Forcing Google Services to local (RSA) IP address

kaisterkai

Expert Member
Joined
Dec 11, 2009
Messages
2,142
Tinuva, could you perhaps give the DNS server's IP address that you're using and the ISP package?

I'm not sure what the ISP's are doing, but I have like 80ms to www.google.com (when using the 155.232.240.19 IP address) and like 10ms to mail.google.com (when using 64.233.179.83 IP address) << When I'm using Stellenbosch University's proxy servers and Internet.
A friend of mine had 1 - 2ms response time to www.google.com from the MediaLab's connection, which is also at Stellenbosch University.

Update: kaisterkai, I have no idea what you're doing but you're definitely doing something wrong if you're the only one where this modification isn't working! When you ping one of those hostnames of the Google services, it should resolve to the local IP address. Perhaps you should provide us with your ISP package that you're using and also with the results of when you're trying to ping like mail.google.com, www.google.com, etc.

Everything else works, it's just that gmail doesn't work.. but I see someone here also has the problem with Gmail...

But I guess not having gmail isn't really such a big thing..

Anyway, thanks for the help.. I'll see what I can upload ^ ^
 

Tpex

Teh Cyber Ninja
Joined
Sep 4, 2008
Messages
18,072
Everything else works, it's just that gmail doesn't work.. but I see someone here also has the problem with Gmail...

But I guess not having gmail isn't really such a big thing..

Anyway, thanks for the help.. I'll see what I can upload ^ ^
:eek: WTF!


anyway it seems the problem is with any Google login ,seems the IP are not resolved for those, could somebody post them please?
 

Pada

Executive Member
Joined
Feb 18, 2009
Messages
8,171
Add the following entries:
Code:
196.23.168.147 googlemail.l.google.com
196.23.168.147 www.gmail.com
196.23.168.147 gmail.com
If that doesn't fix your Gmail problem, then you should run the following command: ipconfig /flushdns
Once you've done that, try to open Gmail again.
Once you've tried to open Gmail, run: cmd /c ipconfig /displaydns & pause
Then look for the IP address that it's using for Gmail.

It could be that you have an antivirus/firewall application that's blocking those hosts file modificiations...
 

Tpex

Teh Cyber Ninja
Joined
Sep 4, 2008
Messages
18,072
Add the following entries:
Code:
196.23.168.147 googlemail.l.google.com
196.23.168.147 www.gmail.com
196.23.168.147 gmail.com
If that doesn't fix your Gmail problem, then you should run the following command: ipconfig /flushdns
Once you've done that, try to open Gmail again.
Once you've tried to open Gmail, run: cmd /c ipconfig /displaydns & pause
Then look for the IP address that it's using for Gmail.

It could be that you have an antivirus/firewall application that's blocking those hosts file modificiations...
entries fixed the problem :D Thanks a ton Pada :D
 

Pada

Executive Member
Joined
Feb 18, 2009
Messages
8,171
OK, awesome. I think I'm now going to try and merge all the entries into my first post :)
 

HavocXphere

Honorary Master
Joined
Oct 19, 2007
Messages
31,496
Some setups complain about it not being a secured connection when a secured one was expected (FF).
 

Pada

Executive Member
Joined
Feb 18, 2009
Messages
8,171
Some setups complain about it not being a secured connection when a secured one was expected (FF).
That's unfortunately the problem when forcing an HTTPS connection to a different server :( If you do get this issue with the certificates, PLEASE ensure that the Certificate Hierarchy tree resolves back to a Built-in Token (Root Certificate) in Firefox. You can view the Certificate and then in the Details tab it would show the Hierarchy tree.

I've updated my list in my first post by merging/adding all the DNS entries given in this thread. I've also removed all the double entries. Like www.google.com would resolve to www.l.google.com, so I've removed www.google.com.

If you have a DNS server that won't resolve www.google.com to www.l.google.com, then I would love to get that DNS server's IP address :)
I've used the following DNS servers to test my list: 168.210.2.2 (IS), 196.25.1.9 (Telkom), 146.232.128.10 (Stellenbosch Unversity - Internal access only) & 8.8.8.8 (Google DNS).
To check how the DNS entry is being resolved, use the command-line app: nslookup <hostname>, eg. nslookup www.google.com
In Linux you can either use nslookup or dig
 
Last edited:

schumi

Honorary Master
Joined
Mar 26, 2010
Messages
22,446
Thanks. works great. Youtube and google earth working well.
 
Last edited:

HavocXphere

Honorary Master
Joined
Oct 19, 2007
Messages
31,496
That's unfortunately the problem when forcing an HTTPS connection to a different server :( If you do get this issue with the certificates, PLEASE ensure that the Certificate Hierarchy tree resolves back to a Built-in Token (Root Certificate) in Firefox. You can view the Certificate and then in the Details tab it would show the Hierarchy tree.
Could you explain this in more detail. I've found the Hierarchy tree, but don't understand which cert I'm looking for or what it must look like.

Also, you can remove credit to me from OP...Catal already had the addr I added in his/her list.

I'm using dns1.webafrica.co.za as my DNS. (196.7.18.82)

Code:
C:\Documents and Settings\HX>nslookup www.google.com
DNS request timed out.
    timeout was 2 seconds.
*** Can't find server name for address 196.7.18.82: Timed out
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Non-authoritative answer:
Name:    www.l.google.com
Address:  155.232.240.19
Aliases:  www.google.com


C:\Documents and Settings\HX>
Google DNS is secondary. Not sure how to interpret the above.

Code:
Pinging www.google.com [196.23.168.147] with 32 bytes of data:

Reply from 196.23.168.147: bytes=32 time=72ms TTL=54
Reply from 196.23.168.147: bytes=32 time=71ms TTL=54
Reply from 196.23.168.147: bytes=32 time=71ms TTL=54
EDIT: Above is from the laptop that does not give cert issue.
 

