Archive for » April, 2009 «

Sunday, April 26th, 2009 | Author:

Trust me. We’re still dealing with regexesjust in a roundabout (and vaguely practical) way. This is a pretty comprehensive listing of how to go about flushing DNS caches while using regexes to show where similar methods deviate.

Why do we want to clear DNS caches exactly?

There are a number of reasons to clear DNS caches, though I believe these are the most common:

  • An intranet service has an private (internal) IP address when on the company network but it has a public IP address for outside access. When you try to access that service from outside after accessing it from inside, there’s a chance that you would have cached the private (inaccessible) IP. A good long-term solution is to make the service inaccessible except via VPN. A simpler solution is to leave work at work. 😛
  • An internet service or web site changes their DNS settings and your desktop/laptop is looking at theoldsetting. In this case, the new setting has not yet propagated. Hosting Admins come across this case very often.
  • ਪਰਦੇਦਾਰੀ: If someone can track your DNS history then it wouldn’t be too hard to figure out which web sites you’ve been viewing. Though the individual pages you’ve viewed can’t be tracked in this way, the hostnames, ਜਿਵੇ ਕੀ “dogma.swiftspirit.co.zaorgoogle.comwill be in the DNS cache, likely in the order you first accessed each site. There are better ways to do this though. One example is to use a Tor network for all DNS requests.

Flushing WindowsDNS cache, from command prompt:

Evidence suggests that prior to Windows 2000, Windows OS’s didn’t cache DNS results. The ipconfig command, run from the command prompt, was given some control over the DNS cache and has remained roughly the same since.

To get to the prompt if using Vista as non-Admin: Start -> Programs -> Accessories -> Right-clickCommand Prompt” -> Run As Administrator

Otherwise: Start -> Run -> [cmd ] -> [ OK ]

ipconfig /flushdns

Flush the DNS Resolver Cache in Windows

It is also possible to clear the cache in Windows by restarting theDNS ClientorDnscache” ਸਰਵਿਸ.

Flushing Mac OS X DNS cache, from shell prompt:

Since Mac OS X, Apple Macs have been running a Unix-based, POSIX-compliant, operating system based on Nextstep, itself originally containing code from FreeBSD ਅਤੇ NetBSD. Mac OS X uses lookupd or dscacheutil to manage the DNS cache, depending on the version.

To get to the prompt: Applications -> Utilities -> Terminal

(lookupd|dscacheutil) -flushcache

What have we here? As per part 1, the vertical bar indicates that eitherlookupdORdscacheutilare acceptable. The parenthesis indicate that the vertical bar only applies to thelookupd|dscacheutilportion of the expression. Thus, the ” -flushcacheis not optional and must be included in the command in order for it to work. Note that these commands produce no output unless there is an error.

Use dscacheutil if you’re using Mac OS X 10.5 (Leopard) or later.

Mac OS X:

lookupd -flushcache

Mac OS X Leopard:

dscacheutil -flushcache

Use dscacheutil to flush the cache in Mac OS X Leopard

There is also a GUI tool, DNS Flusher, which automatically uses the correct command available.

Flushing Linux/UnixDNS cache, from shell prompt:

N.B. If you don’t already have either bind (with caching lookup enabled), nscd, or dnsmasq installed and running on your *nix-based desktop/server, you are probably not caching DNS at all and there is nothing to flush. In that case you will be utilising your DNS server for every web request, probably slowing your web experience.* If so, I recommend at least installing nscd as it is the easiest to set up. **

Flushing nscd’s cache

As with the Mac OS command, this produces absolutely no output unless there is an error:

(|sudo )(|/usr/sbin/)nscd -i hosts
  • Use sudo if you’re not already root otherwise the first selection is blank.
  • Specify /usr/sbin/ if nscd is not already within thepath”. If your distribution has nscd in a strange place, locate it first:
locate -r bin/nscd$

Notice that the abovebin/nscd$is itself a regular expression. 🙂

Using nscd, invalidate thehostscache, logged in as a user:
sudo nscd -i hosts
Using nscd, invalidate thehostscache, logged in as root:
nscd -i hosts
Using nscd, invalidate thehostscache, logged in as root, specifying the full path:
/usr/sbin/nscd -i hosts

Flushing bind’s cache

To flush bind’s cache, we issue a command via rndc. Use sudo if you are not already root:

(|sudo )rndc flush

Restarting the cacheing services also works!

