• Hello MLAers! We've re-enabled auto-approval for accounts. If you are still waiting on account approval, please check this thread for more information.

OS 9.1 in homogenous home network

C

crimsonRE

6502
Hi folks,

In the pat few days I have gotten a G3 Pismo up and running, with OS 9.1 currently, and hooked into my home network. No issues  with configuration and performance to the greater outside Intertubes. However, locally, it looks like I need to put a 'hosts' file together - I see an option to add one via the TCP/IP control panel. I've searched around a fair amount, here, at macOS9lives and elsewhere but have not managed to come across just what the format of that file should be.... Would someone enlighten me to this?

My home net has quite the variety on board: bunch of PPC G4's running Leopard & Tiger, NextStep 3.3 machines (both black hardware and on Sun), various models of SGIs running IRIX 6.5.x, and several Sun workstations with SunOS and Solaris. None of these are online constantly so I don't have a central server running, say, NIS. No Windows boxes (my SGI VW 320 with WinNT has some sort of HAL issue). My port to the outside world is just a simple Zyxel DSL modem/router/WAP (660 something or another).

Do any of y'all use some other mechanism within your home net for tranforming IP addresses to the name you've carefully chosen for your classic Macs?

Cheers!

 
AFAIK Open Transport just uses the normal UNIX host file format.  A hosts file is just a set of lines each of the form

Code: 
 <ip address> <whitespace> <hostnames>
So it would look something like

Code: 
127.0.0.1 localhost
192.168.0.1 myrouter
192.168.0.2 somecomputername
192.168.0.3 someothercomputername
Keeping hosts files in sync is a massive pain, though: you might want to see if your router has the ability to run a local DNS server (that's how I do it)

 
Last edited by a moderator:
Seconding the suggestion to use the router as a DNS server or add DNS server to something like a pi or whatever. Mac OS 7+ with opentransport works well with regular DNS.

Windows is currently running DNS in my network, but I'm going to give that to a small desktop PC with two ethernet interfaces, running untangle, as part of an "updating old windows servers" project I'm working on.

 
Thank you for taking the time to respond, Cheesestraws. The format you gave is well known to me, as that's what SunOS, Solaris and IRIX use. MacOS 9.x does not, it seems...so I just tried variations myself. The control panel spits out error boxes as it parses the file you're trying to feed it. Here is what I have found:

1. The first field of each line must begin with the hostname (not the IP address);

2. Hostnames must be fully qualified (make it a non-existent network), e.g., dingbat.bork.org

3. The second field is the ttl (time to live) value; this doesn't appear to be an actual numeric value, as it would be in, say, a DNS record. Somehow, down in the lower depths of my brain, I dredged up the value as being 'A'. Lo and behold, this works...

4. The third field is the IP address;

5. The rest of the line is ignored, so could be used for comments;

6. The fields are separated by whitespace (spaces or tabs are acceptable)

So, an example:

fignewton.unagi.org  A  192.168.0.45

I could not find a way to put in an alias for a FQN hostname, as is a common entry in hosts files on UNIX-based OS's....

My dinky router box cannot run a DNS server. And it merely passes on the requests to the Centurylink DNS resolvers hard-wired into its config (so I actually also use a resolv.conf file in each of my machines, set to OpenNIC servers). This obviously fails on my local (unroutable) network. I've just not taken the time to investigate getting a more decent box, something with a nice configurable firewall that won't be crushed under a load.  In the old old days, I used a Sun SS20 as my name server (& PPP link & router & firewall), but I cannot justify using the electricity to run it constantly....

 
Thank you for sharing this!

crimsonRE said:
My dinky router box cannot run a DNS server. And it merely passes on the requests to the Centurylink DNS resolvers hard-wired into its config
Click to expand...
God, I wish the ISPs were a little better at providing for use of third party equipment. Depending on what type of service you have, you might be able to get a plain bridge modem. They're very common for ADSL/ADSL2/ADSL2+ but not very common for VDSL2.

I'm using a C1000A on VDSL2 and what I ended up doing was disabling DHCP on it and giving DHCP and DNS to a Windows server. It looks like Pi-hole has a DHCP server as well, 

My future step is to switch to transparent bridging and enter my PPPoE credentials into another router and have it run my network.

If you want a project, later: you might be able to do something like that. I'm going to be using Untangle on a regular PC, but there's smaller more purpose-built boxes, and stuff like unifi, and even most nicer home routers have some stuff.

