[Commotion-discuss] Certificate Warnings
Seamus Tuohy
s2e at opentechinstitute.org
Wed Oct 30 20:30:19 UTC 2013
Hey,
I did not added a section on caching, merely on ensuring a user has the right cert. The documentation wad written with a user in mind who would only flash the same router one time and want to save the cert to ensure they are always talking to the same device.
s2e
Dan Staples <danstaples at opentechinstitute.org> wrote:
>Hi Dan,
>
>When a browser sees a self-signed or unknown certificate, it will give
>you a warning, then ask you to either accept it, or reject it. If you
>accept it, by default it will save it *permanently*, which is likely
>where your trouble comes from.
>
>The first time you connected to 101.100.79.1, you probably accepted the
>certificate, and so now your browser permanently associates that IP
>address with that particular certificate at that time. If you have
>since
>reflashed the node, that same IP address will now have a *different*
>certificate, and your browser freaked out and won't let you proceed.
>
>So the solution is first to remove the cached certificate associated
>with that IP address from your browser, as you already did. After that,
>you can either do the same thing every time you reflash the node, or
>you
>can accept the certificate *temporarily* instead of permanently. Here's
>a Firefox add-on I use that makes the default browser behavior to
>accept
>certificates temporarily:
>https://addons.mozilla.org/en-US/firefox/addon/y-u-no-validate/.
>
>Regarding your certificate authority question, the certificates
>presented by the nodes are self-signed, meaning they have no
>certificate
>authority.
>
>I hope this helps. If you have any other questions, let me know! Seamus
>was working on documentation regarding the certificate warnings, so
>maybe he has a section about how the browser caches them?
>
>Dan
>
>On 10/24/2013 01:11 AM, Daniel Hastings wrote:
>> In regards to the certificate error message I've been getting. I've
>been
>> trying to access the router from whatever URL was randomly generated
>for
>> the router in this case 101.100.79.1 or the assigned IP I manually
>gave
>> the plug interface in this case 192.168.8.2. Each ip still gives me
>the
>> same same error message. I found this
>> article:
>https://support.mozilla.org/en-US/kb/Certificate%20contains%20the%20same%20serial%20number%20as%20another%20certificate
>>
>> somewhat helpful. Removing the servers is easy since you can find
>the
>> IP address of the server and remove it. Removing the certificate
>> authority where it gets confusing. I have no idea who generated the
>> certificate authority so I do not know which one to remove from the
>> authorities tab. I still cannot access most of my routers from
>Firefox.
>>
>>
>> On Mon, Oct 21, 2013 at 5:09 PM,
>> <commotion-discuss-request at lists.chambana.net
>> <mailto:commotion-discuss-request at lists.chambana.net>> wrote:
>>
>> Send Commotion-discuss mailing list submissions to
>> commotion-discuss at lists.chambana.net
>> <mailto:commotion-discuss at lists.chambana.net>
>>
>> To subscribe or unsubscribe via the World Wide Web, visit
>>
>https://lists.chambana.net/mailman/listinfo/commotion-discuss
>> or, via email, send a message with subject or body 'help' to
>> commotion-discuss-request at lists.chambana.net
>> <mailto:commotion-discuss-request at lists.chambana.net>
>>
>> You can reach the person managing the list at
>> commotion-discuss-owner at lists.chambana.net
>> <mailto:commotion-discuss-owner at lists.chambana.net>
>>
>> When replying, please edit your Subject line so it is more
>specific
>> than "Re: Contents of Commotion-discuss digest..."
>>
>>
>> Today's Topics:
>>
>> 1. Re: Web Browser Certificate Error after Factory Reset
>> (Dan Staples)
>> 2. Re: DNS Issues (Dan Staples)
>> 3. Re: Commotion-discuss Digest, Vol 13, Issue 8 (Dan Staples)
>> 4. Re: [Commotion-dev] Has anyone tried this out? netspot
>> (Dan Staples)
>>
>>
>>
>----------------------------------------------------------------------
>>
>> Message: 1
>> Date: Mon, 21 Oct 2013 09:56:49 -0400
>> From: Dan Staples <danstaples at opentechinstitute.org
>> <mailto:danstaples at opentechinstitute.org>>
>> To: commotion-discuss at lists.chambana.net
>> <mailto:commotion-discuss at lists.chambana.net>
>> Subject: Re: [Commotion-discuss] Web Browser Certificate Error
>after
>> Factory Reset
>> Message-ID: <526532A1.50308 at opentechinstitute.org
>> <mailto:526532A1.50308 at opentechinstitute.org>>
>> Content-Type: text/plain; charset=ISO-8859-1
>>
>> What URL are you visiting that causes this error? We are trying
>to move
>> away from the 192.168.1.20 alias for the nodes since each node
>will use
>> that same address and each present a different self-signed
>certificate,
>> resulting in these types of errors.