Here’s how to restart either of the caching daemons:

(|sudo )(ਸਰਵਿਸ |/etc/(rc\.d|rc\.d/init\.d|init\.d)/)(bind|dnsmasq|nscd) restart

That’s starting to get difficult to read. *** Luckily I’ve explained in detail:

  • As with the previous command, use sudo if you’re not already root.
  • The second selection has the first option “ਸਰਵਿਸ “. This applies mainly to Red Hat/CentOS and Fedora systems.
  • The “/etc/(rc\.d|rc\.d/init\.d|init\.d)/” needs to be expanded further. This is for most other systems. Generally, the rc.d is for if you’re using a BSD-style init system (for example: Arch Linux, FreeBSD, or OpenBSD). The best way to know for sure which command to use is to ‘locatethe correct nscd or dnsmasq path. Most Unix flavours, even Solaris, use nscd:
locate -r \.d/nscd$ ; locate -r \.d/dnsmasq$ ; locate -r \.d/rndc$
  • The last choice is betweenbind”, “nscd”, ਅਤੇ “dnsmasq”. This depends entirely on which is installed and in use.
  • The last of the pattern, ” restart”, is the instruction given to the daemon’s control script.

Arch, using dnsmasq, restarting the cache daemon, logged in as root:

/etc/rc.d/dnsmasq restart

Arch, using nscd, restarting the cache daemon, logged in as user:

sudo /etc/rc.d/nscd restart

CentOS / Red Hat, using nscd, restarting the daemon, as root:

service nscd restart

nscdrestart

Flush Mozilla Firefox’s internal DNS cache:

Mozilla Firefox keeps its own DNS cache for performance. ਫਾਇਰਫਾਕਸ 2 would cache only 20 entries for up to 60 seconds. The default setting as of Firefox 3 appears to be 512 entries for up to 60 minutes which seems much more reasonable for every-day browsing. If your desktop has a built-in cache (which most now do) then the cache here is actually redundant. I’m not aware of any other browsers that implement DNS caching.

I’ve found a few solutions for when you need to clear the cache. It seems there are many ways to do this however these are the easiest, which I’ve put into order of preference.:

  1. Install the Firefox DNS Flusher Addonprovides a button to flush the cache.
  2. Install the DNS Cache Addonprovides a toggle which disables or enables the DNS cache.
  3. Clear Cache (clears browser cache as well as DNS Cache): Select Tools -> Clear Private Data; Deselect all checkboxes except for Cache; Click [ Clear Private Data Now ].
  4. Manually do what DNS Cache does: set the following 2 about:config optionsnetwork.dnsCacheExpiration” ਅਤੇ “network.dnsCacheEntries” ਨੂੰ 0 and then back to the default.

I had a bad cached record and I cleared my browser’s cache. But its still giving me the wrong info. What gives?

Because of how DNS propagation works, you preferably need to flush the DNS on all DNS hosts between yourself and theauthoritivehost, starting with the host closest to the authoritive host (furthest away from your browser).

As an example, if you have a router that is caching DNS, reset the router’s cache before restarting the DNS cache of your operating system, and only then should you clear the cache in Firefox. The reason is that even if you only clear your OS and Firefox’s caches, your desktop is still going to ask the router for its bad record anyway.

What if my DNS server is a server on the net outside my control?

You could try temporarily using a different nameserver, possibly even a publicly open server. OpenDNS shows some good information on how to do this. If you’d like, you should also be able to get relevant information from your own ISP regarding their resolving DNS servers. A local example (South Africa) is SAIX which lists their resolving DNS servers.

* Likely the reason why Firefox has a DNS cache built-in ****
** “((pacman|yaourt) -S|emerge|(yum|aptitude|apt-get) install) nscdand then ensure that the service is added to the startup scripts. Refer to your distribution’s installation documentation.
*** I’m looking for a syntax highlighting plugin that can work with regex
**** I’ve read statements that restarting the network(ing|) service also clears the DNS cache however I haven’t seen any evidence that this is true. If anyone has a example where this is true, please provide me with the details.
ਨਿਯਤ ਕਰੋ
Thursday, April 23rd, 2009 | Author:
Who Rules?! Who Made this Awesome Image?!

Who Rules?!

When an artist has released his work (even as Creative Commons) and the IPTC / EXIF data is no longer in the image, how do you find out who the original artist is? All I have here is a difficult-to-read signature. 🙁

ਨਿਯਤ ਕਰੋ
Wednesday, April 22nd, 2009 | Author:

Arch Linux’s installation process is documented on the Arch wiki. I recommend that persons new to Arch try the excellent Beginner’s Guide instead of the Official Arch Linux Install Guide. Though both wiki entries cover similar ground, the Beginner’s Guide gives a lot more relevant information for those new to the system. The Beginner’s Guide is aimed at desktop installation and, as I’m installing a server, I won’t be going through the installation of the graphical environment at all. Assuming that you’re following my installation, assume that I’ve followed the Beginner’s Guide right up to and including the installation of sudo. I installed the ssh daemon afterwards rather than during the initial setup however.

