there a "hosts" file
that's looked at before DNS lookup?

The reason I ask is the following,
http://www.bbc.co.uk/news/technology-21954636

It got me wondering why one couldn't gather the urls from his browser
bookmarks, email addresses, and so forth... the things often used, and
look those up while the looking is good and stash the information in the
hosts file? Wouldn't that permit one to go about his business while
there is a DDOS attack such as mentioned in the article ongoing?

Richard Kettlewell

unread,

Mar 28, 2013, 5:59:21 AM3/28/13

to

crankypuss <crank...@nomail.invalid> writes:

> This is probably a very naive question, I don't claim much networking
> expertise... I've been busy learning some aspects of linux but others
> I've left alone from simple lack of time. Isn't there a "hosts" file
> that's looked at before DNS lookup?

Yes.

> The reason I ask is the following,
> http://www.bbc.co.uk/news/technology-21954636
>
> It got me wondering why one couldn't gather the urls from his browser
> bookmarks, email addresses, and so forth... the things often used, and
> look those up while the looking is good and stash the information in
> the hosts file? Wouldn't that permit one to go about his business
> while there is a DDOS attack such as mentioned in the article ongoing?

Trying to copy a DNSBL such as Spamhaus into your hosts file would not
work very well. They do offer non-DNS-based versions of their service
to large users (for a price).

--
http://www.greenend.org.uk/rjk/

Jasen Betts

unread,

Mar 28, 2013, 6:29:05 AM3/28/13

to

On 2013-03-28, crankypuss <crank...@nomail.invalid> wrote:
> This is probably a very naive question, I don't claim much networking
> expertise... I've been busy learning some aspects of linux but others
> I've left alone from simple lack of time. Isn't there a "hosts" file
> that's looked at before DNS lookup?
>
> The reason I ask is the following,
> http://www.bbc.co.uk/news/technology-21954636
>

the reporter is clueless spamhaus's DNS is not used for resolving
domain names, it's used to identify spammers (by their IP address).

just as whois can be used to retrieve "poetry" dns serves more than
just domain names.

--
⚂⚃ 100% natural

--- news://freenews.netfront.net/ - complaints: ne...@netfront.net ---

crankypuss

unread,

Mar 28, 2013, 7:42:59 AM3/28/13

to

I'm not talking about blacklists, but about using one's bookmarks
(places one connects to frequently) to set the hosts file up as a
whitelist.

Granted, it may be that google will occasionally change its ip-address,
but it isn't likely to happen often is it? Maybe I know even less about
how this stuff works than I imagine (which would be quite a trick since
I don't imagine that I know much about it, having gone to other things
back in the days when bisync was new tech).

crankypuss

unread,

Mar 28, 2013, 7:50:56 AM3/28/13

to

On 03/28/2013 04:29 AM, Jasen Betts wrote:
> On 2013-03-28, crankypuss <crank...@nomail.invalid> wrote:
>> This is probably a very naive question, I don't claim much networking
>> expertise... I've been busy learning some aspects of linux but others
>> I've left alone from simple lack of time. Isn't there a "hosts" file
>> that's looked at before DNS lookup?
>>
>> The reason I ask is the following,
>> http://www.bbc.co.uk/news/technology-21954636
>>
>
> the reporter is clueless

Most are, right?

> spamhaus's DNS is not used for resolving
> domain names, it's used to identify spammers (by their IP address).

Understood.

> just as whois can be used to retrieve "poetry" dns serves more than
> just domain names.

Given that the reporter is clueless, and given that spamhaus maintains a
blacklist, what about this DDOS attack? Is that something real or a
misrepresentation generated by cluelessness?

The reason that I momentarily give DNS blockage some credence stems from
recently staring at a lot of "looking up blahblah" messages that should
be flipping past so quickly as to be invisible. It could very well be a
transient ISP issue but the timing of the referenced article along with
the numerous other articles one sees frequently makes it somewhat
believable. <shrug>

John Hasler

unread,

Mar 28, 2013, 8:14:37 AM3/28/13

to

crankypuss writes:
> The reason that I momentarily give DNS blockage some credence stems
> from recently staring at a lot of "looking up blahblah" messages that
> should be flipping past so quickly as to be invisible.

Install a caching-only nameserver.
--
John Hasler
jha...@newsguy.com
Dancing Horse Hill
Elmwood, WI USA

Richard Kettlewell

unread,

Mar 28, 2013, 10:03:23 AM3/28/13

to

crankypuss <crank...@nomail.invalid> writes:
> On 03/28/2013 03:59 AM, Richard Kettlewell wrote:
>> crankypuss <crank...@nomail.invalid> writes:

>>> This is probably a very naive question, I don't claim much networking
>>> expertise... I've been busy learning some aspects of linux but others
>>> I've left alone from simple lack of time. Isn't there a "hosts" file
>>> that's looked at before DNS lookup?
>>
>> Yes.
>>
>>> The reason I ask is the following,
>>> http://www.bbc.co.uk/news/technology-21954636
>>>
>>> It got me wondering why one couldn't gather the urls from his browser
>>> bookmarks, email addresses, and so forth... the things often used, and
>>> look those up while the looking is good and stash the information in
>>> the hosts file? Wouldn't that permit one to go about his business
>>> while there is a DDOS attack such as mentioned in the article ongoing?
>>
>> Trying to copy a DNSBL such as Spamhaus into your hosts file would not
>> work very well. They do offer non-DNS-based versions of their service
>> to large users (for a price).
>
> I'm not talking about blacklists, but about using one's bookmarks
> (places one connects to frequently) to set the hosts file up as a
> whitelist.

