Public DNS Servers
What's in for you:
Every ISP provides a couple or more DNS resolvers.
Some companies provide DNS resolvers that are accessible by the whole Internet and some of these companies enhance this service to something more than just DNS resolving.
Some of the Public DNS servers will warn you about malicious or phising sites. Some could direct you away from pornography or "non-Family Friendly" sites.
The Public DNS servers on this list may be faster or slower than the ones provided by your ISP depending on your location and Internet connectivity.
What's in for the DNS Providers:
The DNS providers may produce statistics about Internet usage, figure out
domain popularity, discover domain names in use, or analyze malware infections. The DNS providers could also gain traffic by redirecting nonexistent , "mailicious" , "phising" , "pornography" , "non-Family Friendly", and invalid DNS queries.
Hmmm!:
Your DNS provider sees what domains you visit. If a DNS provider is shady
or compromised your traffic could be directed to "bad" sites that pretend to be your web mail provider or your bank and steal your passwords or ... --the Sky is the limit on what a bad dude can do when he gets control of your DNS. So pick your DNS provider carefully and perhaps choose more than one to spread the DNS queries and retain a tiny bit more of your privacy.
Fast, secure , and reliable caching DNS resolvers are subjective to your perception, your location and your Internet Connectivity. To find out the best public caching DNS resolvers for you test, test again , and then test some more.
Provider: OpenNic Project: www ,
whois opennicproject.org
85.126.4.170
202.83.95.227
111.67.16.202
115.64.101.57
67.212.90.199
67.212.90.199
216.167.252.196
63.243.164.219
72.10.162.198
128.173.89.246
2a01:4f8:110:6221::50
2a00:e10:1000:10:1586:0:33:53
2001:4dd0:fb32:3::d
and at least a few dosen more
Provider: Google www , whois Google.com
8.8.8.8
8.8.4.4
2001:4860:4860::8888
2001:4860:4860::8844
Provider: Neustar, Inc. www
whois neustar.biz , whois ultradns.com ,
whois dnsadvantage.com
156.154.70.1
156.154.71.1
Provider: OpenDNS www , whois opendns.com
208.67.222.222
208.67.220.220
Provider: Norton www ,
whois norton.com
Security ( it warns about malware & phising sites )
198.153.192.40
198.153.194.40
Security + Pornography
198.153.192.50
198.153.194.50
Security + Pornography + Non-Family Friendly
198.153.192.60
198.153.194.60
Provider: Verison , whois gtei.net , whois verison.com
4.2.2.1
4.2.2.2
4.2.2.3
4.2.2.4
4.2.2.5
4.2.2.6
Provider: Level3 www ,
whois level3.net
209.244.0.3
209.244.0.4
Provider: Comodo www ,
whois comodo.com
8.26.56.26
8.20.247.20
Provider: Speakeasy, Inc.
whois megapath.com ,
whois speakeasy.net
66.93.87.2
64.81.79.2
Provider: Cisco www ,
whois cisco.com
64.102.255.44
128.107.241.185
An updated Public DNS Servers list
To figure out what DNS resolvers are used by your local or proxy system visit the Anonymity Checker
Public DNS servers
Set up a Tor node on VirtualBox
This is one more shot at making the cheapest Tor relay node so people can make them easy and put them all over the place and solve all censorship and privacy issues once and for all.
I define cheap in terms of hardware, software, Computer resourses , Bandwith , `Legal` Complaints, and physical work ( time that takes to set up and maintain )
The VirtualBox Host is a computer running GNU/Linux.
The Virtual Machine runs Debian 6 Squeeze without a GUI.
Set up a Virtual Machine named "tornode" with the following specifications.
Virtual Machine Specs:
1 CPU
256 - 512 MB RAM
1GB - 2GB HD
2 Network Adapters ( Attached to: NAT , Promiscuous Mode: Deny )
Allow inbound ssh to your virtual machine.
Use this command on the Host System.
Now the VirtualBox NAT engine forwards all traffic bound to TCP port 222 on the Host to the port 22 on the virtual Machine ( tornode guest ).
Set up Port forwarding for Tor.
Use this command on the Host System.
Set a Tor transparent socks server NAT Forwarding rule.
Use this command on the Host System.
If you are using a NAT device to connect the Internet you need to set a rule for Tor on the NAT device.
NAT_device:9002 -> VirtualBoxHost:9002
Do not set a rule for 9050 --except if you want your tsocks proxy accessible from the Internet.