A few small recommendations and notes regarding installation:

  • If you can, consider using a USB memory stick for the installer and keep it handy for future installations.
  • I keep a copy of my localrepositoryof installed applications on my installer memory stick. Once installation is finished I save a bit of download and update time by copying this to the new server’s /var/cache/pacman/pkg/ folder. The repository on my desktop is typically 1.7GB
  • For the rc.conf, South African-appropriate regional settings are:
    LOCALE=en_ZA.utf8
    TIMEZONE=Africa/Johannesburg
  • I’ve set up the network very simply, according to the guide, and will be expanding on the network setup in a later post.
  • As it is for a server, my non-privileged user on the server is only part of 3 groups: wheel (for sudo), storage, and users. A desktop user will likely be in many more groups.

I prefer using an application called yaourt instead of Arch’s default package manager. Yaourt has the exact same usage syntax as pacman except that it supports a few extra options. It is actually a wrapper application in that it, in turn, uses pacman. Importantly, yaourt supports installation of applications from Arch’s AUR. The AUR is a repository of installation scripts built by Arch users for Arch users to easily install applications that are not officially supported by the main Arch repositories. Yaourt can download and install applications from AUR or the main repositories with the same command, treating the AUR asjust another repository”. Pacman unfortunately does not support this.

Again, the installation is covered in the wiki. I recommend the easy route mentioned in the wiki if you’re new at Arch. Its too much too soon to do it the hard way (also mentioned in the wiki entry).

When done, update your system by issuing the single command:

yaourt -Syu

OR

pacman -Syu

and follow the given recommendations.

ਨਿਯਤ ਕਰੋ
Monday, April 20th, 2009 | Author:

I’m looking at the South African banking system (partly a result of watching the Zeitgeistdocumentary”) ਅਤੇ, after finding my bank implicated most with regards to the SA-Banking Competition Commission wikileaks scandal, I’m putting serious consideration into switching banks.

What ethical banks are out there right now? I’ve even looked into Sharia (Islamic) banking because of their strict ethics laws but even there I’m looking at even more unknowns. I’m not Islamic and I have nothing against funding pork-related activities.

On that note, do you know if your bank has a code of ethics? If they’re public, where can we see these ethics codes?

Tell me about service levels I haven’t heard of before and which bank you believe deserves to handle my money.

ਨਿਯਤ ਕਰੋ
Sunday, April 19th, 2009 | Author:

I think the Internet is a scary place. Yes, me. Some days I find myself horrified to find the lowliest of criminal bastards trying to steal our livelihoods.

Yes, people, there are criminals out there and they want your money or they want to use you to make money. What’s even more scary is the lengths to which they are willing to go, even risking YOU. Do not pass Go. Do not collect $200.

I received an email saying that I was being offered a job as aRegional Assistant” ਅਤੇ, though the details weren’t given, the email suggested that it was a legitimate opportunity. I replied asking about where they’d received my details and also about what they would require of me.

Being the skeptic I am, I thought I could spot scammers a mile away. How fortunate that I can still laugh at the idea.

A few hours later, they replied indicating that I’d soon receive further instructions. They’dprobablybeen referred to me by a friend and they had a pile of referrals and so couldn’t specify which friend had recommended me. I waited patiently and left it to the back of my mind. “They’ve probably found a good candidate already and I’ve lost out”, I thought. “How nice that a friend might refer me. Obviously I’m Awesome.” (and daft :-/)

So later on, I receive my email with myfurther instructions”. This is where I finally realised that I was dealing with scammers:

Hi. We’d like to start a trial task. Our customer will make a bank transfer to you this week. Please go to our site <site omitted> to submit the banking details where the transfer will go to. Once we’ve established a good transaction history, you will receive between 2-3 transfers per week (amounts of about R10 000 each except the first trial transfers).
Please confirm that you can start. We don’t send any transfers to your account until we receive confirmation from you.
On Monday you will receive notification, detailed information and instructions regarding the transfers. Thank you and have a lovely weekend.

Say what??? I checked out the web site in question and, without a doubt, this is a money laundering scheme done by professionals. They know what they’re doing and they probably launder millions every month. What’s more is that, inevitably, they will screw you over and get the cops to arrest YOU. These criminals can leave evidence behind implicating you even if all you’ve done is diligently moved money from one place to anotherand kept a small percentage for yourself. 😛

Money laundering is where illegitimate money (stolen, probably) is transferred via third parties to appear more legitimate. You’re an accessory to the crime and, even worse, you’re even likely to be the victim of it. Recognise when an opportunity is too good to be true. I was fooled for a short while. Next up, given that a victim might give out a lot of personal details, the scammers might steal your identity and start to implicate you in fraudulent activities without you ever having done a thing.

If you happen to have already given any details such as the above where they wanted my banking details, contact your bank and inform them of the situation. They will give you the best possible advice on what to do next. If you’ve already responded to the mail but haven’t yet already given them the information they want, don’t reply any further. I’d also suggest calling your local police for further advice.

ਨਿਯਤ ਕਰੋ