The connection between “a DDOS attack such as mentioned in the article”
and DNS is that it’s an attack on a DNSBL. Perhaps it would help if you
stated your threat model explicitly rather than by analogy to something
that isn’t very directly relevant?

--
http://www.greenend.org.uk/rjk/

J G Miller

unread,

Mar 28, 2013, 11:10:08 AM3/28/13

to

On Thursday, March 28th, 2013, at 05:42:59h -0600, Cranky Puss claimed:

> Granted, it may be that google will occasionally change its ip-address,

The IP address of www.google.com changes all the time, within a certain
range.

Trying ping www.google.com and look at the IP address.

Wait a few seconds and try it again. The IP address will probably be different.

ping www.google.com
PING www.google.com (173.194.35.51) 56(84) bytes of data.
64 bytes from mil01s17-in-f19.1e100.net (173.194.35.51): icmp_req=1 ttl=54 time=53.1 ms
64 bytes from mil01s17-in-f19.1e100.net (173.194.35.51): icmp_req=2 ttl=54 time=136 ms
^C
--- www.google.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 53.153/94.888/136.624/41.736 ms

ping www.google.com
PING www.google.com (173.194.35.50) 56(84) bytes of data.
64 bytes from mil01s17-in-f18.1e100.net (173.194.35.50): icmp_req=1 ttl=54 time=28.5 ms
64 bytes from mil01s17-in-f18.1e100.net (173.194.35.50): icmp_req=2 ttl=54 time=27.1 ms
64 bytes from mil01s17-in-f18.1e100.net (173.194.35.50): icmp_req=3 ttl=54 time=152 ms
64 bytes from mil01s17-in-f18.1e100.net (173.194.35.50): icmp_req=4 ttl=54 time=120 ms
^C
--- www.google.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3002ms
rtt min/avg/max/mdev = 27.182/82.158/152.103/55.401 ms

Furthermore whether or not a hosts file is consulted depends on
the system configuration and most often the setting in /etc/nsswitch.conf

Also if nscd is running, then records may be cached locally by the daemon
for speedy lookup by those programs using libc name lookup.

From the manual page

QUOTE

Nscd caches libc-issued requests to the Name Service.

If retrieving NSS data is fairly expensive, nscd is able to
speed up consecutive access to the same data dramatically and
increase overall system performance. Nscd should be run at
boot time by /etc/init.d/nscd.

UNQUOTE

However there has been an ongoing recommendation not to use
nscd to cache host records.

Richard Kettlewell

unread,

Mar 28, 2013, 11:20:15 AM3/28/13

to

J G Miller <mil...@yoyo.ORG> writes:
> On Thursday, March 28th, 2013, at 05:42:59h -0600, Cranky Puss claimed:

>> Granted, it may be that google will occasionally change its ip-address,
>
> The IP address of www.google.com changes all the time, within a certain
> range.
>
> Trying ping www.google.com and look at the IP address.
>
> Wait a few seconds and try it again. The IP address will probably be
> different.
>
> ping www.google.com
> PING www.google.com (173.194.35.51) 56(84) bytes of data.

[...]

> PING www.google.com (173.194.35.50) 56(84) bytes of data.

That’s just DNS round-robin behaviour, not evidence for Google changing
their DNS frequently. If you use ping as a DNS lookup tool you are not
getting the full story.

--
http://www.greenend.org.uk/rjk/

Aragorn

unread,

Mar 28, 2013, 11:22:14 AM3/28/13

to

On Thursday 28 March 2013 16:10, J G Miller conveyed the following to
alt.os.linux...

> The IP address of www.google.com changes all the time, within a
> certain range.
>
> Trying ping www.google.com and look at the IP address.
>
> Wait a few seconds and try it again. The IP address will probably be
> different.

That's called a "round robin".

http://en.wikipedia.org/wiki/Round-robin_DNS

Back when I was still running an IRC network together with some other
people, we used that too for the main subdomain - i.e. the archetypical
"irc.domainname.tld" subdomain. The users' connections would then be
distributed across all the individual servers in the network, which had
subdomain names such as "servername.domain.tld".

--
= Aragorn =

http://www.linuxcounter.net - registrant #223157

J G Miller

unread,

Mar 28, 2013, 2:12:42 PM3/28/13

to

On Thursday, March 28th, 2013, at 15:20:15h +0000,
Richard Kettlewell illuminated:

> That’s just DNS round-robin behaviour,

Yes of course.

> not evidence for Google changing their DNS frequently.

Of course not -- I was not suggesting that they changed their
DNS frequently but was addressing the point that the IP address
of www.google.com does change.

> If you use ping as a DNS lookup tool you are not
> getting the full story.

Nobody was suggesting that one should, but was merely providing
an example to demonstrate that the IP address of www.google.com
is not a single IP address.

John Hasler

unread,

Mar 28, 2013, 2:41:38 PM3/28/13

to

J G Miller writes:
> Of course not -- I was not suggesting that they changed their DNS
> frequently but was addressing the point that the IP address of
> www.google.com does change.

The IP returned by DNS when you look up www.google.com changes.
Google's IPs do not.

