DNS suggestion

[colin_b]

Last October Dyn was hit by a DDoS and the internet ground to a crawl for users of their DNS service https://arstechnica.co.uk/security/2016 ... ing-crawl/.

Could you have an MX tool which allows users to easily change DNS servers? Not only would this offer an easy solution to DNS problems, but it would also offer other benefits such as security protection, privacy and parental controls.

The tool simply needs to be something like a list of checkboxes which correspond to individual DNS servers. The server which has the ticked checkbox is used. If the tool is password protected it would secure the parental controls.

Some suggestions for DNS servers:

OpenDNS [parental control]

https://umbrella.cisco.com/blog/blog/20 ... -controls/

208.67.222.123
208.67.220.123

Comodo Secure DNS [helps protect against maliious websites]

https://www.comodo.com/secure-dns/

8.26.56.26
8.20.247.20

FreeDNS [no logging DNS]

https://freedns.zone/en/

37.235.1.174
37.235.1.177

DNS.WATCH [no logging DNS]

https://dns.watch/index

84.200.69.80
84.200.70.40

OpenDNS Home [privacy / security]

208.67.222.222
208.67.220.220

[skidoo]

colin, it's a nice idea.
Instead of waiting for an official MX tool, let's bang out a little utility to handle the task.

No networkmananager installed on my antiX system, so someone should verify whether this restart command is correct:
`gksu service network-manager restart`

Paste the code below into a text editor, add a blank line at the end, and SaveAs /tmp/hoo.txt
then at a terminal prompt:
sudo mv /tmp/hoo.txt /usr/local/bin/dnschanger.sh
sudo chmod +x /usr/local/bin/dnschanger.sh

So that it can be launched from the menu, someone else can followup to coach creating a .desktop launcher
(idunno the available icons in MX)
Within the launcher, I expect the Exec= line should be
(if you want the terminal to remain open afterward, to have a chance to see the "Okay, done." message)
Exec=gksu xfce4-terminal -H -e dnschanger.sh
(or, to have the terminal window close immediately after the script exits)
Exec=gksu xfce4-terminal -e dnschanger.sh

Code: Select all

#!/bin/bash
if [[ $UID != "0" ]]; then
    echo "must run this script as sudo/root" &
    exit 1 ;
fi

doodat () {
    chattr +i /etc/resolv.conf
    printf "\n\nRestarting network\n\n"
    ###           v---- IS THIS THE CORRECT COMMAND ?
    gksu service network-manager restart
    echo "Okay, done"
}

echo "DNS nameserver changer
Pick yer chooose (or  Q  to quit):
1)  --- restore defaults ---
2)  OpenDNS (parental control)
3)  Comodo Secure DNS
4)  FreeDNS (no logging)
5)  DNS.WATCH (no logging)
6)  OpenDNS Home (privacy / security)
"
read wants;
case $wants in
    1)  chattr -i /etc/resolv.conf
        sh -c "echo domain local.lan search local.lan nameserver 192.168.1.1 > /etc/resolv.conf"
        doodat ;;
    2)  chattr -i /etc/resolv.conf
        sh -c "echo nameserver 208.67.222.123 nameserver 208.67.220.123 > /etc/resolve.conf"
        doodat ;;
    3)  chattr -i /etc/resolv.conf
        sh -c "echo nameserver 8.26.56.26 nameserver 8.20.247.20 > /etc/resolv.conf"
        doodat ;;
    4)  chattr -i /etc/resolv.conf
        sh -c "echo nameserver 37.235.1.174 nameserver 37.235.1.177 > /etc/resolv.conf"
        doodat ;;
    5)  chattr -i /etc/resolv.conf
        sh -c "echo nameserver 84.200.69.80 nameserver 84.200.70.40 > /etc/resolv.conf"
        doodat ;;
    6)  chattr -i /etc/resolv.conf
        sh -c "echo nameserver 208.67.222.222 nameserver 208.67.220.220 > /etc/resolv.conf"
        doodat ;;
    Q|q) exit 0 ;;
    *)  echo "not a valid selection. This script will now exit." ;;
esac
exit 0

[colin_b]

Thanks for the reply skidoo

Unfortunately I'm something of a noob to Linux and I don't want to poke around and end up throwing a spanner in the works of MX Linux because I find it refreshing to have a stable PC. I would be inconsolable if I made an error which implodes the O/S.

Hopefully your excellent reply will help others who are more informed than I am.

I will have to get my prayer book out and pray to the Gods of MX Linux three times daily. Hopefully they will hear my prayers and add a DNS changer to the tools.

[mw1649]

I solved a similar issue by adding one of the free DNS IP addresses to the "Additional DNS Servers" box that is under the IPv4 Settings tab in the Edit section of the Network Manager app. Presumably one can add multiple addresses there but I don't know what the separator is. e.g. a comma , colon, etc..
Mike

[davefor]

Another potential option could be to deploy a Pihole appliance as a DNS proxy. Pihole has the exact same functionality you are looking for, with tickboxes for common external DNS providers (such as Cisco Umbrella / OpenDNS, Level 3, Comodo, Quad9 etc - and even has several slots for custom DNS providers of your choice. That way, your MX linux just maintains the configuration of Pihole as local DNS proxy - and you use the web interface for the Pihole appliance to change the DNS in exactly the way you have described. This of course has the added benefit of making these changes available to other devices in the network, and also adding the ad-blocking functionality that Pihole is known for.

[fan_of_LTS]

I haven't seen many significant DNS outages but I do keep the names of several DNS providers and their IP addresses in my hosts file. Since I don't recall seeing ads (maybe it's noscript blocking them) I have DNS servers, time servers, VPN servers, repos, and my ISP mail servers in mine. Of course keeping it updated can be a little painful when some servers have multiple IP addresses and others have other CNAMEs.

If you are familiar with dnsmasq, you could also list the IP addresses of many resolvers and just comment out those you aren't currently using. If you have issues you could uncomment another to use it.

I used to have a bookmarks folder with web tools such as lookup sites but dig @a.b.c.d (where you enter the DNS server you want to try) in a terminal works too.

Maybe one of these is just a start for looking at an app which makes the change you want.

[figueroa]

It strikes me that this is a non-problem not needing a solution. MX users can simply edit their NetworkManager applet settings (as described above).

[thomasl]

MX users can simply edit their NetworkManager applet settings (as described above).

While that is true, it's less than optimal for those who use other OS's or distros (eg via a dual-boot) or devices (eg Android). In that case the pihole solution or, perhaps simpler for some, if the router in question supports setting WAN DNS servers, are better solutions as they work for the whole LAN.