On the Virtuall Machine install Debian 6.
-Install just the system utilities and the ssh server. Do not install a GUI
-optionally install bind
Configure the Network Interface on the Virtual Machine "tornode".
The virtualbox NAT engine has a DHCP server but setting a static IP is better. The first default internal network for the VirtualBox NAT engine is 10.0.2.0/24 with gateway 10.0.2.2. Therefore the /etc/network/interfaces file on the Virtual Machine should look something like this.
Install Tor
Configure Tor
Try to configure at least the following Tor parameters.
Restart Tor
If you do not have a Time server in your Network, then Install NTP on "Tornode".
NTP is the best way to keep your Tor Node's clock current.
check the date
install ntp
see the time servers you are syncing with and then check the date.
If you do not see something like the above, try
Some public Internet Time Servers Pools:
0.pool.ntp.org
1.pool.ntp.org
2.pool.ntp.org
3.pool.ntp.org
0.debian.pool.ntp.org
1.debian.pool.ntp.org
2.debian.pool.ntp.org
3.debian.pool.ntp.org
europe.pool.ntp.org
uk.pool.ntp.org
If you have a time server on your network, then set your "Tornode" to use it.
de-comment or put on /etc/ntp.conf
Set Up DNS on "tornode".
IF you choose to not install Bind set resolv.conf with your ISP nameservers or some public DNS servers to spread the queries and provide more privacy. According to #define MAXNS on /usr/include/resolv.h we can track at least 3 nameservers so something like the following would be OK at /etc/resolv.conf.
If you choose to install Bind the following configuration files should be sufficient.
Done! To use Tor use the socks server on port 9050 on the Host Machine.
augh ... almost done. Sooner or later you 'll figure out that the virtual machine outbound connections ( HTTP and HTTPS for sure) are extremely slow. The slow outbound connections are caused by the Virtual Box NAT engine. To correct it you will have to
To Increase the VirtualBox NAT Engine TCP/IP buffers to the maximum size (1024KB).
use the following command
To add one more NATed Network Interface to the virtual machine
Set Adapter2 with Attached to: NAT and Promiscuous Mode: Deny , on the Virtual Machine Network Settings.
In the Virtual Machine add the following 2 lines to the /etc/network/interfaces file.
Now you are done!
To set up a browser look under Network or Proxy Settings. The transparent socks or just socks server in your browser 's settings should be accessible by the host machine on port 9050 just fine.
Use the Anonymity Check to test your setup.
References:
TorProject.org: Install Tor on Debian/Ubuntu
TorProject.org: Exit Relay Typical Abuses
TorProject.org: Tor Legal FAQ
VirtualBox.org : Virtual Networking
VirtualBox.org : NAT and limitations
VirtualBox.org : Fine-tuning the VirtualBox NAT
Set up a Tor node on VirtualBox
I define cheap in terms of hardware, software, Computer resourses , Bandwith , `Legal` Complaints, and physical work ( time that takes to set up and maintain )
The VirtualBox Host is a computer running GNU/Linux.
The Virtual Machine runs Debian 6 Squeeze without a GUI.
Set up a Virtual Machine named "tornode" with the following specifications.
Virtual Machine Specs:
1 CPU
256 - 512 MB RAM
1GB - 2GB HD
2 Network Adapters ( Attached to: NAT , Promiscuous Mode: Deny )
Allow inbound ssh to your virtual machine.
Use this command on the Host System.
$ VBoxManage modifyvm "tornode" --natpf1 "tornodessh,tcp,,2222,,22"The above command assumes that the virtual machine name is tornode, that tornode is the first virtual machine using NAT, and that port 2222 is not used by anything on the Host System.
Now the VirtualBox NAT engine forwards all traffic bound to TCP port 222 on the Host to the port 22 on the virtual Machine ( tornode guest ).
Set up Port forwarding for Tor.
Use this command on the Host System.
$ VBoxManage modifyvm "tornode" --natpf1 "tornodetoror,tcp,,9002,,9002"Assumming that the this Tor Node will be using ORPort 9002 instead of the default 9001.
Set a Tor transparent socks server NAT Forwarding rule.
Use this command on the Host System.
$ VBoxManage modifyvm "tornode" --natpf1 "tornodetortsocks,tcp,,9050,,9050"
If you are using a NAT device to connect the Internet you need to set a rule for Tor on the NAT device.