Jasen Betts

unread,

Mar 28, 2013, 3:52:26 PM3/28/13

to

On 2013-03-28, J G Miller <mil...@yoyo.ORG> wrote:
> On Thursday, March 28th, 2013, at 05:42:59h -0600, Cranky Puss claimed:
>
>> Granted, it may be that google will occasionally change its ip-address,
>
> The IP address of www.google.com changes all the time, within a certain
> range.
>
> Trying ping www.google.com and look at the IP address.

ping is a very naiive way to query the address of a host.

> Wait a few seconds and try it again. The IP address will probably be different.

there's often no need to wait to see that effect.

useing a DNS query tool like host or dig against a real DNS server not
against your router

host google.com 8.8.8.8

Using domain server:
Name: 8.8.8.8
Address: 8.8.8.8#53
Aliases:

google.com has address 74.125.237.9
google.com has address 74.125.237.14
google.com has address 74.125.237.7
google.com has address 74.125.237.3
google.com has address 74.125.237.0
google.com has address 74.125.237.2
google.com has address 74.125.237.1
google.com has address 74.125.237.8
google.com has address 74.125.237.5
google.com has address 74.125.237.6
google.com has address 74.125.237.4
google.com has IPv6 address 2404:6800:4006:800::1004
google.com mail is handled by 10 aspmx.l.google.com.
google.com mail is handled by 50 alt4.aspmx.l.google.com.
google.com mail is handled by 40 alt3.aspmx.l.google.com.
google.com mail is handled by 30 alt2.aspmx.l.google.com.
google.com mail is handled by 20 alt1.aspmx.l.google.com.

but google seems to to do load leveling by manipulating its
DNS responses. so these results tend to change every minute too

--
⚂⚃ 100% natural

crankypuss

unread,

Mar 28, 2013, 4:08:15 PM3/28/13

to

On 03/28/2013 06:14 AM, John Hasler wrote:
> crankypuss writes:
>> The reason that I momentarily give DNS blockage some credence stems
>> from recently staring at a lot of "looking up blahblah" messages that
>> should be flipping past so quickly as to be invisible.
>
> Install a caching-only nameserver.
>

Sounds like more than I have time to even look up at the moment, but thanks.

unruh

unread,

Mar 28, 2013, 7:06:00 PM3/28/13

to

On 2013-03-28, crankypuss <crank...@nomail.invalid> wrote:

> This is probably a very naive question, I don't claim much networking
> expertise... I've been busy learning some aspects of linux but others
> I've left alone from simple lack of time. Isn't there a "hosts" file
> that's looked at before DNS lookup?

It depends. Under Linux, there is a file /etc/nswitch.conf which amongst
other things tells your system what order to try to find IP addresses
for names.
eg
hosts: files nis dns

Says to first look in /etc/hosts (files) then to try asking the local
system for an NIS lookup ( which is sort of like /etc/hosts for a local
network) and finally to use /etc/resolv.conf to go out and ask some dns
server listed there for the IP address.

>
> The reason I ask is the following,
> http://www.bbc.co.uk/news/technology-21954636
>
> It got me wondering why one couldn't gather the urls from his browser
> bookmarks, email addresses, and so forth... the things often used, and
> look those up while the looking is good and stash the information in the
> hosts file?

Sure. Most people just do not want too big a /etc/hosts file, but you
can put all your favourite locations into there.

>Wouldn't that permit one to go about his business while
> there is a DDOS attack such as mentioned in the article ongoing?

Probably.
Of course if you are web browing those web pages will often have a
huger bunch of host names that need to be resolved.

unruh

unread,

Mar 28, 2013, 7:10:13 PM3/28/13

to

On 2013-03-28, J G Miller <mil...@yoyo.ORG> wrote:

> On Thursday, March 28th, 2013, at 05:42:59h -0600, Cranky Puss claimed:
>
>> Granted, it may be that google will occasionally change its ip-address,
>
> The IP address of www.google.com changes all the time, within a certain
> range.
>
> Trying ping www.google.com and look at the IP address.
>
> Wait a few seconds and try it again. The IP address will probably be different.

They have a round robin answering their dns so that one machine does not
get totally swamped. Imagine that at any time there are 10 million
machines making connections with Google's machines. No one machine could
handle that.
That does not mean that if you put in one of those into your /etc/hosts
it would not work. If a million people did it, it would probably crash
the machine, but if one does it, google probably would not notice.

unruh

unread,

Mar 28, 2013, 7:11:51 PM3/28/13

to

On 2013-03-28, J G Miller <mil...@yoyo.ORG> wrote:

> On Thursday, March 28th, 2013, at 15:20:15h +0000,
> Richard Kettlewell illuminated:
>

>> That???s just DNS round-robin behaviour,

>
> Yes of course.
>
>> not evidence for Google changing their DNS frequently.
>
> Of course not -- I was not suggesting that they changed their
> DNS frequently but was addressing the point that the IP address
> of www.google.com does change.
>
>> If you use ping as a DNS lookup tool you are not
>> getting the full story.
>
> Nobody was suggesting that one should, but was merely providing
> an example to demonstrate that the IP address of www.google.com
> is not a single IP address.

However what it does not show is that, if I placed one of those into my
hosts file for www.google.com, that would not work. Ie, any one of those
addresses IS google, and each will keep working for a long time.

