Or is it the OpenDNS service which this feature relies upon?On my network there are three distinct operating systems: Windows XP, Linux, and believe it or not, Windows 98. Which all play pretty much nicely together, everything is networked together including the HP printer. The Linux distributions are Fedora 12 and Ubuntu 8.04. Both machines use this use the Samba software to access the Windows network.
I decided on a whim to try the router's Advanced DNS option to see if there was any benefit speed or security wise. Once the feature was enabled,
both Windows machines continued to operate as before, with full access in all regards. However the network was completely inaccessible to Linux. Attempting access the network via the Linux desktops, the
Network Workgroup could be viewed but no share --folder or machine-- could be accessed. Trying to gain access through the command line is where things really got interesting, especially for Ubuntu.
This command should have displayed information about the resources [drives, folders, and printer] on the machine named " PATRICKS-PLACE ", after asking for a password, in a nice readable list:
smbclient -L //PATRICKS-PLACE -U Patrick
timeout connecting to 204.194.233.140:445
timeout connecting to 204.194.233.140:139
Error connecting to 204.194.233.140 (Operation already in progress)
Connection to PATRICKS-PLACE failed (Error NT_STATUS_ACCESS_DENIED)
Well, no nice list, and worse yet, errors containing IP numbers that are not mine and outside of my network on the Internet. These IP numbers belong to "
302 Direct Media " (a.k.a. Best Path Networks) a company which is part of the network run by
OpenDNS who maintain the DNS servers used by the router when the Advanced DNS option is selected. But why was the query meant for my own machines being sent out to the Internet, and if so' why was the network blocked only for Linux?
I decided to set up an OpenDNS account and use their DNS servers directly to see what happened. Following the instructions I entered their static DNS servers into the router and sure enough, the Linux networking died once again. Okay, I decided to use the last set of DNS numbers obtained from my ISP [this would effectively make them static even though they are obtained dynamically under normal circumstances. But did work for testing purposes.] Guess what--Linux networking went back to normal:
smbclient -L //PATRICKS-PLACE -U Patrick
Domain=[PATRICKS-PLACE] OS=[Windows 5.1] Server=[Windows 2000 LAN Manager]
Sharename Type Comment
--------- ---- -------
E$ Disk Default share
IPC$ IPC Remote IPC
print$ Disk Printer Drivers
C Disk on OFFICE 2
D Disk CD drive on OFFICE 2
hpphotos Printer hp photosmart 7150 series
ADMIN$ Disk Remote Admin
C$ Disk Default share
So it is OpenDNS servers blocking Linux on a Windows network, and even more importantly the question, why are LAN side queries getting out to the Internet? Is it because the Samba software also uses The Common Internet File System protocol?
These are questions I don't have answers to. I don't think there's a security issue here, nor is this an attack. Open DNS is considered to be a valuable security enhancement.
These are only my own, observations and opinions. As Linux in its various flavors becomes more and more popular, these issues need to be addressed.
Patrick
PS: My router is the D-Link DIR 655 with hardware version A4, firmware 1.33 NA.
Author
Topic: Advanced DNS Option breaks Linux's Samba networking... (Solved) (Read 5838 times)