>>
>> Can anyone else from the dev team chime in with the status of
>this?
>>
>> -Dan
>>
>> On 10/17/2013 08:43 AM, Dan Hastings wrote:
>> > In DR2 I've had to do a couple of factory default resets. I've
>found
>> > that I get the following error in Firefox after factory resting
>> the router:
>> >
>> > Secure Connection Failed
>> >
>> > An error occurred during a connection to 192.168.1.20. You have
>> received
>> > an invalid certificate. Please contact the server administrator
>or
>> email
>> > correspondent and give them the following information: Your
>> certificate
>> > contains the same serial number as another certificate issued
>by the
>> > certificate authority. Please get a new certificate containing
>a
>> unique
>> > serial number. (Error code: sec_error_reused_issuer_and_serial)
>> >
>> > The page you are trying to view cannot be shown because the
>> > authenticity of the received data could not be verified.
>> > Please contact the website owners to inform them of this
>problem.
>> > Alternatively, use the command found in the help menu to report
>this
>> > broken site.
>> >
>> > I've tried removing the certificates from my Firefox under
>> > preferences>advanced>certificates but still cannot log back
>into the
>> > router. Do I have to do something in Firefox or in the router?
>> >
>> > Thanks
>> >
>> > Dan
>> >
>> >
>> > _______________________________________________
>> > Commotion-discuss mailing list
>> > Commotion-discuss at lists.chambana.net
>> <mailto:Commotion-discuss at lists.chambana.net>
>> > https://lists.chambana.net/mailman/listinfo/commotion-discuss
>> >
>>
>> --
>> Dan Staples
>>
>> Open Technology Institute
>> https://commotionwireless.net
>> OpenPGP key: http://disman.tl/pgp.asc
>> Fingerprint: 2480 095D 4B16 436F 35AB 7305 F670 74ED BD86 43A9
>>
>>
>> ------------------------------
>>
>> Message: 2
>> Date: Mon, 21 Oct 2013 09:59:55 -0400
>> From: Dan Staples <danstaples at opentechinstitute.org
>> <mailto:danstaples at opentechinstitute.org>>
>> To: commotion-discuss at lists.chambana.net
>> <mailto:commotion-discuss at lists.chambana.net>
>> Subject: Re: [Commotion-discuss] DNS Issues
>> Message-ID: <5265335B.30706 at opentechinstitute.org
>> <mailto:5265335B.30706 at opentechinstitute.org>>
>> Content-Type: text/plain; charset=ISO-8859-1
>>
>> Have you tried changing the dns server in the commotion profiles
>> (/etc/commotion/profiles.d/quickstartAP or something like that)?
>> Anything in /tmp/ will be lost on reboot, so that's why you're
>seeing
>> that behavior.
>>
>> Dan
>>
>> On 10/18/2013 02:35 AM, Daniel Hastings wrote:
>> > I've actually found that some of open dns requests are being
>received
>> > and others are not. The sites that of course I do not want to
>get
>> > forwarded through Google's servers (youtube, vimeo) are getting
>> through
>> > somehow. I tried change the default DNS under
>/tmp/resolv.conf.auto
>> > however once the router reboots it restarts the default back to
>> 8.8.8.8
>> > Any help on this would be great. Students get back to school
>today and
>> > having 30 or so on youtube means our network will revert back
>to 56k
>> > speeds of the 90's. Or if anyone knows how to block https
>youtube
>> > using firewall rules without blocking other Google services
>that would
>> > work as well.
>> >
>> >
>> > On Thu, Oct 17, 2013 at 8:18 PM, Ben West <ben at gowasabi.net
>> <mailto:ben at gowasabi.net>
>> > <mailto:ben at gowasabi.net <mailto:ben at gowasabi.net>>> wrote:
>> >
>> > This is actually an open issue for Commotion-OpenWRT.