>
>

crankypuss

unread,

Mar 29, 2013, 8:22:52 AM3/29/13

to

On 03/28/2013 05:06 PM, unruh wrote:
> On 2013-03-28, crankypuss <crank...@nomail.invalid> wrote:
>> This is probably a very naive question, I don't claim much networking
>> expertise... I've been busy learning some aspects of linux but others
>> I've left alone from simple lack of time. Isn't there a "hosts" file
>> that's looked at before DNS lookup?
>
> It depends. Under Linux, there is a file /etc/nswitch.conf which amongst
> other things tells your system what order to try to find IP addresses
> for names.
> eg
> hosts: files nis dns
>
> Says to first look in /etc/hosts (files) then to try asking the local
> system for an NIS lookup ( which is sort of like /etc/hosts for a local
> network) and finally to use /etc/resolv.conf to go out and ask some dns
> server listed there for the IP address.

Thanks, filed for reference.

>>
>> The reason I ask is the following,
>> http://www.bbc.co.uk/news/technology-21954636
>>
>> It got me wondering why one couldn't gather the urls from his browser
>> bookmarks, email addresses, and so forth... the things often used, and
>> look those up while the looking is good and stash the information in the
>> hosts file?
>
> Sure. Most people just do not want too big a /etc/hosts file, but you
> can put all your favourite locations into there.
>
>
>> Wouldn't that permit one to go about his business while
>> there is a DDOS attack such as mentioned in the article ongoing?
>
> Probably.
> Of course if you are web browing those web pages will often have a
> huger bunch of host names that need to be resolved.
>

Seems that if one chose to get somewhat fancy about it, he could
implement his own blacklist for ad sites and suchlike?

Bit Twister

unread,

Mar 29, 2013, 8:33:09 AM3/29/13

to

On Fri, 29 Mar 2013 06:22:52 -0600, crankypuss wrote:

> Seems that if one chose to get somewhat fancy about it, he could
> implement his own blacklist for ad sites and suchlike?

Yes. I use privoxy for suchlike. Much nicer to be able to use wild
cards expressions. Reasonable starter list can be found here

For a write up on privoxy, http://www.privoxy.org/

Also comes in handy for blacklisting your router which prevents
infected web sites from accessing your router.

unruh

unread,

Mar 29, 2013, 11:16:43 AM3/29/13

to

Yes. The suggestion that you put particularly annoying sites into
/etc/hosts with an address of 127.0.0.1 for example has long been out
there. (That will try to contact your own local machine which of course
will not respond).

crankypuss

unread,

Mar 29, 2013, 1:28:13 PM3/29/13

to

On 03/29/2013 06:33 AM, Bit Twister wrote:
>> Seems that if one chose to get somewhat fancy about it, he could
>> >implement his own blacklist for ad sites and suchlike?
> Yes. I use privoxy for suchlike. Much nicer to be able to use wild
> cards expressions. Reasonable starter list can be found here
>
> For a write up on privoxy,http://www.privoxy.org/

Thanks.

unread,

Mar 29, 2013, 7:56:07 PM3/29/13

to

You can't force an ip-not-found response, for a valid host name.

Using /etc/hosts, or any other method to alter the ip address, still
has to return an ip address. The browser will then try and contact
that ip address. If you don't have anything responding, the browser
will have to wait for the timeout, before it generates a not found
message.

I am using named, for adblocking, redirecting various hosts to 127.0.0.1.
In my apache access_log, I have messages such as ...
127.0.0.1 - - [29/Mar/2013:17:48:52 -0400] "GET /r/161990784776/u/49/f/648022/c/35028/s/2a240223/a2.img HTTP/1.1" 404 1002 "-" "Opera/9.80 (X11; Linux x86_64) Presto/2.12.388 Version/12.14"

I don't know which of the 2500+ host names in my adblock.conf file the
browser was trying to access, but by allowing apache to respond with the
404 status code, is much faster than waiting for the browser to timeout
the get request.

crankypuss

unread,

Mar 29, 2013, 8:04:32 PM3/29/13

to

On 03/29/2013 05:56 PM, David W. Hodgins wrote:
> On Fri, 29 Mar 2013 19:13:00 -0400, crankypuss
> <crank...@nomail.invalid> wrote:
>
>> On 03/29/2013 12:59 PM, David W. Hodgins wrote:
>>> On Fri, 29 Mar 2013 13:36:08 -0400, crankypuss
>>> <crank...@nomail.invalid> wrote:
>>>
>>>> Actually it will respond, since I've a local webserver set up to handle
>>>
>>> You want it to respond. That way the web browser gets an immediate
>>> not found response, instead of having to wait for a response timeout.
>>>
>>> Regards, Dave Hodgins
>>>
>>
>> I would prefer an immediate ip-not-found response over a page-not-found
>> response generated at the cost of extra cycles it takes for my apache
>> server to build the pretty one, thank you.
>
> You can't force an ip-not-found response, for a valid host name.

What, has Microsoft sneaked in and made the source code proprietary
overnight and this is the first I'm hearing of it? Sorry to be doubtful
but the words "you can't" are simply a challenge to be dealt with when
convenient. In point of fact the mechanism for determining what is, and
is not, a valid host name has an end node on the client system and thus
you *can* do it, whether straight out of the box or otherwise.