NAT_device:9002 -> VirtualBoxHost:9002
Do not set a rule for 9050 --except if you want your tsocks proxy accessible from the Internet.
On the Virtuall Machine install Debian 6.
-Install just the system utilities and the ssh server. Do not install a GUI
-optionally install bind
Configure the Network Interface on the Virtual Machine "tornode".
The virtualbox NAT engine has a DHCP server but setting a static IP is better. The first default internal network for the VirtualBox NAT engine is 10.0.2.0/24 with gateway 10.0.2.2. Therefore the /etc/network/interfaces file on the Virtual Machine should look something like this.
# cat /etc/network/interfaces # This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). # The loopback network interface auto lo iface lo inet loopback # The primary network interface auto eth0 iface eth0 inet static address 10.0.2.15 network 10.0.2.0 netmask 255.255.255.0 broadcast 10.0.2.255 gateway 10.0.2.2
Install Tor
# apt-get install tor
Configure Tor
Try to configure at least the following Tor parameters.
# cat /etc/tor/torrc | grep g0 SocksPort 9050 #what port to open for local application connections #g0 SocksListenAddress 10.0.2.15 #g0 ##SocksPolicy accept 192.168.0.0/16 #g0 ORListenAddress 10.0.2.15:9002 #g0 Nickname IPduhDotCom #g0 IPduhDotCom is mine, use something else Address mtor.ipduh.com #g0 --Don't worry about this if you don't have access to the DNS of a domain name RelayBandwidthRate 20 KB # Throttle traffic to 160Kb/s #g0 --minimum ContactInfo Tor Relay Admin#g0 ExitPolicy accept *:80 #g0 ExitPolicy accept *:110 #g0 ExitPolicy accept *:143 #g0 ExitPolicy accept *:443 #g0 ExitPolicy accept *:993 #g0 ExitPolicy accept *:8080 #g0 ExitPolicy reject *:* # no exits allowed #g0
Restart Tor
# /etc/init.d/tor restart Stopping tor daemon: ..............................tor. Starting tor daemon: tor... Jun 21 20:56:11.658 [notice] Tor v0.2.2.35 (git-4f42b0a93422f70e). This is experimental software. Do not rely on it for strong anonymity. (Running on Linux i686) Jun 21 20:56:11.667 [notice] Initialized libevent version 1.4.13-stable using method epoll. Good. Jun 21 20:56:11.668 [notice] Opening OR listener on 10.0.2.15:9002 Jun 21 20:56:11.668 [notice] Opening Socks listener on 10.0.2.15:9050 done.
If you do not have a Time server in your Network, then Install NTP on "Tornode".
NTP is the best way to keep your Tor Node's clock current.
check the date
# date
install ntp
#apt-get install ntp
see the time servers you are syncing with and then check the date.
# ntpq -p remote refid st t when poll reach delay offset jitter ============================================================================== aquarius.chorum 192.0.2.44 2 u 19 64 1 7.622 12648.2 1316.29 chronos.duh.gr .PPS. 1 u 18 64 1 13.152 12655.9 1314.66 hora.example.net .GPS. 1 u 17 64 1 0.857 12676.9 1327.20Now check the date again. It should be different.
If you do not see something like the above, try
#dpkg-reconfigure ntp;ntpq -p
Some public Internet Time Servers Pools:
0.pool.ntp.org
1.pool.ntp.org
2.pool.ntp.org
3.pool.ntp.org
0.debian.pool.ntp.org
1.debian.pool.ntp.org
2.debian.pool.ntp.org
3.debian.pool.ntp.org
europe.pool.ntp.org
uk.pool.ntp.org
If you have a time server on your network, then set your "Tornode" to use it.
de-comment or put on /etc/ntp.conf
#tail -2 /etc/ntp.conf disable auth broadcastclientand make sure that your network's time server is broadcasting to your "Tornode" eg:
# grep broadcast /etc/ntp.conf broadcast 192.0.2.31note:Assuming that your Host in the 192.0.2.16/28 block where 192.0.2.31 is the broadcast address.
Set Up DNS on "tornode".
IF you choose to not install Bind set resolv.conf with your ISP nameservers or some public DNS servers to spread the queries and provide more privacy. According to #define MAXNS on /usr/include/resolv.h we can track at least 3 nameservers so something like the following would be OK at /etc/resolv.conf.
