Strange DNS problem

Connection sharing, Firewall, Samba..etc
Forum rules
Before you post please read this

Strange DNS problem

Postby klagenfurt on Sat Dec 08, 2012 4:13 am

Hello.

One question: I have Mint 13 installed for months, running fine.But yesterday I was connected to my faculty's wireless network. Then I come home, turn off WiFi adapter and used wired connection (no WiFi at home). But I was unable to load web page or receive my mail. Wireshark showed that after I enter URL, first DNS query was entered URL, but then URL+faculty domain [example: http://www.linuxmint.com.education.edu]. I fixed the problem with dns-fix, but didn't solve e-mail problem completely.

I didn't use firewall but I also don't have any open-to-world service running. I did update the day before yesterday (so fully patched, no known vulnerabilities). I will just install Mint 14. My question is: What do you think is reason for that change/behavior?
klagenfurt
Level 1
Level 1
 
Posts: 4
Joined: Sat Dec 08, 2012 4:01 am

Linux Mint is funded by ads and donations.
 

Re: Strange DNS problem

Postby klagenfurt on Thu Dec 13, 2012 4:30 am

Bump

I'm running Mint 14 now.Anyway I would like to know, what had happened that I was unable to use web/mail. When I was trying to visit website, there was only DNS packet traffic with destination IP from my faculty domain.

Is this a known issue or I was somehow hacked?
klagenfurt
Level 1
Level 1
 
Posts: 4
Joined: Sat Dec 08, 2012 4:01 am

Re: Strange DNS problem

Postby klagenfurt on Thu Dec 13, 2012 4:04 pm

For those who have Mint 13: What version of Samba do you have [command: smbd -V ]? On distro release (Mint 13 x64 is 3.6.3 but is it updated with Update Manager?)
klagenfurt
Level 1
Level 1
 
Posts: 4
Joined: Sat Dec 08, 2012 4:01 am

Re: Strange DNS problem

Postby klagenfurt on Fri Dec 14, 2012 10:32 am

@admin: Can you move my topic to networking forum please.

UPDATE: So what happened is that my dns setting was somehow changed ... when I wanted to visit a web site at home, only dns traffic was recorded with dns destination of DNS servers which I get when I'm connected on faculty's WiFi (except requested sites, there was also daisy.ubuntu.com dns traffic). I don't know how is that possible.

Also is updated Mint 13 vulnerable on CVE-2012-1182? I think I accidently disable firewall, but had Samba running (I didn't need it, but it was enabled by default).

UPDATE II: Maybe problem laid here:

Code: Select all
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 127.0.1.1:53            0.0.0.0:*               LISTEN      -               
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN 


When I'm on faculty network web browsing works slow (esp. on https) from time-to-time. But at the day of incident, web browsing run fast as hell (even https). I don't know why configuration (probably) changed at that day and never before? It also survived multiple reboots at home.


Thanks
klagenfurt
Level 1
Level 1
 
Posts: 4
Joined: Sat Dec 08, 2012 4:01 am

Re: Strange DNS problem

Postby xenopeek on Sun Dec 16, 2012 6:55 am

Moved as per OP's request. I'm not sure what could be the cause of this, hopefully somebody else can pitch in on this.
Forum Rules | IRC Channel Rules
Image
Arch Linux / 64-bit / Gnome Shell
User avatar
xenopeek
Level 21
Level 21
 
Posts: 13700
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands


Return to Other networking topics

Who is online

Users browsing this forum: No registered users and 3 guests