 
Hmmmm, hmmmm, still not entirely correct. As I added more machines to the file and tested them (using the ping option of the AGNetTools utility retrieved from the Garden), I could successfully do so for only maybe every other hostname in the file? The others would give a "Name lookup failed" error box....looks like I'm missing something....

I'll keep trying as I have time...

 
Wow - well done, sir! Particularly for the hour it must be over there by the Prime Meridian! This appendix should be exactly what we need...though I seem to already be (inadvertantly) following the rules laid out. Perhaps I have some errant character that is causing the parser to barf.

I'd forgotten that there were manuals in those days (too used to UNIX man pages)! And had not thought of searching specifically for an OT manual - had been casting a wider net for "TCP/IP", "9.1" and "hosts file".

Will play further. Many thanks again for your time, in our hilariously silly hobby...

 
You are very welcome—as a full-time insomniac, random manual surfing is one of my "can't sleep" activities, so it's nice when it can do something useful :-)

An idle thought—it's not line endings or something as ridiculous as that is it? (I realise this is like "have you turned it off and back on again" but occasionally one has not turned it off and back on again).

 
What about running DNS via Linux on a Raspberry Pi? 

https://pimylifeup.com/raspberry-pi-dns-server/

Better yet, set up a Pi with Pi-hole, which filters out looks for advertising (I highly recommend it).  You can also add some LAN DNS to the setup:

https://discourse.pi-hole.net/t/howto-using-pi-hole-as-lan-dns-server/533

I've been running Pi-Hole for a couple years now and I love it.  I recently set it up to use DNS over HTTPS to CloudFlare's secure DNS servers, so my ISP can no-longer snoop on my DNS lookups. 

 
pcamen said:
I recently set it up to use DNS over HTTPS to CloudFlare's secure DNS servers, so my ISP can no-longer snoop on my DNS lookups.
Click to expand...
Pi-hole is good, as is simply running BIND, but I have to strongly recommend against DNS-over-HTTPS (DoH).

First, who says that Cloudflare is trustworthy? They want us to trust them, but they do a lot of underhanded things.

Second, if more individual programs, like Firefox, start using DoH, then that means we no longer have control over our own DNS. We cannot block things with Pi-hole, we cannot block individual sites or domains, we cannot use local host names. DoH is a way of saying, "You're an end user, and you're stupid, so give up your privacy to us, because we're smarter than you."

What we all really need, particularly if we're worried about our ISPs injecting ads and other things (worrying about our ISPs tracking us is completely theatre - if that were a real concern, we'd all be encouraged to use VPNs everywhere, and when some large company stands to make money doing that without breaking Netflix, that encouragement will come), we'd all run recursive DNS servers that check all DNSSEC. You can test yours here:

https://dnssec.vs.uni-due.de

 
To the point of this topic: a Raspberry Pi or PogoPlug or some other low power, always on device can easily be a recursive resolver, and the whole local network can have a default domain that's configured as a zone in the local DNS server, and all hostnames will Just Work® :)

 
Holy cow I just got a notification!

johnklos said:
First, who says that Cloudflare is trustworthy?
Click to expand...
I trust them much more than Google or other DNS providers.  But I'd like to hear what underhanded things they are suspected of.  I've not heard to any to date.

johnklos said:
Second, if more individual programs, like Firefox, start using DoH, then that means we no longer have control over our own DNS. We cannot block things with Pi-hole, we cannot block individual sites or domains, we cannot use local host names. DoH is a way of saying, "You're an end user, and you're stupid, so give up your privacy to us, because we're smarter than you."
Click to expand...
What I'm suggesting is distinct from using DNS over HTTPS via a browser.  I'm doing it from my Pi-Hole resolver to the DNS provider of my choice, so I have total control.  In this scenario, all it is doing is encrypting my DNS queries to the DNS provider. 

johnklos said:
worrying about our ISPs tracking us is completely theatre - if that were a real concern, we'd all be encouraged to use VPNs everywhere
Click to expand...
Hmm.  I've seen lots of articles on this practice being widespread.  Ad injection may have been quashed more recently due to outrage, but it is still believed that the widespread monitoring of traffic is happening and this data is being sold in such a way that it can often be identified down to the household or even individual level.

