Hello,
I am running ubuntu18.04 and I have a server from Ovh.
As I saw many named address not available resolving ns10.domaincontrol.com messages in /var/log/syslog, I checked /etc/resolv.conf and found a dynamic ip address assigned to OVH in it.
So, my question: What would happen if an ip address belonging to someone else is entered into it? Might that cause a security issue or just create a connectivity issue when requests sent via dns address?
Thank you
Boris
It's not an issue at all.
Hello,
One thing I'd add to this is that there are a couple of possible scenarios in which using an external DNS server may not work. For example, if there is a firewall between yourself and the DNS server which is configured to block your access; or if the DNS server itself is explicitly configured only to answer queries from certain servers or networks, and your IP is not in that allowed range.
Before putting an IP in your resolv.conf file, it'd be a good idea to test any new name server manually. You can do this by typing either host <name to resolve> <server to query> or nslookup <name to resolve> <server to query>.
For example, if you wanted to test the ability of your server to use Google's 8.8.8.8 nameserver, you would pick a host to resolve (let's go with www.unix.com as an example here), and type:
host www.unix.com 8.8.8.8
or:
nslookup www.unix.com 8.8.8.8
If you get an answer back with an IP address, then you can safely use 8.8.8.8 in your resolv.conf. If you don't, it's then a case of figuring out where the problem might be - the error you get back may make that immediately clear, or it may not.
Hope this helps ! If you have any further questions please let us know.
Thank you for your detailed explanation Drysdalk,
Previously when I rent a dedie from the same company, there was 8.8.8.8 inside resolv.conf.
So, traffic can not be monitored this way in case a strange ip address is entered .
Kind regards
Boris
The above was the question.
The reply below is interesting but it is not actually directly related to the original question, to be honest:
The question was about adding entries in resolve.conf if the name server was "belonging to someone else".... was a security risk, but maybe I am misunderstanding this "generic" question?
There is no general scenario where adding a name server of belonging to someone else in resolver will cause a problem unless the name server is misconfigured or a malicious name server, etc.
Of course, if the nameserver has a bunch of fake entries; and is configured in a way which knows the domains you will resolve and will then hijack those domains to point to another IP address, of course this is a kind of hack which is possible but I ask you, who enters nameserver into into their resolver of untrusted sources?
Here are some real work examples. On my mac:
# macOS Notice
#
# This file is not consulted for DNS hostname resolution, address
# resolution, or the DNS query routing mechanism used by most
# processes on this system.
#
# To view the DNS configuration used by this system, use:
# scutil --dns
#
# SEE ALSO
# dns-sd(1), scutil(8)
#
# This file is automatically generated.
#
nameserver 192.168.2.1
The above is the IP address of the router provided by an ISP. This technically "belongs" to someone else, but we are OK (trustworthy) because that nameserver further resolves to the ISP . So, we "trust" that our ISP is running name services correctly. If we do not trust them, we can resolve to another name server, including running our own.
Here is another example, a linux server:
nameserver 69.64.XX.20
nameserver 69.64.XX.50
options rotate
options timeout:3
search zzzz.com
This server resolves to the hosting provider's name servers. This is another example of using "someone else's" name server. We "trust" this ISP to run name services, etc.
Of course, if someone compromised the ISP and poisoned the name space and redirected the FQDN to another server, and make the site look and feel like the "real address" and faked the domain to be very close to the intended domain, it would be possible to compromise a user, etc.
But in practice, this rarely happens; and the original question was not about "hacking" or some kind of "attack" on the DNS or on resolver, but was more about "using someone else's name server" and we all use "someone else's name server" in resolver as a matter of practice (from time-to-time, or daily).
What is the "issue" you are talking about? Name servers all run the same basic protocol and follow the same rules, TTL, etc; so you need to be very specific about the issue and avoid very generic statements, in my view as long running cybersecurity "person".
An IP address in resolver is supposed to point to a name server. You should point to trusted name servers; but that is normally not an issue, as in the two examples above. You should not be "hunting" for name servers, as either your ISP will provide this service or you can run your own or use another 3rd party name server.
