Linux Update Client using...
Linux Update Client using 8.8.8.8 for DNS and not the configured dns server
- 主页
- 后台控制中心
- Community Forum
- Services
- Dynamic DNS Service
- Linux Update Client using 8.8.8.8 for DNS and not the configured dns server
- Community Forum
- Linux Update Client using 8.8.8.8 for DNS and not the configured dns server
Topic: Linux Update Client using 8.8.8.8 for DNS and not the configured dns server
Linux Update Client using 8.8.8.8 for DNS and not the configured dns server
by grahamxpromz on 2018年3月8日
by grahamxpromz on 2018年3月8日
Why does the Linux (Ubuntu) client not use the configured dns servers?In my environment, hosts must use the local dns resolver as the firewall block any attempts to bypass it.The other DYNU clients (Chrome and Windows) use the hosts configured dns, but Ubuntu Linux client seems to be hard coded to use 8.8.8.8. As Googles dns servers are blocked, the service fails to update unless the firewall allows the connection.Is there some way to change this behavior or am I somehow mistaken.
Reply with quote | Report
Re: Linux Update Client using 8.8.8.8 for DNS and not the configured dns server
by grahamxpromz on 2018年3月11日
by grahamxpromz on 2018年3月11日
In addition to the hard coded Google DNS there is a periodic query sent to ns1.dynu.com for a AAAA record (hostname).(username).tag.gtagging.comThe gtagging.com domain is not currently assigned and looks like it is used to check what IP address is currently registered. Although I also see DNS lookups for ipcheck.dynu.com and ipcheckv6.dynu.com to determine the "public" IP address.What functionality is lost if this is blocked?The Chrome Extension does not seem to exhibit any of these behaviors and my reason for asking is the hosts are in a restricted DMZ, so if a host does become compromised, the traffic they can generate is not only logged but can be controlled so I don't become part of some DDoS botnet and if I do get hacked, I should find out and should be able to restrict the impact until I fix it. Hence why everything is whitelisted and I don't want to enable anything unless required for functionality
Reply with quote | Report
Author | Topic: Linux Update Client using 8.8.8.8 for DNS and not the configured dns server |
---|---|
grahamxpromz Joined: 2015/4/13 |
Linux Update Client using 8.8.8.8 for DNS and not the configured dns server 2018年3月8日 16:59
Why does the Linux (Ubuntu) client not use the configured dns servers?In my environment, hosts must use the local dns resolver as the firewall block any attempts to bypass it.The other DYNU clients (Chrome and Windows) use the hosts configured dns, but Ubuntu Linux client seems to be hard coded to use 8.8.8.8. As Googles dns servers are blocked, the service fails to update unless the firewall allows the connection.Is there some way to change this behavior or am I somehow mistaken.
|
grahamxpromz Joined: 2015/4/13 |
Linux Update Client using 8.8.8.8 for DNS and not the configured dns server 2018年3月11日 15:36
In addition to the hard coded Google DNS there is a periodic query sent to ns1.dynu.com for a AAAA record (hostname).(username).tag.gtagging.comThe gtagging.com domain is not currently assigned and looks like it is used to check what IP address is currently registered. Although I also see DNS lookups for ipcheck.dynu.com and ipcheckv6.dynu.com to determine the "public" IP address.What functionality is lost if this is blocked?The Chrome Extension does not seem to exhibit any of these behaviors and my reason for asking is the hosts are in a restricted DMZ, so if a host does become compromised, the traffic they can generate is not only logged but can be controlled so I don't become part of some DDoS botnet and if I do get hacked, I should find out and should be able to restrict the impact until I fix it. Hence why everything is whitelisted and I don't want to enable anything unless required for functionality
|
It is currently 2024年11月24日 12:02 US Mountain Standard Time
2024年11月24日 12:02