David W. Hodgins

unread,

Mar 29, 2013, 8:35:21 PM3/29/13

to

I'll rephrase. There is no way to do it using existing standard tools. :-)

Moe Trin

unread,

Mar 29, 2013, 9:43:56 PM3/29/13

to

On Fri, 29 Mar 2013, in the Usenet newsgroup alt.os.linux, in article
<op.wuqg87n...@hodgins.homeip.net>, David W. Hodgins wrote:

>crankypuss <crank...@nomail.invalid> wrote:

>> David W. Hodgins wrote:

>>> crankypuss <crank...@nomail.invalid> wrote:

>>>> I would prefer an immediate ip-not-found response over a
>>>> page-not-found response generated at the cost of extra cycles it
>>>> takes for my apache server to build the pretty one, thank you.

You're going to be spinning a lot of wheels doing the "ip-not-found"
response as well - pay your money, take your pick.

>>> You can't force an ip-not-found response, for a valid host name.

Running your own name server? Sure you can. It's just going to be
messy, inefficient and relatively complicated.

>> Sorry to be doubtful but the words "you can't" are simply a
>> challenge to be dealt with when convenient. In point of fact the
>> mechanism for determining what is, and is not, a valid host name
>> has an end node on the client system and thus you *can* do it,
>> whether straight out of the box or otherwise.

-rw-rw-r-- 1 gferg ldp 91563 Dec 23 2001 DNS-HOWTO

At your favorite LDP mirror - you're missing a bit in the concepts.

>I'll rephrase. There is no way to do it using existing standard
>tools. :-)

2308 Negative Caching of DNS Queries (DNS NCACHE). M. Andrews. March
1998. (Format: TXT=41428 bytes) (Updates RFC1034, RFC1035)
(Updated by RFC4035, RFC4033, RFC4034, RFC6604) (Status:
PROPOSED STANDARD)

Ought to be "interesting" (in the sense of the ancient Chinese...
blessing) to implement. Briefly, you have to have all of the "bad
guy" hostnames cached. Now a better way to implement things might
be to use the concept of mapping those hostnames to a "black hole"
address on your LAN. It will be slow if the address is one of your
LAN addresses (ARP timeouts), but you could also use a non-routable
address (see RFC5735) like 192.0.2.0/24 which is "TEST-NET-1", and
then put a firewall rule that returns an ICMP Type 3 Code 0 or Code 1
("you can't get there from here") for any traffic for that address
range and hope that the bad guys don't use IP addresses rather than
hostnames in their URLs.

Sounds like a great way to waste CPU cycles.

Old guy

Jasen Betts

unread,

Mar 30, 2013, 6:53:39 AM3/30/13

to

On 2013-03-29, David W. Hodgins <dwho...@nomail.afraid.org> wrote:
> On Fri, 29 Mar 2013 13:36:08 -0400, crankypuss <crank...@nomail.invalid> wrote:
>
>> Actually it will respond, since I've a local webserver set up to handle
>
> You want it to respond. That way the web browser gets an immediate
> not found response, instead of having to wait for a response timeout.

You dshouldn't ever get a timeout on localhost unless you have firewalled
youuself with a "drop" rule. if there is no erver running you'll get
"connection refused" aka ECONNREFUSED) which is pretty-much immediate.

--
⚂⚃ 100% natural

--- news://freenews.netfront.net/ - complaints: ne...@netfront.net ---

Jasen Betts

unread,

Mar 30, 2013, 6:57:49 AM3/30/13

to

On 2013-03-29, crankypuss <crank...@nomail.invalid> wrote:

loopback is a class A network. 127.0.0.1/8

surely you aren't running web servers on all 16 million IPV4 addresses
available there. pick a spare one.

Richard Kettlewell

unread,

unread,

Mar 31, 2013, 4:59:25 AM3/31/13

to

The point is not having to set up the rules in a number of different
browsers on one or more machines. I used to blacklist on the router
to block ads, etc, from any machine on my home LAN, but, as has been
pointed out, the problem is that it slows things down. If a quick
response method could be found that would work on a router, that would
be good.

On Sat, 30 Mar 2013 12:01:52 +0000, Richard Kettlewell
<r...@greenend.org.uk> wrote:
>
> You can easily do this with BIND too. I don�t really see the point
> though; all you�re doing is messing about with the exact failure
> mechanism and you can get browser plugins to block specific things
> without going anywhere near name resolution anyway.
--

=========================================================
Please always reply to ng as the email in this post's
header does not exist. Or use a contact address at:
http://www.macfh.co.uk/JavaJive/JavaJive.html
http://www.macfh.co.uk/Macfarlane/Macfarlane.html

Richard Kettlewell

unread,

Mar 31, 2013, 8:49:23 AM3/31/13

to

Java Jive <ja...@evij.com.invalid> writes:
> Richard Kettlewell <r...@greenend.org.uk>

>> You can easily do this with BIND too. I don’t really see the point
>> though; all you’re doing is messing about with the exact failure
>> mechanism and you can get browser plugins to block specific things
>> without going anywhere near name resolution anyway.
>

> The point is not having to set up the rules in a number of different
> browsers on one or more machines. I used to blacklist on the router
> to block ads, etc, from any machine on my home LAN, but, as has been
> pointed out, the problem is that it slows things down. If a quick
> response method could be found that would work on a router, that would
> be good.

Telling the router to send a suitable ICMP message rather than just
dropping prohibited packets should produce acceptably quick results.
The router only has access to IP addresses, though, which has some
unwelcome implications.

Another approach (as it happens, the one I use) would be to run a web
proxy such as Squid, and build the policy into that.

