Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

[Testing - Bookworm] Network Manager applet displays other unknown IPs as nameservers... surely not what I set up

- - ALL UNSTABLE / TESTING THREADS SHOULD BE POSTED HERE - -
This sub-forum is the dedicated area for the ongoing Unstable/Testing releases of Debian. Advanced, or Experienced User support only. Use the software, give, and take advice with caution.
Post Reply
Message
Author
User avatar
fakemoth
Posts: 15
Joined: 2022-02-19 16:35

[Testing - Bookworm] Plasma Network Manager applet displays other unknown IPs as nameservers... surely not what I set up

#1 Post by fakemoth »

Hi, because of this viewtopic.php?t=153968 I switched to bookworm from bullseye and except for some glitches things work OKish.

I noticed that my network manager applet in the taskbar is displaying different IPs at Interface > Details > "IPv4 Primary Nameserver". So for example today I got 200.41.74.215, and after reboots 216.113.240.140, 200.180.46.180 etc. What exactly is showing me here, what IPs are those as I have a hard time finding out, why not my DNS server, maybe is a cosmetic issue but why is it changing and more importantly - should I be worried? How can I found out more?

Clearly my DNS servers are setup and properly displayed in Plasma's System settings > Network > Connections as 192.168.1.3 which is the IP of my router that runs unbound and serves requests. The IP of the machine in question is set statically, no DHCP on this one. And it seems that well... it is true, that is my DNS server:

Code: Select all

cat /etc/resolv.conf 

# Generated by NetworkManager
nameserver 192.168.1.3

Code: Select all

nmcli

DNS configuration:
        servers: 192.168.1.3
        interface: enp14s0

Code: Select all

nmcli device show enp14s0 | grep IP4.DNS
IP4.DNS[1]:                             192.168.1.3
In the router and unbound I use 9.9.9.9 and 149.112.112.112 - so what is happening here?
Last edited by fakemoth on 2023-03-29 22:02, edited 2 times in total.

User avatar
fakemoth
Posts: 15
Joined: 2022-02-19 16:35

Re: [Testing - Bookworm] Network Manager applet displays all kind of IPs as nameservers... surely not what I set up!

#2 Post by fakemoth »

To be clear, I am talking about the Plasma network widget in the taskbar. I even changed my DNS to the other router (192.168.1.1, which again uses Quad9 DNS and unbound) and I get now... 72.155.245.207??? The IPs are not well known, and they are from all over the place, USA, Brazil, Argentina and so on.
Trying to attach a screenshot here.
Image


User avatar
fakemoth
Posts: 15
Joined: 2022-02-19 16:35

Re: [Testing - Bookworm] Network Manager applet displays other unknown IPs as nameservers... surely not what I set up

#4 Post by fakemoth »

The problem remains - why is that happening in the first place because it didn't before some updates in the last weeks, can't pinpoint exactly, because I surely didn't notice right away and I was using automatic updates, now stopped. And to me it shows (isn't that the customer?):

Code: Select all

CustName:       SHV ADSL EEUA
Address:        575 Morosgo Dr. NE
City:           Atlanta
StateProv:      GA
PostalCode:     30324
Country:        US
RegDate:        2010-03-03
Updated:        2018-09-10
Ref:            https://rdap.arin.net/registry/entity/C02435333
Let's say Microsoft, but I don't use any Microsoft products or services at all... and I mean in my whole network. Let's say those are legit. Why do I get ANY other DNS server except for the one I filled in? I booted my notebook with bullseye in order to check, I can confirm this is not happening in that case, it does show my DNS server as always on Plasma, in any OS I used it.
Because if it is not simply a cosmetic mess up than it might be a security issue. Even though I take all the precautions necessary and I am very careful with my station, and not in the habit of shady stuff, it could be simply introduced in development along the supply chain. And more baffling, the OS tells me that in the files I have the proper DNS.

BTW - I have 4 other connections setup but not used, disabled: a second wired LAN, the wireless that saved me when no drivers, a wireguard one and second VPN (L2TP this one).

Now I got 56.92.235.100 which is... the US postal service :? ? Come on now :D

Image
Last edited by fakemoth on 2023-03-30 06:40, edited 1 time in total.

User avatar
sunrat
Administrator
Administrator
Posts: 6412
Joined: 2006-08-29 09:12
Location: Melbourne, Australia
Has thanked: 116 times
Been thanked: 462 times

Re: [Testing - Bookworm] Network Manager applet displays other unknown IPs as nameservers... surely not what I set up

#5 Post by sunrat »

What does this show?

Code: Select all

$ dig
“ computer users can be divided into 2 categories:
Those who have lost data
...and those who have not lost data YET ”
Remember to BACKUP!

User avatar
fakemoth
Posts: 15
Joined: 2022-02-19 16:35

Re: [Testing - Bookworm] Network Manager applet displays other unknown IPs as nameservers... surely not what I set up

#6 Post by fakemoth »

Thanks for taking the time guys. It is fine, checked and I get my DNS server, DNS resolution is not a problem in general:

Code: Select all

$ dig

; <<>> DiG 9.18.12-1-Debian <<>>
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18050
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;.                              IN      NS

;; ANSWER SECTION:
.                       19883   IN      NS      e.root-servers.net.
.                       19883   IN      NS      l.root-servers.net.
.                       19883   IN      NS      a.root-servers.net.
.                       19883   IN      NS      h.root-servers.net.
.                       19883   IN      NS      m.root-servers.net.
.                       19883   IN      NS      g.root-servers.net.
.                       19883   IN      NS      f.root-servers.net.
.                       19883   IN      NS      k.root-servers.net.
.                       19883   IN      NS      c.root-servers.net.
.                       19883   IN      NS      j.root-servers.net.
.                       19883   IN      NS      b.root-servers.net.
.                       19883   IN      NS      i.root-servers.net.
.                       19883   IN      NS      d.root-servers.net.