It's certainly legal for them to do so:  https://www.cnbc.com/2017/03/28/congress-clears-way-for-isps-to-sell-browsing-history.html

The FCC is investigating them for it:  https://arstechnica.com/tech-policy/2019/03/ftc-investigates-whether-isps-sell-your-browsing-history-and-location-data/

The WSJ reports that some ISPS are:  https://www.wsj.com/articles/facebook-knows-a-lot-about-you-so-does-your-internet-provider-11561627803

And in the world we now live in, even freaking TV's are monitoring what we watch:  https://www.washingtonpost.com/technology/2019/09/18/you-watch-tv-your-tv-watches-back/

But it is true that DoH (DNS over HTTPS) isn't perfect and there are better ways to not be tracked, VPN like you suggested, or using the Tor Browser.  But I do think that Pi-Hole cuts down tremendously on ads and tracking, so I use it.  It also think that DoH may help a little, and it was easy to set up, and I do trust Cloudflare (for now) so I use it.  I also use the Ghostery and TrackMeNot extensions in my browsers.  None of these things are perfect but I think they all help. 

But I don't think claiming that ISP tracking isn't an issue because everyone isn't recommending using a VPN service is accurate; I think it has more to do that most people just don't care if they are tracked, take Facebook as a perfect example. 

 
pcamen said:
I trust them much more than Google or other DNS providers.  But I'd like to hear what underhanded things they are suspected of.  I've not heard to any to date.
Click to expand...
They ostensibly allow whatever based on "free speech". Apparently their idea of "free speech" includes fraud, because they've refused to stop providing services to sites that claim to be, for example, Bank of America.

I've been tempted to set up a site claiming to be Cloudflare, then use Cloudflare to "protect" my phishing site to see what they'd do.

No matter, when a large company that stands to make money off of something claims altruistic motivations, I can't help but be suspicious. Remember Google's mantra, "Don't be evil"? They had to do away with it.

pcamen said:
But I don't think claiming that ISP tracking isn't an issue because everyone isn't recommending using a VPN service is accurate; I think it has more to do that most people just don't care if they are tracked, take Facebook as a perfect example. 
Click to expand...
I'm not saying that's why it's not an issue. I'm saying it's disingenuous to offer ISP tracking as a reason to give up our DNS liberty since DNS is only one small part of the equation. But when we look at which parties are telling us to give up our DNS liberty, it makes sense.

The problem with DoH, even in the context of sending queries upstream, is that it's heading down the path of DoH use in general. It's evil, and it should be treated as evil, and any attempt to make it more palatable should be viewed with skepticism.

Most people have the, "I have nothing to hide" mentality when it comes to tracking, whether it's by Facebook, Amazon Alexa, Google Android phones, et cetera, but they mostly haven't taken the time to properly think things through. They haven't considered things in the context of what happened with information about people throughout Europe in World War II. If they did, they'd be terrified about the possible consequences of blindly giving away literally all data about themselves because even if everything seems fine now, the proverbial poop could hit the fan a decade from now and all that information is still out there. You talked smack about the wrong party ten years ago? Too bad. It's too late.

I trust Apple only because they don't try to make money from selling our data to advertisers. So long as they're a premium company that makes tens of billions of dollars a year being premium, and so long as they stand to lose literally tens of billions of dollars a year if they were caught doing what Google or Amazon do, I will continue to trust them to try their damned hardest to keep our data private.

Sorry for the rant. I'm just not a fan of those who actively want to erode our liberties in the name of a little "safety", and in this case it's Cloudflare, Mozilla and Google by promoting DoH. 

 
Last edited by a moderator:
johnklos said:
The problem with DoH, even in the context of sending queries upstream, is that it's heading down the path of DoH use in general. It's evil, and it should be treated as evil, and any attempt to make it more palatable should be viewed with skepticism.
Click to expand...
Well, I think perhaps in name only.  I just literally use it to encrypt the traffic between my resolver and the upstream one I am using.  They offer clear text and encrypted versions of queries and I prefer the encrypted one.  I think it helps a little. 

I can't speak to Cloudflare's free speech choices WRT what they are willing to host, I just believe for now that their aren't storing, tracking, selling, or otherwise nefariously using the data I send to their 1.1.1.1 DNS server. 

 
@johnklos Does Apple have a public DNS server one can use? If not, they should!

I'd imagine that, with regard to this whole DoH thing, someone, somewhere is going to create a fork of Firefox once it's DoH-only and revert to traditional DNS handling for precisely the reasons you stated. However, I feel the writing is on the wall on this one, as the likes of Google and Facebook will likely force the whole industry to switch to it (as they appear to have done with HTTPS and TLS1.2+, a move ostensibly done to promote better security).

That being said, I really don't like what Google, Facebook or Amazon are doing, but unfortunately, they've each become so huge that it seems almost impossible to completely stop them on an individual level. Even governments are having trouble containing them.