>> >
>https://github.com/opentechinstitute/commotion-openwrt/issues/52
>> >
>> >
>> > On Thu, Oct 17, 2013 at 12:10 PM, Daniel Hastings
>> > <dhastings at abaarsotech.org
><mailto:dhastings at abaarsotech.org>
>> <mailto:dhastings at abaarsotech.org
>> <mailto:dhastings at abaarsotech.org>>> wrote:
>> >
>> > I'm still having strange issues with the DNS servers I
>would
>> > like my requests to be forwarded to on my student
>network.
>> Under
>> > DHCP AND DNS I have the DNS Forwardings set to two Open
>DNS
>> > servers so I can block specific content on the student
>> network.
>> > I enabled the log and found these entries. For some
>reason the
>> > default DNS forwarder that is being used is Google's
>> 8.8.8.8 No
>> > where on any network in the school am I using this
>server. Is
>> > there anyway I can get the routers to forward requests
>to my
>> > open dns servers? Is there a dnsmasq config file I can
>edit?
>> >
>> > Log Files: (the second server 208.67.220.220 is the
>server I
>> > would like to be the default)
>> >
>> > Oct 17 16:46:09 Computer-Lab3681343115 daemon.info
>> <http://daemon.info>
>> > <http://daemon.info> dnsmasq[3412]: using nameserver
>> 8.8.8.8#53
>> > Oct 17 16:46:09 Computer-Lab3681343115 daemon.info
>> <http://daemon.info>
>> > <http://daemon.info> dnsmasq[3412]: using nameserver
>> > 208.67.220.220#53
>> > Oct 17 16:46:09 Computer-Lab3681343115 daemon.info
>> <http://daemon.info>
>> > <http://daemon.info> dnsmasq[3412]: using local
>addresses only
>> > for domain mesh.local
>> > Oct 17 16:46:09 Computer-Lab3681343115 daemon.info
>> <http://daemon.info>
>> > <http://daemon.info> dnsmasq[3412]: read /etc/hosts - 2
>> addresses
>> >
>> > --
>> > *Dan Hastings*
>> > /Abaarso School Computer Science Department/
>> > dhastings at abaarsotech.org
>> <mailto:dhastings at abaarsotech.org>
><mailto:dhastings at abaarsotech.org
>> <mailto:dhastings at abaarsotech.org>>
>> >
>> > _______________________________________________
>> > Commotion-discuss mailing list
>> > Commotion-discuss at lists.chambana.net
>> <mailto:Commotion-discuss at lists.chambana.net>
>> > <mailto:Commotion-discuss at lists.chambana.net
>> <mailto:Commotion-discuss at lists.chambana.net>>
>> >
>https://lists.chambana.net/mailman/listinfo/commotion-discuss
>> >
>> >
>> >
>> >
>> > --
>> > Ben West
>> > http://gowasabi.net
>> > ben at gowasabi.net <mailto:ben at gowasabi.net>
>> <mailto:ben at gowasabi.net <mailto:ben at gowasabi.net>>
>> > 314-246-9434 <tel:314-246-9434> <tel:314-246-9434
>> <tel:314-246-9434>>
>> >
>> >
>> >
>> >
>> > --
>> > *Dan Hastings*
>> > /Abaarso School Computer Science Department/
>> > dhastings at abaarsotech.org <mailto:dhastings at abaarsotech.org>
>> <mailto:dhastings at abaarsotech.org
><mailto:dhastings at abaarsotech.org>>
>> >
>> >
>> > _______________________________________________
>> > Commotion-discuss mailing list
>> > Commotion-discuss at lists.chambana.net
>> <mailto:Commotion-discuss at lists.chambana.net>
>> > https://lists.chambana.net/mailman/listinfo/commotion-discuss
>> >
>>
>> --
>> Dan Staples
>>
>> Open Technology Institute
>> https://commotionwireless.net
>> OpenPGP key: http://disman.tl/pgp.asc
>> Fingerprint: 2480 095D 4B16 436F 35AB 7305 F670 74ED BD86 43A9
>>
>>
>> ------------------------------
>>
>> Message: 3
>> Date: Mon, 21 Oct 2013 10:03:07 -0400
>> From: Dan Staples <danstaples at opentechinstitute.org
>> <mailto:danstaples at opentechinstitute.org>>
>> To: Daniel Hastings <dhastings at abaarsotech.org
>> <mailto:dhastings at abaarsotech.org>>, commotion-discuss
>> <commotion-discuss at lists.chambana.net
>> <mailto:commotion-discuss at lists.chambana.net>>, Seamus Tuohy
>> <s2e at opentechinstitute.org
><mailto:s2e at opentechinstitute.org>>
>> Subject: Re: [Commotion-discuss] Commotion-discuss Digest, Vol
>13,
>> Issue 8
>> Message-ID: <5265341B.1040901 at opentechinstitute.org
>> <mailto:5265341B.1040901 at opentechinstitute.org>>
>> Content-Type: text/plain; charset=ISO-8859-1
>>
>> I am hoping Seamus can chime in with the LuCI error regarding QS
>values.
