Posted by Thomas

stop your ISP from hijacking your DNS

If you're like me, you use some local ISP for your primary, non-work, Internet connection. Since I'm in NYC, I use Verizon's FIOS service. Although it is pricey, the speeds I get are decent (by American standards).

However, Verizon does one thing that they do that I absolutely hate: THEY HIJACK YOUR DNS.

What is DNS hijacking? Wikipedia has a fairly good entry on the subject.

Basically, if you make an invalid DNS request, instead of returning an error (NXDOMAIN) to your browser as required by the Internet standards, they instead route the page to one of their own pages, usually to display advertising. This breaks all sorts of things, these are described in gory detail in the article above—but such a blatant violation of an Internet RFCs is enough to justify an outcry.

Presuming you use some sort of Unix box, there's a couple of solutions for this:

  • You can change the permissions flags on /etc/resolv.conf to be immutable (chflags on FreeBSD, chattr on Linux), although I consider this to be a bit heavy handed.
  • You can tell your DHCP client to not update resolv.conf (via dhclient.conf)
  • But I think the easiest is way to solve this problem is to override the settings on your wireless router to send hardcoded DNS settings to DHCP clients instead of accepting the ones sent by the ISP. The added advantage here is that it works for all operating systems and clients in your subnet.

Which DNS servers to use instead? Google offers a service called Public DNS that won't hijack your DNS:

  • 8.8.8.8
  • 8.8.4.4

Although you should keep in mind that Google can and will use your name lookup data for advertising purposes.

Lastly, this article assumes this is for a home or personal network. If you are running a business or other organization, you really should be using your own DNS servers.

Tagged , ,

du df size discrepancy

Sometimes people report a huge size discrepancy between the output of du and df. There are two main reasons for this:

  • open file descriptors
  • mounted filesystems hiding unmounted filesystems

With regards to open file descriptors, check that any processes that are running are not holding open files. Shut down Apache, or Oracle, or MySQL, or Postgres, etc. That should usually do it.

The other thing you can check is to see that mounted filesystems are not masking (or hiding unmounted filesystems). Unmount all filesystems and check again, you will see what has been hiding behind the mounted FS.

Tagged

Agneepath

Umm, this was a terrible movie. Terrible plot. Terrible acting. I really wanted to immolate myself. The only good thing about this movie was that I managed to get through to the end without killing myself.

Good songs though.

P.S. Keep in mind I haven't seen the original.

Tagged

Dhobi Ghat (Mumbai Diaries)

Saw this new Aamkir Khan flick tonight. Was pretty good. The characters were well done, loved the new actors. Still had a sad ending, but wasn't as bad and depressing as the ending for Peepli Live (which overall was a better film, but was killed by the ending).

Will recommend to friends.

Tagged