Pada

Executive Member
Joined
Feb 18, 2009
Messages
8,171
HavocXphere, the WebAfrica DNS server that you're using isn't working:
*** Can't find server name for address 196.7.18.82: Timed out
When you're viewing the certificate of mail.google.com, it should be the one at the bottom of the Certificate Hierarchy with the name 'mail.google.com'. If it doesn't have any certificates listed above it, with the top-most one being a 'Builtin Object Token' (root certificate built into Firefox), then the host is being spoofed and you SHOULD NOT continue.

Here's a very technical explanation of it:
X509 certificates are signed by taking a hash (like MD5 or SHA1) of the X509 certificate in the DER encoded form, and then encrypting both the OID (describing the hash algorithm used) and the hash itself with the RSA private key. The RSA private key is only known by the owner of the certificate.
Certificates can either be signed by a CA (Certificate Authority, like VeriSign) or self-signed. Root certificates are always self-signed and their signatures can be verified by decrypting their signature with their own public key (which is stored in the X509 certificate). You'll know that the certificate is self-signed when its Issuer field matches its Subject field.
Certificates signed by a CA certificate can only be verified by decrypting the signature with the public key of the CA certificate used to sign it. The name/description of the CA certificate used to sign the X509 certificate is stored in the Issuer field. So the correct CA certificate can always be found in the list of certificates by matching the Issuer field with the CA certificate's Subject field.

CA/Root certificates can be faked if they used MD5 hash for the signature, since MD5 collisions are already known, but you still need like 200 PS3's to be able to crack it in a few days.

Firefox includes most of the trusted root certificates (listed as 'Builtin Object Tokens'). If a certificate's hierarchy doesn't start with a root certificate built-in in Firefox, then the certificate cannot be trusted, unless you made your own root certificate :)
* If you're wondering why I know so much about X509 certificates... Its because I'm working for a company where we're making our own X509 certificates :D
 

shaunvw

Senior Member
Joined
Jan 10, 2010
Messages
715
Thanks pada and everyone else who helped for this.
 
Last edited:

fragtion

Expert Member
Joined
Dec 26, 2004
Messages
2,724
Just a heads-up, SAIX(TelkomInternet)'s Google Global Cache servers started operating properly just a few days ago... it's working for Telkom customers automatically now as well without intervention
 

Shah33m

Expert Member
Joined
Sep 5, 2009
Messages
1,333
HavocXphere, the WebAfrica DNS server that you're using isn't working:

When you're viewing the certificate of mail.google.com, it should be the one at the bottom of the Certificate Hierarchy with the name 'mail.google.com'. If it doesn't have any certificates listed above it, with the top-most one being a 'Builtin Object Token' (root certificate built into Firefox), then the host is being spoofed and you SHOULD NOT continue.

Here's a very technical explanation of it:
X509 certificates are signed by taking a hash (like MD5 or SHA1) of the X509 certificate in the DER encoded form, and then encrypting both the OID (describing the hash algorithm used) and the hash itself with the RSA private key. The RSA private key is only known by the owner of the certificate.
Certificates can either be signed by a CA (Certificate Authority, like VeriSign) or self-signed. Root certificates are always self-signed and their signatures can be verified by decrypting their signature with their own public key (which is stored in the X509 certificate). You'll know that the certificate is self-signed when its Issuer field matches its Subject field.
Certificates signed by a CA certificate can only be verified by decrypting the signature with the public key of the CA certificate used to sign it. The name/description of the CA certificate used to sign the X509 certificate is stored in the Issuer field. So the correct CA certificate can always be found in the list of certificates by matching the Issuer field with the CA certificate's Subject field.

CA/Root certificates can be faked if they used MD5 hash for the signature, since MD5 collisions are already known, but you still need like 200 PS3's to be able to crack it in a few days.

Firefox includes most of the trusted root certificates (listed as 'Builtin Object Tokens'). If a certificate's hierarchy doesn't start with a root certificate built-in in Firefox, then the certificate cannot be trusted, unless you made your own root certificate :)
* If you're wondering why I know so much about X509 certificates... Its because I'm working for a company where we're making our own X509 certificates :D
i just fried some brain cells reading this :wtf:
 

Cider

Active Member
Joined
Dec 10, 2008
Messages
69
If I use Imap for Gmail will this go through local?

On a 384 line gmail takes ages to sync via IMAP using outlook for example.
 

Pada

Executive Member
Joined
Feb 18, 2009
Messages
8,171
Cider, add the following 2 lines and see if your Gmail still works via IMAP/SMTP:
Code:
196.23.168.147 gmail-imap.l.google.com
196.23.168.147 gmail-smtp-msa.l.google.com
 

HavocXphere

Honorary Master
Joined
Oct 19, 2007
Messages
31,496
That's a MTN-Business DNS server, not a WebAfrica DNS server, which is 196.220.59.188/189
I see what you mean.

HavocXphere, the WebAfrica DNS server that you're using isn't working:
You're right about the DNS server I posted 100% dead. Was wondering what all the 8.8.8.8 were doing in my firewall records...

I'm not convinced that the nslookup thing is a reliable method of testing it though. I also got the timeout message whilst using the broken dns as primary & google as secondary. Now I've switched to 196.31.65.99 (another WA/MTN) I get a result for the (broken) first WA dns server:
C:\Documents and Settings\HX>nslookup 196.7.18.82
Server: ns2.anova.co.za
Address: 196.31.65.99

Name: ns1.savitar.co.za
Address: 196.7.18.82
Cert: On this PC it looks right. Will have a look on the others too. thx
 
Top