>>
>> Commotion comes with a few default profiles (defaultMesh,
>defaultAP,
>> etc). But once you go through the QuickStart, the node creates
>and
>> starts using another set of profiles: quickstartPlug,
>quickstartMesh,
>> quickstartAP, quickstartSec (or something similar). So those are
>the
>> profiles you will want to change.
>>
>> When I get into the office today I'll take a look at the web
>interface
>> for changing the profiles. Are you using DR1 or DR2?
>>
>> Dan
>>
>> On 10/18/2013 06:32 AM, Daniel Hastings wrote:
>> > Changed the nameservers on the default plug and access point
>interface
>> > but still was resolving with 8.8.8.8
>> >
>> > Oct 18 10:14:32 Computer-Lab3681343115 daemon.info
>> <http://daemon.info> <http://daemon.info>
>> > dnsmasq[3142]: forwarded kat.ph <http://kat.ph> <http://kat.ph>
>to
>> 8.8.8.8
>> >
>> > I also changed the default dns to 208.67.222.222 on the mesh
>and
>> on the
>> > sec.
>> >
>> > I'm still confused how to edit a profile under commotion > mesh
>> profile
>> > - I selected interface > ap (using quickstartAp)
>> >
>> > profile > defaultAP and got the following error message
>> >
>> > /usr/lib/lua/luci/dispatcher.lua:448: Failed to execute call
>> dispatcher target for entry
>'/admin/commotion/meshprofile_submit'.
>> > The called action terminated with an exception:
>> > ...sr/lib/lua/luci/controller/commotion/meshprofile.lua:308:
>> attempt to index field 'QS' (a nil value)
>> > stack traceback:
>> > [C]: in function 'assert'
>> > /usr/lib/lua/luci/dispatcher.lua:448: in function
>'dispatch'
>> > /usr/lib/lua/luci/dispatcher.lua:195: in function
>> </usr/lib/lua/luci/dispatcher.lua:194>
>> >
>> >
>> >
>> >
>> >
>> > On Fri, Oct 18, 2013 at 9:46 AM,
>> > <commotion-discuss-request at lists.chambana.net
>> <mailto:commotion-discuss-request at lists.chambana.net>
>> > <mailto:commotion-discuss-request at lists.chambana.net
>> <mailto:commotion-discuss-request at lists.chambana.net>>> wrote:
>> >
>> > Send Commotion-discuss mailing list submissions to
>> > commotion-discuss at lists.chambana.net
>> <mailto:commotion-discuss at lists.chambana.net>
>> > <mailto:commotion-discuss at lists.chambana.net
>> <mailto:commotion-discuss at lists.chambana.net>>
>> >
>> > To subscribe or unsubscribe via the World Wide Web, visit
>> >
>> https://lists.chambana.net/mailman/listinfo/commotion-discuss
>> > or, via email, send a message with subject or body 'help'
>to
>> > commotion-discuss-request at lists.chambana.net
>> <mailto:commotion-discuss-request at lists.chambana.net>
>> > <mailto:commotion-discuss-request at lists.chambana.net
>> <mailto:commotion-discuss-request at lists.chambana.net>>
>> >
>> > You can reach the person managing the list at
>> > commotion-discuss-owner at lists.chambana.net
>> <mailto:commotion-discuss-owner at lists.chambana.net>
>> > <mailto:commotion-discuss-owner at lists.chambana.net
>> <mailto:commotion-discuss-owner at lists.chambana.net>>
>> >
>> > When replying, please edit your Subject line so it is more
>> specific
>> > than "Re: Contents of Commotion-discuss digest..."
