Tag-Archive for » vpn «

Sunday, April 26th, 2009 | otè:

Trust me. We’re still dealing with regexesjust in a roundabout (and vaguely practical) way. This is a pretty comprehensive listing of how to go about flushing DNS caches while using regexes to show where similar methods deviate.

Why do we want to clear DNS caches exactly?

There are a number of reasons to clear DNS caches, though I believe these are the most common:

  • An intranet service has an private (internal) IP address when on the company network but it has a public IP address for outside access. When you try to access that service from outside after accessing it from inside, there’s a chance that you would have cached the private (inaccessible) IP. A good long-term solution is to make the service inaccessible except via VPN. A simpler solution is to leave work at work. 😛
  • An internet service or web site changes their DNS settings and your desktop/laptop is looking at theoldsetting. In this case, the new setting has not yet propagated. Hosting Admins come across this case very often.
  • Privacy: If someone can track your DNS history then it wouldn’t be too hard to figure out which web sites you’ve been viewing. Though the individual pages you’ve viewed can’t be tracked in this way, the hostnames, tankou “dogma.swiftspirit.co.za” oswa “google.comwill be in the DNS cache, gen anpil chans nan lòd la ou premye jwenn aksè chak sit. Gen fason pi bon fè menm si sa a. Yon egzanp se sèvi ak yon rezo Tor pou tout demann dns.

Flushing Windows’ dns kachèt, soti nan èd memwa lòd:

Prèv sijere ke yo anvan Windows 2000, Windows OS a pa t 'kachèt dns rezilta. Nan ipkonfig lòd, kouri soti nan èd memwa nan lòd, te bay kèk kontwòl sou kachèt a dns ak li te rete apeprè menm bagay la tou depi.

Pou li ale nan èd memwa a si lè l sèvi avèk Vista kòm ki pa Admin: Head Start -> pwogram -> Pwodwi pou Telefòn -> Dwa-klike sou “Kòmand rapid” -> Kouri kòm administratè

Sinon: Head Start -> Ryon -> [km ] -> [ OK ]

ipkonfig / flushdns

Flush the DNS Resolver Cache in Windows

Li posib tou klè kachèt la nan Windows pa rekòmanse nan “dns Kliyan” oswa “Dnscache” sèvis.

Flushing Mac OS X dns kachèt, soti nan èd memwa koki:

depi Mac OS X, Apple Macnan yo te kouri yon UNIX ki baze sou, POSIX-konfòme, sistèm opere ki baze sou Lòt etap, tèt li orijinal ki gen Kòd soti nan frizbs ak NetBSD. Mac OS X itilizasyon lookupd oswa dscacheutil jere kachèt a dns, depann sou vèsyon an.

Pou li ale nan èd memwa a: Aplikasyon -> itilite -> tèminal

(lookupd|dscacheutil) -flushcache

Ki sa ki gen nou isit la? Tankou pou chak pati 1, nan ba vètikal endike ke swa “lookupd” OSWA “dscacheutil” yo akseptab. Nan parantèz endike ke nan ba vètikal sèlman aplike nan la “lookupd|dscacheutil” pòsyon nan ekspresyon an. Se konsa, nan ” -flushcache” se pa si ou vle, epi yo dwe enkli nan lòd la yo nan lòd pou li nan travay. Remake byen ke kòmandman sa yo pwodwi pa gen okenn pwodiksyon sòf si gen yon erè.

Sèvi ak dscacheutil si w ap itilize Mac OS X 10.5 (leyopa) oswa pita.

Mac OS X:

lookupd -flushcache

Mac OS X leyopa:

dscacheutil -flushcache

Use dscacheutil to flush the cache in Mac OS X Leopard

Genyen tou se yon zouti entèfas, dns Flusher, ki otomatikman sèvi ak lòd ki kòrèk la ki disponib.

Flushing Linux / UNIX’ dns kachèt, soti nan èd memwa koki:

N.B. Si ou pa deja gen swa mare (ak caching Passage pèmèt), ns, oswa dsmask enstale ak kouri sou * ou nix ki baze sou Desktop / sèvè, ou yo se pwobableman pa caching dns nan tout ak pa gen anyen yo kole. Nan ka sa a ou pral itilize sèvè dns ou pou chak demann sou sit, pwobableman ralanti eksperyans entènèt ou *. Si se konsa, Mwen rekòmande omwen ns enstale kòm li se pi fasil a yo mete kanpe. **

Flòch kachèt ns la

Menm jan ak yo lòd, ki Mac OS, sa a pwodui absoliman okenn pwodiksyon sòf si gen yon erè:

(|sudo )(|/Uzr / sben /)ns -i gen tout pouvwa a
  • sèvi ak sudo si ou pa deja rasin otreman seleksyon an premye a se vid.
  • Espesifye / Uzr / sben / si ns se pa deja nan la “chemen”. Si distribisyon ou ns nan yon kote ki etranj, jwenn li premye:
jwenn -r bin / ns $

Remake pi wo a “bin / ns $” se tèt li yon ekspresyon regilye. 🙂

Lè l sèvi avèk ns, invalid a “gen tout pouvwa a” cache, louvri sesyon an kòm yon itilizatè:
sudo ns gen tout pouvwa a -i
Lè l sèvi avèk ns, invalid a “gen tout pouvwa a” cache, louvri sesyon an kòm rasin:
ns -i gen tout pouvwa a
Lè l sèvi avèk ns, invalid a “gen tout pouvwa a” cache, louvri sesyon an kòm rasin, espesifye chemen an plen:
/Uzr / sben / ns -i gen tout pouvwa a

Flòch kachèt mare nan

Kachèt kole mare nan, nou bay yon lòd atravè rndc. Sèvi ak sudo si ou pa deja rasin:

(|sudo )rndc kole

Rekòmanse sèvis sa yo cacheing tou travay!