# cat /etc/resolv.conf #ISP Namerserver #Google nameserver 8.8.8.8 #Level 3 nameserver 4.2.2.1 #Norton nameserver 198.153.192.40
If you choose to install Bind the following configuration files should be sufficient.
# cat /etc/bind/named.conf.options options { directory "/var/cache/bind"; // If there is a firewall between you and nameservers you want // to talk to, you may need to fix the firewall to allow multiple // ports to talk. See http://www.kb.cert.org/vuls/id/800113 // If your ISP provided one or more IP addresses for stable // nameservers, you probably want to use them as forwarders. // Uncomment the following block, and insert the addresses replacing // the all-0's placeholder. // forwarders { // 0.0.0.0; // }; listen-on { 10.0.2.15; }; auth-nxdomain no; # conform to RFC1035 //listen-on-v6 { any; }; };You could set some public DNS servers as forwarders.
# cat /etc/resolv.conf nameserver 10.0.2.15
Done! To use Tor use the socks server on port 9050 on the Host Machine.
augh ... almost done. Sooner or later you 'll figure out that the virtual machine outbound connections ( HTTP and HTTPS for sure) are extremely slow. The slow outbound connections are caused by the Virtual Box NAT engine. To correct it you will have to
- increase the VirtualBox NAT Engine TCP/IP buffers to the maximum size ( 1024 KB ).
- and add one more NATed Network Interface to the virtual machine to handle outgoing connections
To Increase the VirtualBox NAT Engine TCP/IP buffers to the maximum size (1024KB).
use the following command
$ VBoxmanage modifyvm "tornode" --natsettings1 1500,1024,1024,1024,1024
To add one more NATed Network Interface to the virtual machine
Set Adapter2 with Attached to: NAT and Promiscuous Mode: Deny , on the Virtual Machine Network Settings.
In the Virtual Machine add the following 2 lines to the /etc/network/interfaces file.
$ tail -3 interfaces auto eth1 iface eth1 inet dhcpThe second interface does not need to have a static IP address. No services will be bound to it. The Virtual Box NAT Engine runs a dhcp server that will assign to it 10.0.3.15 in the 10.0.3.0/24 network. The gateway provided by the Virtual Box NAT Engine to 10.0.3.0/24 will be 10.0.3.2 and the default route 0.0.0.0/0 will be put higher on the virtual machine's routing table forcing all outbound connections this way.
# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 10.0.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 10.0.3.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 0.0.0.0 10.0.3.2 0.0.0.0 UG 0 0 0 eth1 0.0.0.0 10.0.2.2 0.0.0.0 UG 0 0 0 eth0
Now you are done!
To set up a browser look under Network or Proxy Settings. The transparent socks or just socks server in your browser 's settings should be accessible by the host machine on port 9050 just fine.
Use the Anonymity Check to test your setup.
References:
TorProject.org: Install Tor on Debian/Ubuntu
TorProject.org: Exit Relay Typical Abuses
TorProject.org: Tor Legal FAQ
VirtualBox.org : Virtual Networking
VirtualBox.org : NAT and limitations
VirtualBox.org : Fine-tuning the VirtualBox NAT
Set up a Tor node on VirtualBox
Ubuntu 12.04 LTS boots only from USB
This is classic but I bet it is going to be hot.
When
After installing Ubuntu 12.04 LTS as the only Operating System using a USB stick.
Issue
The computer boots only when the USB drive ( used to install Ubuntu 12.04 LTS ) is plugged in.
Why
The boot manager Grub is written in the USB stick but not in the Hard Drive.
Solution
Install Grub on the Hard Drive
Assumptions
On this scenario I assume that the Hard Drive ( containing the OS ) is /dev/sda and that the boot order on BIOS contains this HD.
To find out the boot order for sure check the BIOS settings. To enter BIOS follow the instructions on the splash screen --hit one of these keys F2 , F12 , DEL , ESC , F10 while booting.
To figure out the name of the hard drive containing the OS hit Dash Home - Type "Terminal" -Fire up a Terminal and list your Hard Drive(s) Partitions with fdisk.
How
To Install Grub on /dev/sda
Now check
Done!
ubuntu 12.04 LTS boots only from USB
When
After installing Ubuntu 12.04 LTS as the only Operating System using a USB stick.
Issue
The computer boots only when the USB drive ( used to install Ubuntu 12.04 LTS ) is plugged in.
Why
The boot manager Grub is written in the USB stick but not in the Hard Drive.