>> >
>> >
>> > Today's Topics:
>> >
>> > 1. Web Browser Certificate Error after Factory
>Reset (Dan
>> > Hastings)
>> > 2. DNS Issues (Daniel Hastings)
>> > 3. Re: DNS Issues (Ben West)
>> > 4. Re: DNS Issues (Andrew Reynolds)
>> > 5. Re: DNS Issues (Daniel Hastings)
>> >
>> >
>> >
>>
>----------------------------------------------------------------------
>> >
>> > Message: 1
>> > Date: Thu, 17 Oct 2013 15:43:14 +0300
>> > From: Dan Hastings <dhastings at abaarsotech.org
>> <mailto:dhastings at abaarsotech.org>
>> > <mailto:dhastings at abaarsotech.org
>> <mailto:dhastings at abaarsotech.org>>>
>> > To: commotion-discuss at lists.chambana.net
>> <mailto:commotion-discuss at lists.chambana.net>
>> > <mailto:commotion-discuss at lists.chambana.net
>> <mailto:commotion-discuss at lists.chambana.net>>
>> > Subject: [Commotion-discuss] Web Browser Certificate Error
>after
>> > Factory Reset
>> > Message-ID: <525FDB62.2000707 at abaarsotech.org
>> <mailto:525FDB62.2000707 at abaarsotech.org>
>> > <mailto:525FDB62.2000707 at abaarsotech.org
>> <mailto:525FDB62.2000707 at abaarsotech.org>>>
>> > Content-Type: text/plain; charset=ISO-8859-1
>> >
>> > In DR2 I've had to do a couple of factory default resets.
>I've
>> found
>> > that I get the following error in Firefox after factory
>> resting the
>> > router:
>> >
>> > Secure Connection Failed
>> >
>> > An error occurred during a connection to 192.168.1.20. You
>> have received
>> > an invalid certificate. Please contact the server
>> administrator or email
>> > correspondent and give them the following information: Your
>> certificate
>> > contains the same serial number as another certificate
>issued
>> by the
>> > certificate authority. Please get a new certificate
>containing
>> a unique
>> > serial number. (Error code:
>sec_error_reused_issuer_and_serial)
>> >
>> > The page you are trying to view cannot be shown because
>the
>> > authenticity of the received data could not be verified.
>> > Please contact the website owners to inform them of
>this
>> problem.
>> > Alternatively, use the command found in the help menu to
>> report this
>> > broken site.
>> >
>> > I've tried removing the certificates from my Firefox under
>> > preferences>advanced>certificates but still cannot log back
>> into the
>> > router. Do I have to do something in Firefox or in the
>router?
>> >
>> > Thanks
>> >
>> > Dan
>> >
>> >
>> >
>> >
>> > ------------------------------
>> >
>> > Message: 2
>> > Date: Thu, 17 Oct 2013 20:10:50 +0300
>> > From: Daniel Hastings <dhastings at abaarsotech.org
>> <mailto:dhastings at abaarsotech.org>
>> > <mailto:dhastings at abaarsotech.org
>> <mailto:dhastings at abaarsotech.org>>>
>> > To: commotion-discuss at lists.chambana.net
>> <mailto:commotion-discuss at lists.chambana.net>
>> > <mailto:commotion-discuss at lists.chambana.net
>> <mailto:commotion-discuss at lists.chambana.net>>
>> > Subject: [Commotion-discuss] DNS Issues
>> > Message-ID:
>> >
>> >
>>
><CAKxU6K1KCkrfeWNRFEA_YWO+T-zEuQgJ86GYm1tS5ib518OMTA at mail.gmail.com
>>
><mailto:CAKxU6K1KCkrfeWNRFEA_YWO%2BT-zEuQgJ86GYm1tS5ib518OMTA at mail.gmail.com>
>> >
>>
><mailto:CAKxU6K1KCkrfeWNRFEA_YWO%2BT-zEuQgJ86GYm1tS5ib518OMTA at mail.gmail.com
>>
><mailto:CAKxU6K1KCkrfeWNRFEA_YWO%252BT-zEuQgJ86GYm1tS5ib518OMTA at mail.gmail.com>>>
>> > Content-Type: text/plain; charset="iso-8859-1"
>> >
>> > I'm still having strange issues with the DNS servers I
>would
>> like my
>> > requests to be forwarded to on my student network. Under
>DHCP
>> AND DNS I
>> > have the DNS Forwardings set to two Open DNS servers so I
>can
>> block
>> > specific content on the student network. I enabled the log
>and
>> > found these
>> > entries. For some reason the default DNS forwarder that is
>> being used is
>> > Google's 8.8.8.8 No where on any network in the school am
>I
>> using this
>> > server. Is there anyway I can get the routers to forward
>> requests to my
>> > open dns servers? Is there a dnsmasq config file I can
>edit?