;; Query time: 12 msec
;; SERVER: 192.168.1.1#53(192.168.1.1) (UDP)
;; WHEN: Thu Mar 30 13:39:26 EEST 2023
;; MSG SIZE  rcvd: 239
Last edited by fakemoth on 2023-03-30 10:44, edited 1 time in total.

User avatar
fakemoth
Posts: 15
Joined: 2022-02-19 16:35

Re: [Testing - Bookworm] Network Manager applet displays other unknown IPs as nameservers... surely not what I set up

#7 Post by fakemoth »

So any idea what this means and what is it happening? Thank you.

User avatar
sunrat
Administrator
Administrator
Posts: 6412
Joined: 2006-08-29 09:12
Location: Melbourne, Australia
Has thanked: 116 times
Been thanked: 462 times

Re: [Testing - Bookworm] Network Manager applet displays other unknown IPs as nameservers... surely not what I set up

#8 Post by sunrat »

I'm nowhere near being a networking expert but dig shows your router as DNS server. I have OpenDNS set in my router and dig shows the OpenDNS server:

Code: Select all

; Query time: 9 msec
;; SERVER: 208.67.222.222#53(208.67.222.222)
;; WHEN: Tue Apr 04 22:19:01 AEST 2023
;; MSG SIZE  rcvd: 239
So basically I have no idea what is happening with yours.
“ computer users can be divided into 2 categories:
Those who have lost data
...and those who have not lost data YET ”
Remember to BACKUP!

User avatar
fakemoth
Posts: 15
Joined: 2022-02-19 16:35

Re: [Testing - Bookworm] Network Manager applet displays other unknown IPs as nameservers... surely not what I set up

#9 Post by fakemoth »

That is correct - it should show my router, because that is my caching and filtering DNS server that my whole network queries, using unbound. Unbound instead uses (in my case) the quad9 DNS servers. So it is perfect.

Except for the network manager widget in Plasma that shows random servers.
Last edited by fakemoth on 2023-04-04 13:04, edited 1 time in total.

milomak
Posts: 2158
Joined: 2009-06-09 22:20
Been thanked: 1 time

Re: [Testing - Bookworm] Network Manager applet displays other unknown IPs as nameservers... surely not what I set up

#10 Post by milomak »

Image

is this not saying the pc goes via the router (default gateway)

and the widget happens to pickup, what nameserver your router is using (how you connect to the internet)?

is this different from what you see when you log in to the router (the primary nameserver)?
Desktop: A320M-A PRO MAX, AMD Ryzen 5 3600, GALAX GeForce RTX™ 2060 Super EX (1-Click OC) - Sid, Win10, Arch Linux, Gentoo, Solus
Laptop: hp 250 G8 i3 11th Gen - Sid
Kodi: AMD Athlon 5150 APU w/Radeon HD 8400 - Sid

User avatar
fakemoth
Posts: 15
Joined: 2022-02-19 16:35

Re: [Testing - Bookworm] Network Manager applet displays other unknown IPs as nameservers... surely not what I set up

#11 Post by fakemoth »

Yes, those IPs are not owned even remotely by my ISP, and not mine, not allocated to me, and they don't look like DNS servers at all, even scanned a few - they are either down or 53 closed and such; nothing of the sort - that is the problem. The connection is pppoe. And no, they are not either the DNS IPs set up in my system (the router's IP which now is 192.168.1.1), nor the external DNS servers set in my router, which are these https://www.quad9.net/ Not even my ISPs DNS nameservers which are not set anywhere.

So at worst, even if it doesn't make sense (the field is called IPv4 Primary Nameserver, right?), the widget should show my external, public IP. Or (more acceptable) the external public IPs of the DNS servers from quad9. Which it surely can't, because that is not whom gets asked, that would be my router. But in the past, and on my notebook that runs bullseye with the same setting and in the same network, it always showed the proper internal one, because that is what it is set. And DNS is working fine in fact, and everything checks out, except that it displays IPs that I don't recognize at all and more worrisome have no idea how they are obtained...

Have a ton of upgrades since I stopped autoupdates because of this. Will upgrade everything first these days, because obviously I am on bookworm, and surely some stuff got fixed and doesn't seems OK to investigate a state that might have changed. And I will report back. Thanks!

User avatar
fakemoth
Posts: 15
Joined: 2022-02-19 16:35

Re: [Testing - Bookworm] Network Manager applet displays other unknown IPs as nameservers... surely not what I set up

#12 Post by fakemoth »

The problem solved itself via upgrading all the packages. Don't ask me why/under what circumstances as this was a complete mystery to me from head to toes. I saw the networking interfaces being restarted somewhere along the samba updates though, probably not because of those specifically. This is how it looks now, as it should be:
Image
Last edited by fakemoth on 2023-04-11 10:16, edited 1 time in total.

Post Reply