Men ki jan yo rekòmanse swa nan damon yo caching:

(|sudo )(sèvis |/elatriye /(rc\.d|rc\.d/init\.d|init\.d)/)(mare|dsmask|ns) rekòmanse

Sa a kòmanse jwenn difisil nan li. *** Chans mwen te eksplike an detay:

  • Menm jan ak yo lòd, ki anvan yo, sèvi ak sudo si ou pa deja rasin.
  • Seleksyon an dezyèm gen opsyon a an premye “sèvis “. Sa a aplike sitou nan Wouj Hat / CentOS ak sistèm Fedora.
  • Nan “/elatriye /(rc\.d|rc\.d/init\.d|init\.d)/” bezwen yo dwe elaji pi lwen. Sa a se pou pifò lòt sistèm. Anjeneral, the rc.d is for if you’re using a BSD-style init system (for example: Arch Linux, frizbs, or OpenBSD). The best way to know for sure which command to use is to ‘locatethe correct nscd or dsmask chemen. Most Unix flavours, even Solaris, use nscd:
locate -r \.d/nscd$ ; locate -r \.d/dnsmasq$ ; locate -r \.d/rndc$
  • The last choice is between “mare”, “ns”, ak “dsmask”. This depends entirely on which is installed and in use.
  • The last of the pattern, ” rekòmanse”, is the instruction given to the daemon’s control script.

Arch, using dnsmasq, restarting the cache daemon, louvri sesyon an kòm rasin:

/etc/rc.d/dnsmasq restart

Arch, using nscd, restarting the cache daemon, logged in as user:

sudo /etc/rc.d/nscd restart

CentOS / Red Hat, using nscd, restarting the daemon, as root:

service nscd restart


Flush Mozilla Firefox’s internal DNS cache:

Mozilla Firefox keeps its own DNS cache for performance. Firefox 2 would cache only 20 entries for up to 60 seconds. The default setting as of Firefox 3 appears to be 512 entries for up to 60 minutes which seems much more reasonable for every-day browsing. If your desktop has a built-in cache (which most now do) then the cache here is actually redundant. I’m not aware of any other browsers that implement DNS caching.

I’ve found a few solutions for when you need to clear the cache. It seems there are many ways to do this however these are the easiest, which I’ve put into order of preference.:

  1. Install the Firefox DNS Flusher Addonprovides a button to flush the cache.
  2. Install the DNS Cache Addonprovides a toggle which disables or enables the DNS cache.
  3. Clear Cache (clears browser cache as well as DNS Cache): Select Tools -> Clear Private Data; Deselect all checkboxes except for Cache; Click [ Clear Private Data Now ].
  4. Manually do what DNS Cache does: set the following 2 about:config optionsnetwork.dnsCacheExpiration” ak “network.dnsCacheEntries” to 0 and then back to the default.

I had a bad cached record and I cleared my browser’s cache. But its still giving me the wrong info. What gives?

Because of how DNS propagation works, you preferably need to flush the DNS on all DNS hosts between yourself and theauthoritivehost, starting with the host closest to the authoritive host (furthest away from your browser).

As an example, if you have a router that is caching DNS, reset the router’s cache before restarting the DNS cache of your operating system, and only then should you clear the cache in Firefox. The reason is that even if you only clear your OS and Firefox’s caches, your desktop is still going to ask the router for its bad record anyway.

What if my DNS server is a server on the net outside my control?

You could try temporarily using a different nameserver, possibly even a publicly open server. OpenDNS shows some good information on how to do this. If you’d like, you should also be able to get relevant information from your own ISP regarding their resolving DNS servers. A local example (South Africa) is SAIX which lists their resolving DNS servers.

* Likely the reason why Firefox has a DNS cache built-in ****
** “((pakman|yogout) -S|emerge|(yum|aptitude|apt-get) install) ns” and then ensure that the service is added to the startup scripts. Refer to your distribution’s installation documentation.
*** I’m looking for a syntax highlighting plugin that can work with regex
**** I’ve read statements that restarting the network(ing|) service also clears the DNS cache however I haven’t seen any evidence that this is true. If anyone has a example where this is true, please provide me with the details.
Lendi, November 17th, 2008 | otè:

I’d never really had the need to connect to a VPN until this weekend. After connecting, I found that my Internet access was rather non-functional except to the VPN in question. A colleague happened to be on hand (he’d given me the access details in the first place) and he quickly suggested this workaround.

Today, a client had the same issue. Perhaps this problem is more common than I first thought.

When connecting to the VPN, Windows updates the default gateway on your desktop to reflect the VPN’s settings. Most likely, however, you only need to access specific subnets on the VPN and you want all unrelated traffic to use youroldsettings.

It turns out that its a simple checkbox that needs to be unchecked. The jist (sp.??) of finding the setting: Right-click the VPN in Network Connections -> Properties -> Internet Protocol (TCP/IP); [Properties] ; [Advanced], and uncheck the “[ ] Use default gateway on remote network”.

Then click the usual OK/Apply/Yes-of-course-your-dialogue-ness (all the while reading and absorbing any warnings appropriately) until you’re back to your Network Connections window. Right-click the VPN connection and disable / re-connect.

You should be able to confirm that the Default Gateway does not change by running the command-line app ipkonfig before and after enabling the VPN connection. Look specifically for the line labelledDefault Gateway”.

[edit reason=moore”]…

It turns out that a possible reason for this setting being the default setting is for security. If your desktop happens to be compromised or inadvertently routing traffic, connecting to the VPN might expose the supposedlyprivatenetwork to the Internet.