HTH
If you have a very specific security or configuration scenarios, please post it; because if we abstract "issue" out to 10,000 feet, the snow and the snowmen all look the same 
and we are doing what is called "hand waving", talking about a level of abstraction which is not specific enough to have any "real" meaning.
Please note, I do not use Google's nameservers..... as I think we are already providing too much private information to Google; and since Google has a solid model for surveillance capitalism (creating and selling behavior models based on the info they collect from network activity), there is no "good reasons" to be sending all our domain queries to Google!!
Hello Neo,
I personally did not change resolv.conf since the first installation last week.
Right after I detected some anomalities in syslog reports, I found out that it had been altered or original format was like that, no idea.
url
I have just seen right now that ip address belongs to cdns.ovh.net
Normally I find 8.8.8.8 or 1.1.1.1 in that file but I do not know why Ovh keep a different ip address in their installation template.
Thank you
Boris
Most hosting providers conf their customer hosts with name servers for their customers.
This is "how hosting works" generally speaking. They provide that service for you. You are paying for it as an OVH customer.
Hello,
It is possible, depending on what your server actually is and how OVH manage it, that they are applying certain network settings (including nameserver settings) to it on a regular basis, and particularly on reboots. You mention this is a dedicated server. If it is a VPS or container, and especially if it's using OpenVZ (which I know OVH use for at least some of their server hosting products), then this would certainly explain it.
As part of a container's configuration on these and some other similar systems, nameserver settings are included. So whenever they either automatically re-apply the "correct" configuration to your server, or when it re-applies it to itself (which it will do when rebooted), whatever nameserver and network settings are in the container's configuration file will result in your own resolv.conf being overwritten.
If that's what seems to be happening, then you should be able to contact OVH support and let them know what name servers you'd like your container to use instead, and they'll be able to update its configuration for you. Or alternatively you could always stick a cron script or an rc.local entry or something similar to just re-write resolv.conf yourself, of course, without involving OVH at all.
But if you're finding that your resolv.conf is periodically being changed on an OVH server without you doing it yourself, this is one possible reason why. Of course if this is genuinely a stand-alone physical dedicated server, and your resolv.conf is changing without you being the one who is doing it, then you quite possibly have bigger problems that need investigating.
Hope this helps !
I don't think this is the issue @baris35 is describing.
Running either virtual or dedicated, OVH will provide their own nameservers in resolver. This is how all hosting works, it's a basic service by most hosting providers.
The issue here, as I have pointed out, is that @baris35 is asking abstract questions without providing any details.
We do not even know if this host is dedicated or virtual. These details matter.
If I was posting such a question to a forum I would start out.... something like this:
I have a Ubuntu VPS server from OVH and the IP address is allocated by OVH and resolver is pointing to an OVH nameserver......
However, if you start the question describing the actual system and setup, there is really no question to ask a question The answer is in the question.
Either way, dedicated or virtual, the customer of a hosting account can change their nameservers in resolver if they want; but few people actually do; especially someone like @baris35 who is just starting out on this journey and has no "real reason" not to use OVH's nameserver.
So I ask @baris35
Do you have any tangible reason why you would not use OVH's nameservers, since you are hosting on their network and using their nameservers will be faster to resolve because it will more-than-likely be in the same same datacenter where your host is located ? It's not a good idea to use a nameserver "across the net" to resolve names, unless you like slower response times to non-cached DNS entries on your host, or you have a privacy concern and use some "super private" name service.
This is absolutely the point!!
Thank You All,
You are right. I would have been described server type in my first message. I am sorry for the confusion I caused.....
it's dedicated server. No openvz. When I rent another dedicated server from the same location resolv.conf was containing only 8.8.8.8. I do not know why it differs from server to server.
Why I needed to change nameserver address assigned by OVH:
The problem started with thousands of "named address not available resolving ns10.domaincontrol.com" messages in /var/log/syslog. Dedicated server was unable to find the ip number of each dns addresses where the request would be submitted. Then I thought nameserver settings were corrupted. That was the story.
I will keep in touch with OVH to get the exact information.
Thank you
Boris
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.