Solution
Install Grub on the Hard Drive
Assumptions
On this scenario I assume that the Hard Drive ( containing the OS ) is /dev/sda and that the boot order on BIOS contains this HD.
To find out the boot order for sure check the BIOS settings. To enter BIOS follow the instructions on the splash screen --hit one of these keys F2 , F12 , DEL , ESC , F10 while booting.
To figure out the name of the hard drive containing the OS hit Dash Home - Type "Terminal" -Fire up a Terminal and list your Hard Drive(s) Partitions with fdisk.
$ sudo fdisk -l
How
To Install Grub on /dev/sda
$ sudo grub-install /dev/sda $ sudo update-grub
Now check
$ sudo grub-install --recheck /dev/sdaRemove the USB stick and reboot.
$ sudo shutdown -r now
Done!
ubuntu 12.04 LTS boots only from USB
Private Key and Certificate Signing Request CSR
To generate the private key and the Certificate Signing Request ( CSR )
The CSR we need to send for signing to our Certificate Authority is at key_csr.pem
Apache 2 Virtual Host SSL setup
Let's name the public key certificate that our Certificate Authority signed: signed_public.pem
Put the keys in the appropriate /etc/ssl/ directories
Enable mod_ssl
Adjust /etc/apache2/ports.conf
Configure the Virtual Hosts:
or
Alternative MSIE SSL connection handling workaround
( taken from /usr/share/doc/apache2.2-common/README.Debian.gz )
ref:
Apache 2 mod_ssl
Private Key and Certificate Signing Request CSR
$ openssl req \ > -new -newkey rsa:2048 -nodes \ > -keyout private_key.pem -out key_csr.pem Generating a 2048 bit RSA private key ......................................................+++ ......................+++ writing new private key to 'private_key.pem' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:EU State or Province Name (full name) [Some-State]:state_g0 Locality Name (eg, city) []: Organization Name (eg, company) [Internet Widgits Pty Ltd]:IPduh Organizational Unit Name (eg, section) []:Systems Common Name (eg, YOUR name) []:g0 Email Address []:fckna@bot.ipduh.com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []:
The CSR we need to send for signing to our Certificate Authority is at key_csr.pem
Apache 2 Virtual Host SSL setup
Let's name the public key certificate that our Certificate Authority signed: signed_public.pem
Put the keys in the appropriate /etc/ssl/ directories
#cp signed_public.pem /etc/ssl/certs #cp private_key.pem /etc/ssl/private
Enable mod_ssl
# cd /etc/apache2/mods-available/ # a2enmod ssl Enabling module ssl. See /usr/share/doc/apache2.2-common/README.Debian.gz on how to configure SSL and create self-signed certificates. Run '/etc/init.d/apache2 restart' to activate new configuration!
Adjust /etc/apache2/ports.conf
# cat /etc/apache2/ports.conf Listen 192.0.2.44:80 NameVirtualHost 192.0.2.44:80 <IfModule mod_ssl.c> Listen 192.0.2.44:443 </IfModule> <IfModule mod_gnutls.c> Listen 192.0.2.44:443 </IfModule>
Configure the Virtual Hosts:
#head -7 ssl.example.netServerAdmin admin@example.net DocumentRoot /var/www/example.net SSLEngine on SSLOptions +StrictRequire SSLCertificateFile /etc/ssl/certs/signed_public.pem SSLCertificateKeyFile /etc/ssl/private/private_key.pem SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
or
#head -9 ssl.alt.example.netServerAdmin admin@example.net DocumentRoot /var/www/example.net SSLEngine on SSLOptions +StrictRequire SSLProtocol all -SSLv2 SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM SSLCertificateFile /etc/ssl/certs/signed_public.pem SSLCertificateKeyFile /etc/ssl/private/private_key.pem # SSLCertificateChainFile # SSLCACertificateFile SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown CustomLog logs/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
Alternative MSIE SSL connection handling workaround
( taken from /usr/share/doc/apache2.2-common/README.Debian.gz )
SSL workaround for MSIE ----------------------- The SSL workaround for MS Internet Explorer needs to be added to your SSL VirtualHost section (it was previously in ssl.conf but caused keepalive to be disabled even for non-SSL connections): BrowserMatch "MSIE [2-6]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown The default SSL virtual host in /etc/apache2/sites-available/default-ssl already contains this workaround.
ref:
Apache 2 mod_ssl
Private Key and Certificate Signing Request CSR
Subscribe to:
Posts (Atom)