>> >
>> > Log Files: (the second server 208.67.220.220 is the server
>I would
>> > like to
>> > be the default)
>> >
>> > Oct 17 16:46:09 Computer-Lab3681343115 daemon.info
>> <http://daemon.info>
>> > <http://daemon.info> dnsmasq[3412]: using
>> > nameserver 8.8.8.8#53
>> > Oct 17 16:46:09 Computer-Lab3681343115 daemon.info
>> <http://daemon.info>
>> > <http://daemon.info> dnsmasq[3412]: using
>> > nameserver 208.67.220.220#53
>> > Oct 17 16:46:09 Computer-Lab3681343115 daemon.info
>> <http://daemon.info>
>> > <http://daemon.info> dnsmasq[3412]: using
>> > local addresses only for domain mesh.local
>> > Oct 17 16:46:09 Computer-Lab3681343115 daemon.info
>> <http://daemon.info>
>> > <http://daemon.info> dnsmasq[3412]: read
>> > /etc/hosts - 2 addresses
>> >
>> > --
>> > *Dan Hastings*
>> > *Abaarso School Computer Science Department*
>> > dhastings at abaarsotech.org
><mailto:dhastings at abaarsotech.org>
>> <mailto:dhastings at abaarsotech.org
><mailto:dhastings at abaarsotech.org>>
>> > -------------- next part --------------
>> > An HTML attachment was scrubbed...
>> > URL:
>> >
>>
><http://lists.chambana.net/pipermail/commotion-discuss/attachments/20131017/4276588f/attachment-0001.html>
>> >
>> > ------------------------------
>> >
>> > Message: 3
>> > Date: Thu, 17 Oct 2013 12:18:07 -0500
>> > From: Ben West <ben at gowasabi.net <mailto:ben at gowasabi.net>
>> <mailto:ben at gowasabi.net <mailto:ben at gowasabi.net>>>
>> > To: Daniel Hastings <dhastings at abaarsotech.org
>> <mailto:dhastings at abaarsotech.org>
>> > <mailto:dhastings at abaarsotech.org
>> <mailto:dhastings at abaarsotech.org>>>
>> > Cc: commotion-discuss <commotion-discuss at lists.chambana.net
>> <mailto:commotion-discuss at lists.chambana.net>
>> > <mailto:commotion-discuss at lists.chambana.net
>> <mailto:commotion-discuss at lists.chambana.net>>>
>> > Subject: Re: [Commotion-discuss] DNS Issues
>> > Message-ID:
>> >
>> >
>>
><CADSh-SNXLudC3Y19v4A4w7VXYSgbLDt4Qprrt_sOeh=L_pbb6A at mail.gmail.com
>> <mailto:L_pbb6A at mail.gmail.com>
>> > <mailto:L_pbb6A at mail.gmail.com
><mailto:L_pbb6A at mail.gmail.com>>>
>> > Content-Type: text/plain; charset="iso-8859-1"
>> >
>> > This is actually an open issue for Commotion-OpenWRT.
>> >
>https://github.com/opentechinstitute/commotion-openwrt/issues/52
>> >
>> >
>> > On Thu, Oct 17, 2013 at 12:10 PM, Daniel Hastings
>> > <dhastings at abaarsotech.org
><mailto:dhastings at abaarsotech.org>
>> <mailto:dhastings at abaarsotech.org
><mailto:dhastings at abaarsotech.org>>
>> > > wrote:
>> >
>> > > I'm still having strange issues with the DNS servers I
>would
>> like my
>> > > requests to be forwarded to on my student network. Under
>> DHCP AND
>> > DNS I
>> > > have the DNS Forwardings set to two Open DNS servers so I
>> can block
>> > > specific content on the student network. I enabled the
>log and
>> > found these
>> > > entries. For some reason the default DNS forwarder that
>is being
>> > used is
>> > > Google's 8.8.8.8 No where on any network in the school
>am I
>> using
>> > this
>> > > server. Is there anyway I can get the routers to forward
>> requests
>> > to my
>> > > open dns servers? Is there a dnsmasq config file I can
>edit?
