Strange DNS problem

Connection sharing, Firewall, Samba..etc
Forum rules
Before you post please read how to get help

Strange DNS problem

Postby klagenfurt on Sat Dec 08, 2012 4:13 am

Hello.

One question: I have Mint 13 installed for months, running fine.But yesterday I was connected to my faculty's wireless network. Then I come home, turn off WiFi adapter and used wired connection (no WiFi at home). But I was unable to load web page or receive my mail. Wireshark showed that after I enter URL, first DNS query was entered URL, but then URL+faculty domain [example: http://www.linuxmint.com.education.edu]. I fixed the problem with dns-fix, but didn't solve e-mail problem completely.

I didn't use firewall but I also don't have any open-to-world service running. I did update the day before yesterday (so fully patched, no known vulnerabilities). I will just install Mint 14. My question is: What do you think is reason for that change/behavior?
klagenfurt
Level 1
Level 1
 
Posts: 4
Joined: Sat Dec 08, 2012 4:01 am

Linux Mint is funded by ads and donations.
 

Re: Strange DNS problem

Postby klagenfurt on Thu Dec 13, 2012 4:30 am

Bump

I'm running Mint 14 now.Anyway I would like to know, what had happened that I was unable to use web/mail. When I was trying to visit website, there was only DNS packet traffic with destination IP from my faculty domain.

Is this a known issue or I was somehow hacked?
klagenfurt
Level 1
Level 1
 
Posts: 4
Joined: Sat Dec 08, 2012 4:01 am

Re: Strange DNS problem

Postby klagenfurt on Thu Dec 13, 2012 4:04 pm

For those who have Mint 13: What version of Samba do you have [command: smbd -V ]? On distro release (Mint 13 x64 is 3.6.3 but is it updated with Update Manager?)
klagenfurt
Level 1
Level 1
 
Posts: 4
Joined: Sat Dec 08, 2012 4:01 am

Re: Strange DNS problem

Postby klagenfurt on Fri Dec 14, 2012 10:32 am

@admin: Can you move my topic to networking forum please.

UPDATE: So what happened is that my dns setting was somehow changed ... when I wanted to visit a web site at home, only dns traffic was recorded with dns destination of DNS servers which I get when I'm connected on faculty's WiFi (except requested sites, there was also daisy.ubuntu.com dns traffic). I don't know how is that possible.

Also is updated Mint 13 vulnerable on CVE-2012-1182? I think I accidently disable firewall, but had Samba running (I didn't need it, but it was enabled by default).

UPDATE II: Maybe problem laid here:

Code: Select all
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 127.0.1.1:53            0.0.0.0:*               LISTEN      -               
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN 


When I'm on faculty network web browsing works slow (esp. on https) from time-to-time. But at the day of incident, web browsing run fast as hell (even https). I don't know why configuration (probably) changed at that day and never before? It also survived multiple reboots at home.


Thanks
klagenfurt
Level 1
Level 1
 
Posts: 4
Joined: Sat Dec 08, 2012 4:01 am

Re: Strange DNS problem

Postby xenopeek on Sun Dec 16, 2012 6:55 am

Moved as per OP's request. I'm not sure what could be the cause of this, hopefully somebody else can pitch in on this.
User avatar
xenopeek
Level 21
Level 21
 
Posts: 15280
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands


Return to Other networking topics

Who is online

Users browsing this forum: No registered users and 7 guests