Advertisements
Windows 10 DNS Problems
24 Mar

Windows 10 DNS Problems

This week I came accross a strange problem in Windows 10, and since I’m likly to have the same problem in future I thought it worth to record what happened – and how I solved it.

Starting at the beginning I’ll layout the problem. I run my own DNS server on my network both for simple caching and security but mostly to override certain external domains with their internal host. So you can imagine my headache when Firefox starting saying my hosts were unavailable.

After some digging I found, thanks to the ping command, Windows was looking at the wrong IP address. Instead of getting my DNS servers local IP address it was returning the external IP address. My first thoughts were the DNS server was at fault and I spent two or three hours going down that line of thought with no sucess. I finally struck on the idea of using Wireshark to check what was coming back from the DNS server. This at least confirmed that the right – by which I mean local – IP address was returned from DNS which meant Windows was doing some after the fact.

I eventually traced the problem to my Avast anti-virus. Avast has, what in most cases is a really useful – feature called ‘Secure DNS‘ which was intercepting my requests and altering the returned IP. As soon as I disabled this feature my problems were solved.

So I’m posting this here for anyone else whoes having a similar problem. I hope it will help someone else.

Software Society Email problems – Resolved
27 Mar

Software Society Email problems – Resolved

Fan-bloody-tastic! I’ve been trying to work out why emails to the Software Society have been falling over the last few weeks and finally I’ve worked it out!

The lesson to take away from it is, never let someone on the other side of an IT support desk do anything for you that’s mission critical.

All my domains are hosted thru 123-Reg who act as my registrar, and have done for years. I’ve never had to use their support desk in the past and found the service perfect for my needs. Recently one of the servers I was using as an alternative DNS Nameserver was being shutdown so I duly made alternative arrangements and went to update my registrar only to be greeted with errors. Unfortunately I was, and still am, unable to update the registrar nameservers for any domain ending in .uk.

Not to concerned I contact support and ask them to update my nameservers to a.ns.nxfifteen.me.uk, b.ns…., c.ns…. and d.ns…. within a few hours I had a response saying it had all been taken care of.

Fast forward a few weeks and emails are starting to fail, a quick check of my ISP nameserver shows no problem but on a whim I check with Google’s and low and behold the domain no longer has any DNS records!

I will leave aside the long and tedious story of how I spent hours trying to find the problem and checking the DNS server configuration files and skip right on to checking my registrar was returning the right details, as you probably guest it wasn’t. My friendly request to the support desk had resulted in my new nameservers being listed as ns1.nxfifteen.me.uk, ns2., ns3. and ns4. which are not A records on my domain.

Rather than going back through support to fix this, I still cant change them using the admin panel, I’ve resorted to adding these new domain records to my DNS. This can take 24-48 hours to propagate across the net, and as of writing Google’s DNS hasn’t updated, so please be patient with me a little longer. The problem has been resolved, I’m just waiting on it to filter through.

Raspberry Pi Powered OpenVPN – Server, Part 4
07 Feb

Raspberry Pi Powered OpenVPN – Server, Part 4

Time to put it all together

OpenVPN Configuration

So far we have setup and new Raspberry Pi, install OpenVPN, generated some server keys and at least one user/device key and created a Certificate Authority to sign them. We are still missing something though. OpenVPN doesn’t know any of the yet. We still have to tell it where to find these new files we’ve just create, what IP or port to listen for connections on, what type of connection to make or where to send the resulting traffic.

All these setting are held in OpenVPN’s configuration file, but non is installed with the OpenVPN package so we need to create a new one. Start by creating a file on the Pi nano /etc/openvpn/server.conf then fill it with this initial template:

I’ve marked some bits you will need to change yourself most importantly PI_IP_ADDRESS and YOUR_DNS_IP_ADDRESS but read thru the comments to make sure everything else is right for your setup. Once your done just control+x and save the file.

Port Forwarding

Now that OpenVPN knows what to do we need to tell the Pi to forward internet traffic. By default a Raspbian OS is designed to be a receiving client, internet traffic goes to or from it, but in this case we want it to forward traffic it receives on somewhere else – in this case your router.

To edit the system setting open up the system control file with nano /etc/sysctl.conf and find the line “#net.ipv4.ip_forward=1” and uncomment it by removing the # leaving “net.ipv4.ip_forward=1”. Once again use control+x to save the file. Lastly we have to tell the system we have changed the file. That’s done with the sysctl command, just type sysctl -p and your done.

Raspbian Firewall

We’re almost ready to restart the Raspberry Pi and have a functional server, but before we can there is one more thing we have to do. Raspbian comes with a built in firewall called iptables, found on most Linux systems, which is there to protect your computer from the dangers of the internet but we need to poke a hole through it while leaving the rest of it intact. This is done by issuing command directly to iptables, but we want these changes to still be in place next time we reboot the Raspberry Pi so we need to make the command something the Pi will run everything it connects to the router.

This is best done in two steps. First we’ll setup the script we want to run. Make a new file nano /etc/iptables-openvpn.sh and type in:

Make sure you change PI_IP_ADDRESS to your Raspberry Pi’s IP address. The hit control+x and save the file. We now need to make the file executable, but we also want normal users from changing it.

The first line means only the file owner can execute the file, no one else can even read it. The second line just makes sure the owner is root.

Now we have our supporting files we need to tell the Pi to run this file, and so poke the same hole, in our firewall every time a network connection is setup. Network setting for Linux are commonly stored in the /etc/network/interfaces file so we can start there.

nano /etc/network/interfaces

You can see a line that says “iface eth0 inet dhcp” that simply tells Linux to ask your router for an IP address for the ethernet plug. We can now inject out iptables-openvpn.sh file here by using the pre-up option.

…becomes…

Now before asking for an IP address from a connected router the Pi will run our iptables command and the firewall will be ready. control+x to save your work.

You can finally reboot your Raspberry Pi

Your Raspberry Pi is now a fully working OpenVPN server, in the next tutorial we’ll get started preparing our clients to connect to it.

02 Nov

DNS Cache TTL – Windows

Shorten the built in Windows DNS cache time

To force Windows to keep positive entries in DNS Cache for only 4 hours instead of the default 24 hours we need to apply the following change to the registry:

02 Nov

Block Negative DNS Entries – Windows

Windows contains a client-side Domain Name System (DNS) cache. The client-side DNS caching feature may cache results when no valid IP address was found. This article describes how to disable DNS caching for these Negative Entries.

To force Windows not to cache negative entries we need to add a new DWORD to the Windows Registry