--
http://www.greenend.org.uk/rjk/

John Hasler

unread,

Mar 31, 2013, 8:59:01 AM3/31/13

to

Richard Kettlewell writes:
> Another approach (as it happens, the one I use) would be to run a web
> proxy such as Squid, and build the policy into that.

I use Privoxy. The Debian package works fine for ad-blocking with no
additional confiuration at all.
--
John Hasler
jha...@newsguy.com
Dancing Horse Hill
Elmwood, WI USA

J G Miller

unread,

Mar 31, 2013, 12:54:35 PM3/31/13

to

On Sunday, March 31st, 2013, at 09:59:25h +0100, Java Jive wondered:

> If a quick response method could be found that would work
> on a router, that would be good.

Buy a Cisco router (selected small office models are available)
and pay them a regular fee for Cisco Protect Link

<http://www.cisco.COM/cisco/web/solutions/small_business/products/security/protectlink/index.html>

In fact for routers which can run openWRT, it should be possible to
install your own equivalent blocking software on the router
eg PeerGuardian which creates iptables rules.

Java Jive

unread,

Mar 31, 2013, 3:32:45 PM3/31/13

to

On Sun, 31 Mar 2013 16:54:35 +0000 (UTC), J G Miller <mil...@yoyo.ORG>
wrote:

> On Sunday, March 31st, 2013, at 09:59:25h +0100, Java Jive wondered:
>
> > If a quick response method could be found that would work
> > on a router, that would be good.
>
> Buy a Cisco router (selected small office models are available)
> and pay them a regular fee for Cisco Protect Link
>
> <http://www.cisco.COM/cisco/web/solutions/small_business/products/security/protectlink/index.html>

I already have two - a WRT320N and a WAG320N. The latter is the
main router for the house.

> In fact for routers which can run openWRT, it should be possible to
> install your own equivalent blocking software on the router
> eg PeerGuardian which creates iptables rules.

Open-WRT doesn't really support the WRT320N, haven't checked the
WAG320N, hence I've been using DD-WRT.

I've had this working well in the past, but now that I've got the
WAG320N, and what with the broadband coming in the wrong end of this
newly acquired house (it actually comes in at the right end but
travels down the length of it to get to the OpenReach socket at the
wrong end), I thought I'd try and upgrade to a more recent version to
see if I could get the WRT320N to act as a client bridge or repeater
bridge for this end of the house, but I bricked it.

I put the wrong DD-WRT image on it :-( they have a plethora of them,
and the page telling you not to put the wrong one on a WRT320N was so
ambiguous particularly in the download pages linked, that I
nevertheless managed to do it )-: I have a serial lead, so will have
a look at as soon as I can, and it certainly should be possible to
retrieve it, but I've strung a long ethernet cable down the house for
now, because I've got other more important problems to solve, like
getting the washing machine working - had a third attempt at that
today, but it's still soiling the washing :=((

J G Miller

unread,

Apr 1, 2013, 8:25:51 AM4/1/13

to

On Sunday, March 31st, 2013, at 20:32:45h +0100, Java Jive explained:

> (it actually comes in at the right end but travels down the length of
> it to get to the OpenReach socket at the wrong end),

You could always pay British Telekom an inordinate sum of money
to have the socket moved to the right end of the house ;)

Remember they need people to pay for the use of their OpenReach
service nto help with the bottom line, so think of it as your
valuable contribution to the welfare of the BT directors and stockholders.

> I put the wrong DD-WRT image on it :-(

So presumably it will not boot at all.

> I have a serial lead, so will have a look at as soon as I can

Before trying anything, have a very careful read of

<http://www.dd-wrt.com/wiki/index.php/Recover_from_a_Bad_Flash>

If there is still some activity on the router, it maybe possible
to get it into an upgrade state to do a TFTP flash of the official
firmware followed by DD-WRT from

<http://www.dd-wrt.COM/site/support/router-database>

where you enter WRT320N into the router databse text field entry field
and get

Router details

Additional information
Chipset BCM4717A

DD-WRT Wiki: Linksys WRT320N v1.0
DD-WRT Forum: New Dual Band (WRT320N)

RAM 32 MB
FLASH 8 MB

and the available images for that model.

> had a third attempt at that today, but it's still soiling the washing :=((

Uhoh, a washing machine is supposed to clean not dirty the laundry.

Time to phone for the Maytag man?

You do not have a dead mouse in the machine perchance?

Java Jive

unread,

Apr 1, 2013, 2:24:31 PM4/1/13

to

On Mon, 1 Apr 2013 12:25:51 +0000 (UTC), J G Miller <mil...@yoyo.ORG>
wrote:

> On Sunday, March 31st, 2013, at 20:32:45h +0100, Java Jive explained:
>
> > (it actually comes in at the right end but travels down the length of
> > it to get to the OpenReach socket at the wrong end),
>
> You could always pay British Telekom an inordinate sum of money
> to have the socket moved to the right end of the house ;)

Or, ahem, just do it myself!

> > I put the wrong DD-WRT image on it :-(
>
> So presumably it will not boot at all.

It doesn't get as far as a telnet or a web interface.

> > I have a serial lead, so will have a look at as soon as I can
>
> Before trying anything, have a very careful read of
>
> <http://www.dd-wrt.com/wiki/index.php/Recover_from_a_Bad_Flash>
>
> If there is still some activity on the router, it maybe possible
> to get it into an upgrade state to do a TFTP flash of the official
> firmware followed by DD-WRT from

Yes, I've had a look at that, but I can't get a ping response from the
router as it boots.