>> > >
>> > > Log Files: (the second server 208.67.220.220 is the
>server I
>> would
>> > like to
>> > > be the default)
>> > >
>> > > Oct 17 16:46:09 Computer-Lab3681343115 daemon.info
>> <http://daemon.info>
>> > <http://daemon.info> dnsmasq[3412]: using
>> > > nameserver 8.8.8.8#53
>> > > Oct 17 16:46:09 Computer-Lab3681343115 daemon.info
>> <http://daemon.info>
>> > <http://daemon.info> dnsmasq[3412]: using
>> > > nameserver 208.67.220.220#53
>> > > Oct 17 16:46:09 Computer-Lab3681343115 daemon.info
>> <http://daemon.info>
>> > <http://daemon.info> dnsmasq[3412]: using
>> > > local addresses only for domain mesh.local
>> > > Oct 17 16:46:09 Computer-Lab3681343115 daemon.info
>> <http://daemon.info>
>> > <http://daemon.info> dnsmasq[3412]: read
>> > > /etc/hosts - 2 addresses
>> > >
>> > > --
>> > > *Dan Hastings*
>> > > *Abaarso School Computer Science Department*
>> > > dhastings at abaarsotech.org
><mailto:dhastings at abaarsotech.org>
>> <mailto:dhastings at abaarsotech.org
><mailto:dhastings at abaarsotech.org>>
>> > >
>> > > _______________________________________________
>> > > Commotion-discuss mailing list
>> > > Commotion-discuss at lists.chambana.net
>> <mailto:Commotion-discuss at lists.chambana.net>
>> > <mailto:Commotion-discuss at lists.chambana.net
>> <mailto:Commotion-discuss at lists.chambana.net>>
>> > >
>https://lists.chambana.net/mailman/listinfo/commotion-discuss
>> > >
>> > >
>> >
>> >
>> > --
>> > Ben West
>> > http://gowasabi.net
>> > ben at gowasabi.net <mailto:ben at gowasabi.net>
>> <mailto:ben at gowasabi.net <mailto:ben at gowasabi.net>>
>> > 314-246-9434 <tel:314-246-9434> <tel:314-246-9434
>> <tel:314-246-9434>>
>> > -------------- next part --------------
>> > An HTML attachment was scrubbed...
>> > URL:
>> >
>>
><http://lists.chambana.net/pipermail/commotion-discuss/attachments/20131017/27c083c5/attachment-0001.html>
>> >
>> > ------------------------------
>> >
>> > Message: 4
>> > Date: Thu, 17 Oct 2013 16:09:02 -0400
>> > From: Andrew Reynolds <andrew at opentechinstitute.org
>> <mailto:andrew at opentechinstitute.org>
>> > <mailto:andrew at opentechinstitute.org
>> <mailto:andrew at opentechinstitute.org>>>
>> > To: commotion-discuss at lists.chambana.net
>> <mailto:commotion-discuss at lists.chambana.net>
>> > <mailto:commotion-discuss at lists.chambana.net
>> <mailto:commotion-discuss at lists.chambana.net>>
>> > Subject: Re: [Commotion-discuss] DNS Issues
>> > Message-ID: <526043DE.10800 at opentechinstitute.org
>> <mailto:526043DE.10800 at opentechinstitute.org>
>> > <mailto:526043DE.10800 at opentechinstitute.org
>> <mailto:526043DE.10800 at opentechinstitute.org>>>
>> > Content-Type: text/plain; charset="iso-8859-1"
>> >
>> > Nameservers are associated with commotiond interface
>profiles.
>> Each
>> > profile has a dns= line. Just change that to your preferred
>> nameserver.
>> >
>> > Profiles are stored in /etc/commotion/profiles.d and are
>> accessed using
>> > the commotion > mesh profile menu. You can either edit your
>> existing
>> > profiles (one per interface) or create new ones, then apply
>> them using
>> > the profile tool.
>> >
>> > -andrew
>> >
>> > On 10/17/2013 01:10 PM, Daniel Hastings wrote:
>> > > I'm still having strange issues with the DNS servers I
>would
>> like my
>> > > requests to be forwarded to on my student network. Under
>> DHCP AND
>> > DNS I
>> > > have the DNS Forwardings set to two Open DNS servers so I
>> can block
>> > > specific content on the student network. I enabled the
>log and
>> > found these
>> > > entries. For some reason the default DNS forwarder that
>is being
>> > used is
>> > > Google's 8.8.8.8 No where on any network in the school
>am I
>> using
>> > this
>> > > server. Is there anyway I can get the routers to forward
>> requests
>> > to my
>> > > open dns servers? Is there a dnsmasq config file I can
>edit?