We can do what we can, and it helps, but we're never going to have complete privacy because they have innumerable other sources from which to acquire said info which we have almost no control over (credit cards, smartphones, satellite surveillance (this one isn't new, and has been going on in some way or another for almost as long as artificial satellites have been a thing) and now even TVs, as @pcamen pointed out (if I ever end up with a so-called Smart TV, I'm turning off as many of it's "smarts" as I can)), so until a significant number of people stand up to them and force them to stop (there was this whole Delete Facebook thing, and it was a good start, but it wasn't enough), they have carte blanche, it would seem.

Hopefully that recently enacted law from California will help some. Time will tell.

c

 
CC_333 said:
@johnklos Does Apple have a public DNS server one can use? If not, they should!
Click to expand...
Not that I know about.

I think the issue isn't about whether we can turn DoH off or on. I think the issue is that once it becomes normal and expected, we (network administrators) lose the ability to protect ourselves from all sorts of things. Trojans will be able to use DNS all they want, and that'll be one less tool we can use to find them. Botnets will be much harder to break up unless companies like Cloudflare take action, and they've indicated that they care more about making money than doing the right thing.

In business networks I've already had to block https to Cloudflare's resolvers in order to comply with security requirements. Long term, we'll have to have a blacklist of DoH servers, which will be a pain.

Now imagine the end result: Every application can, and does, use DoH instead of OS level resolution. Resolvers can be anywhere, such as random addresses all throughout Amazon AWS or other "clouds". Now how do you stop anyone from exchanging anything with anyone? How do we stop a virus or Trojan from sending captured files, credentials, video, audio, whatever? We can't. TCP-over-DNS can run just fine over DoH, so DoH represents an unblockable way to have two-way traffic that can't be examined and can't easily be blocked, because it's indiscernible from normal https traffic.

To combat this, we'll need Windows-like firewalls (ones that are used more to protect the rest of the world from Windows than Windows from the rest of the world) to block programs from connecting to the Internet altogether.

It's sad that we have web browser makers that that think that circumventing the OS and the network administrators is OK. But what's even sadder is that they're doing it based on bull - the bogeyman they want to use to scare us can easily be avoided in much more effective ways that don't include blindly trusting for-profit corporations. The FUD they try to spread just by itself should be an obvious sign that something's not quite right with DoH.

Even if, for some naive reason, we want to trust Cloudflare, the company is in the US. Do we trust that the NSA doesn't have backdoors all throughout Cloudflare? Mozilla is already trying to claim that this doesn't run afoul of Europe's GDPR, but it clearly does.

I wholeheartedly recommend that anyone who has the technical wherewithal to set up a Pi-hole or any other small computer with a recursive resolving DNS server that validates DNSSEC does exactly that.

 
CC_333 said:
We can do what we can, and it helps, but we're never going to have complete privacy because they have innumerable other sources from which to acquire said info which we have almost no control over (credit cards, smartphones, satellite surveillance (this one isn't new, and has been going on in some way or another for almost as long as artificial satellites have been a thing) and now even TVs
Click to expand...
We do have choices. Android is complete shit - it's just like Windows environments on a phone. Google app stores blindly accept anything, and privacy controls are horrible. Choose a non-Android, which today means getting an iPhone. More choices would be nice, but we're stuck in a captive market.

Smart TVs are horrible, but you can simply not connect them to the Internet. Really, that's all. Just don't connect them. Read up about video streaming devices and buy one you like. For instance, Roku seems OK. AppleTV seems OK. Amazon Fire and Google Chromecast? Completely and provably evil. Let your Roku or AppleTV get Internet, but not your smart TV.

Don't buy a Ring. Don't buy a camera that uploads to the "cloud". Don't download and indiscriminately run apps without seeing what permissions they want, and turn off all permissions unless they make sense. Don't buy or accept as a gift an Alexa device, or enable Cortana, or whatever Google is trying to spread. Be suspicious of anything with the word "cloud" in it - assume it means that any data put in the "cloud" is accessible to anyone who's motivated, whether that's nation-states or marketing companies.

Sure, we can't help satellite surveillance, but we can take control over our devices and networks.

And install a DNS server :D

 
You must log in or register to reply here.

Similar threads

G
Power Macintosh 6500 and Keychain in OS 9.1
Replies
0
Views
553
GerrySch
G
J
Networking a Powerbook Duo: serial -> OS X/unix -> internet
2 3
Replies
58
Views
32K
TechEdison
TechEdison
Back
Top