> <http://www.dd-wrt.COM/site/support/router-database>
>
> where you enter WRT320N into the router databse text field entry field

Yes, seen all that, thanks. That's how I got to be where I am. Those
images are old ones that don't support functionality that I require.

> > had a third attempt at that today, but it's still soiling the washing :=((
>

> You do not have a dead mouse in the machine perchance?

Don't think so, see uk.d-i-y of a week or two back, thread entitled:
"New House Problem #2: Indesit WIB111 Wash Machine - gunge in wash"

J G Miller

unread,

Apr 1, 2013, 3:51:18 PM4/1/13

to

On Monday, April 1st, 2013, at 19:24:31h +0100, Java Jive wrote:

> Or, ahem, just do it myself!

I may well be deluded on this matter, but I was under the impression
that unauthorized repositioning of the master socket was a crime
as serious as that of arson in the Chatham Dockyard, because the
socket its-self and the cable up to it, are the property of
British Telekom.

According to some sources, people who have moved it themselves
have subsequently been charged GBP 140 by British Telekom for
tampering with the equipment.

> Yes, I've had a look at that, but I can't get a ping response from the
> router as it boots.

If you cannot get it into load new firmware mode, then you will
probably have to look at the JTAG recovery route.

> Those images are old ones that don't support functionality that I require.

But if I understand correctly, those are the only valid DD-WRT images for
flashing the WRT320N, so if you try something else you end up in the situation
you are in with a non-functional router.

> Don't think so, see uk.d-i-y of a week or two back, thread entitled:
> "New House Problem #2: Indesit WIB111 Wash Machine - gunge in wash"

If the machine is out of warranty, that the gunge may be due years of
accumulated muck becoming slightly dislodged in the movement of the machine.

So as a first step I suggest buying a washing machine cleaning kit
(just a mixture of some detergent powder and decalcify probably)
on a standard program and see if that cures the problem.

Something *like* this

<http://www.ebay.co.uk/itm/WASHING-MACHINE-SUPER-CLEAN-KIT-Part-No-902979058-2-/200645472586>

but at a realistic price, possibly available from your local hardware
store or discount chain store at no more than GBP 2,00 or GBP 3,00

But maybe you only do your shopping at Fortnum & Mason and Liberty? ;)
(Harrods having gone too down market with οἱ πολλοί.)

Java Jive

unread,

Apr 5, 2013, 7:07:48 AM4/5/13

to

On Mon, 1 Apr 2013 19:51:18 +0000 (UTC), J G Miller <mil...@yoyo.ORG>
wrote:
>

> If you cannot get it into load new firmware mode, then you will
> probably have to look at the JTAG recovery route.

I've got it going now, by using a serial cable.

> > Those images are old ones that don't support functionality that I require.
>
> But if I understand correctly, those are the only valid DD-WRT images for
> flashing the WRT320N, so if you try something else you end up in the situation
> you are in with a non-functional router.

No, that wiki is out-of-date. There are more recent images which are
supposed to support Client-Bridge and Repeater-Bridge modes better,
These are mentioned in 'The Peacock Thread' in the Broadcom forum, and
I used one of those.

However, although the router is now functioning again, I still haven't
got either mode to work.

> > Don't think so, see uk.d-i-y of a week or two back, thread entitled:
> > "New House Problem #2: Indesit WIB111 Wash Machine - gunge in wash"

...

> Something *like* this
>
> <http://www.ebay.co.uk/itm/WASHING-MACHINE-SUPER-CLEAN-KIT-Part-No-902979058-2-/200645472586>
>
> but at a realistic price, possibly available from your local hardware
> store or discount chain store at no more than GBP 2,00 or GBP 3,00
>
> But maybe you only do your shopping at Fortnum & Mason and Liberty? ;)

> (Harrods having gone too down market with ?? ??????.)

Obviously not, but being sufficiently desperate, I did try that exact
kit, but bought locally. However, gunge is still being produced by
the machine. Grrrr!

Incidentally, to anyone using that kit: dissolve the second-stage
degreaser in warm water, and then pour it into the soap dispenser. If
you just pour the granules into the soap dispenser, particularly if
your machine is cold fill, you may be left with a rock hard deposit in
the soap-dispenser which - if it can be lifted out as a lump -
fortunately will dissolve in warm water, given enough time.

J G Miller

unread,

Apr 5, 2013, 11:21:20 AM4/5/13

to

On Friday, April 5th, 2013, at 12:07:48h +0100, Java Jive explained:

> I've got it going now, by using a serial cable.

Glad to hear that good old serial saved the day ;)

> However, although the router is now functioning again, I still haven't
> got either mode to work.

Well I was only going on what the official page was saying, and did
not search the forums. I would suggest that you should post a message
on the forum asking for help with the aspects of these alternative
firmwares which are not providing the features which are claimed.

> Obviously not, but being sufficiently desperate, I did try that exact
> kit, but bought locally. However, gunge is still being produced by
> the machine. Grrrr!

<speculative mode>

But is it in smaller quantities? Is it gunge or is it traces of oil?
If oil, then your problem is probably much more serious than needing
to clean out the tubes. If it is just gunge, then maybe your machine
needs several cleanings with the washing soda because you are in a hard
water area. In the past have you ever used calgon (tm) or just as good
cheaper equivalents with your wash? If not, then the current results
may be because of that omission in the past.