>> > >
>> > > Log Files: (the second server 208.67.220.220 is the
>server I
>> would
>> > like to
>> > > be the default)
>> > >
>> > > Oct 17 16:46:09 Computer-Lab3681343115 daemon.info
>> <http://daemon.info>
>> > <http://daemon.info> dnsmasq[3412]: using
>> > > nameserver 8.8.8.8#53
>> > > Oct 17 16:46:09 Computer-Lab3681343115 daemon.info
>> <http://daemon.info>
>> > <http://daemon.info> dnsmasq[3412]: using
>> > > nameserver 208.67.220.220#53
>> > > Oct 17 16:46:09 Computer-Lab3681343115 daemon.info
>> <http://daemon.info>
>> > <http://daemon.info> dnsmasq[3412]: using
>> > > local addresses only for domain mesh.local
>> > > Oct 17 16:46:09 Computer-Lab3681343115 daemon.info
>> <http://daemon.info>
>> > <http://daemon.info> dnsmasq[3412]: read
>> > > /etc/hosts - 2 addresses
>> > >
>> > >
>> > >
>> > > _______________________________________________
>> > > Commotion-discuss mailing list
>> > > Commotion-discuss at lists.chambana.net
>> <mailto:Commotion-discuss at lists.chambana.net>
>> > <mailto:Commotion-discuss at lists.chambana.net
>> <mailto:Commotion-discuss at lists.chambana.net>>
>> > >
>https://lists.chambana.net/mailman/listinfo/commotion-discuss
>> > >
>> >
>> >
>> > -------------- next part --------------
>> > A non-text attachment was scrubbed...
>> > Name: signature.asc
>> > Type: application/pgp-signature
>> > Size: 901 bytes
>> > Desc: OpenPGP digital signature
>> > URL:
>> >
>>
><http://lists.chambana.net/pipermail/commotion-discuss/attachments/20131017/c7475258/attachment-0001.sig>
>> >
>> > ------------------------------
>> >
>> > Message: 5
>> > Date: Fri, 18 Oct 2013 09:35:49 +0300
>> > From: Daniel Hastings <dhastings at abaarsotech.org
>> <mailto:dhastings at abaarsotech.org>
>> > <mailto:dhastings at abaarsotech.org
>> <mailto:dhastings at abaarsotech.org>>>
>> > To: Ben West <ben at gowasabi.net <mailto:ben at gowasabi.net>
>> <mailto:ben at gowasabi.net <mailto:ben at gowasabi.net>>>
>> > Cc: commotion-discuss <commotion-discuss at lists.chambana.net
>> <mailto:commotion-discuss at lists.chambana.net>
>> > <mailto:commotion-discuss at lists.chambana.net
>> <mailto:commotion-discuss at lists.chambana.net>>>
>> > Subject: Re: [Commotion-discuss] DNS Issues
>> > Message-ID:
>> >
>> >
>>
><CAKxU6K07kNssVHqxr5RJqtwrA6aZNsmSVfLD6AvyTs0AehDVpQ at mail.gmail.com
>>
><mailto:CAKxU6K07kNssVHqxr5RJqtwrA6aZNsmSVfLD6AvyTs0AehDVpQ at mail.gmail.com>
>> >
>>
><mailto:CAKxU6K07kNssVHqxr5RJqtwrA6aZNsmSVfLD6AvyTs0AehDVpQ at mail.gmail.com
>>
><mailto:CAKxU6K07kNssVHqxr5RJqtwrA6aZNsmSVfLD6AvyTs0AehDVpQ at mail.gmail.com>>>
>> > Content-Type: text/plain; charset="iso-8859-1"
>> >
>> > I've actually found that some of open dns requests are
>being
>> > received and
>> > others are not. The sites that of course I do not want to
>get
>> forwarded
>> > through Google's servers (youtube, vimeo) are getting
>through
>> > somehow. I
>> > tried change the default DNS under /tmp/resolv.conf.auto
>however
>> > once the
--
Sent from my Android phone with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.chambana.net/pipermail/commotion-discuss/attachments/20131030/6baf5299/attachment-0001.html>
More information about the Commotion-discuss
mailing list