And of course, you have cleaned the lint filter recently?

</speculative mode>

Java Jive

unread,

Apr 5, 2013, 3:21:43 PM4/5/13

to

On Fri, 5 Apr 2013 15:21:20 +0000 (UTC), J G Miller <mil...@yoyo.ORG>
wrote:
>

> Well I was only going on what the official page was saying, and did
> not search the forums. I would suggest that you should post a message
> on the forum asking for help with the aspects of these alternative
> firmwares which are not providing the features which are claimed.

I dare say I'll either sort it out or use a cable along the house
instead.

> > Obviously not, but being sufficiently desperate, I did try that exact
> > kit, but bought locally. However, gunge is still being produced by
> > the machine. Grrrr!
>
> <speculative mode>

If, you really want to help, I think you'd do better to read the
original thread than speculate.

> But is it in smaller quantities?

Not obviously.

> Is it gunge or is it traces of oil?

Gunge.

> If oil, then your problem is probably much more serious than needing
> to clean out the tubes.

No. I don't believe there is much wrong with the machine apart from
this problem.

> If it is just gunge, then maybe your machine
> needs several cleanings with the washing soda because you are in a hard
> water area.

No, I'm in a soft, peaty water area.

> In the past have you ever used calgon (tm) or just as good
> cheaper equivalents with your wash? If not, then the current results
> may be because of that omission in the past.

The machine came with the new house. I have no idea how it was used
in the past, but there is some incidental evidence that the previous
owners have tried to tackle this problem as well.

> And of course, you have cleaned the lint filter recently?

Yes, as in the original thread, I've checked all the obvious things.

> </speculative mode>

My own theory is that the gunge is caked on the inside of the tank
and/or the outside of the drum. When I first poked a cloth as far as
I could between the two, and turned the drum with one hand while
clinging on to the free end of the cloth with another, it came out
covered in it. However, having done this a few times, the bits that I
can reach like that must obviously now be cleaner, because the cloths
come out less dirty.

I've done no end of very hot washes of just a few white cleaning
cloths, and mostly they come out with bits of gunge on them that look
a little like dead skin, suggesting that they have peeled off from
somewhere. I've tried many different detergents, small amounts of
bleach, etc, and now the bespoke cleaning kit, and nothing has made a
substantial difference in the long term.

There may be a couple of washes in a row where there is less,
nevertheless, when I put something more substantial in to wash, it
still comes out flecked with gunge. I tried some bath mats last
night, and just picked it off, but I really don't want this stuff on
things like white clothing, or sheets and pillowcases, etc.

It may actually be something to do with the high peat content of the
water, because similar bits of gunge occasionally come out of the hot
tap. However, the water itself has nothing obvious in it, water from
the cold taps is fine, and it is clear, not brown as I remember from
holidays to similar areas when I was little.

J G Miller

unread,

Apr 5, 2013, 4:27:23 PM4/5/13

to

On Friday, April 5th, 2013, at 20:21:43h +0100, Java Jive wrote:

> If, you really want to help, I think you'd do better to read the
> original thread than speculate.

Delving into uk.diy is not something which is in anyway appealing.

> Not obviously.

So the cleaning treatment apparently made no difference???

> Gunge.

Apparently not so bad then as oil from the mechanicals parts
seeping into the drum.

> No, I'm in a soft, peaty water area.

That sounds acidic and that it will attack your teeth.

> The machine came with the new house. I have no idea how it was used
> in the past, but there is some incidental evidence that the previous
> owners have tried to tackle this problem as well.

Ah, so now we know why they left it behind.

> My own theory is that the gunge is caked on the inside of the tank
> and/or the outside of the drum.

Indeed it would seem so.

> it still comes out flecked with gunge.

Flecks not smeared then. So it would seem that with each wash,
there is some flaking off of the residue which then flecks the
clothes. Clearly this is going to take forever to remove the
residue unless you can get some chemical agent to remove the
residue in a couple of washes.

> It may actually be something to do with the high peat content of the
> water, because similar bits of gunge occasionally come out of the hot
> tap.

And the how water line comes form a tank, whose innards may well
be coated with a similar lining!

Anyways, a web search reveals that you problem is not unique and is
prevalent in England

<http://uk.answers.yahoo.COM/question/index?qid=20090401103012AAo0tuH>

<http://happyhomemaker88.COM/2007/11/04/remember-to-clean-your-washing-machine-monthly/>

<http://forums.digitalspy.co.UK/showthread.php?t=1369097http://forums.digitalspy.co.uk/showthread.php?t=1369097>

<http://www.justanswer.COM/uk-appliance/5hz2g-time-wash-lots-black-brown-bits-stuck.html>

Trying several wash cycles with very strong vinegar at the hottest possible temperature
may be the way to reduce the residue present as quickly as possiblem, and one possible
solution to eliminate future bad results is to install a filter on the water supply.

Java Jive

unread,

Apr 5, 2013, 6:26:35 PM4/5/13

to

SORTED! And the vital piece of information that was missing from the
Client Bridge guide but revealed in the Repeater Bridge guide? The
need to reboot the Client Bridge router TWICE!

On Fri, 05 Apr 2013 20:21:43 +0100, Java Jive <ja...@evij.com.invalid>
wrote:

>
> I dare say I'll either sort it out or use a cable along the house
> instead.