Industry guru Dave Taylor offers tech support on technical and business topics, including iPhone, iPod, Microsoft Windows, Sony PSP, cellphones, online advertising, CSS, Web design, business, Unix, Linux, SEO, Mac OS X, and shell script programming.     


How can my server be DNS spoofed?

Help! For some reason when I try to use "ssh" to connect to my server from my Mac, it fails and is saying that I might be a victim of a "DNS Spoof"? What's going on, and how do I fix the problem?


Dave's Answer:

First off, a critically important question: have you moved your domain name from one server to another in the last day or two? Or, perhaps, has your ISP moved you from one server to another and therefore had to change your IP (internet protocol) address?

That's what's happening. Your Mac remembers that you used to end up at, say, 129.1.1.30 when you requested to connect using the secure ssh protocol, but now the domain name resolves to a different IP address.

Here's the message you're probably seeing:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@       WARNING: POSSIBLE DNS SPOOFING DETECTED!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
The RSA host key for intuitive.com has changed,
and the key for the according IP address 205.212.166.171
is unchanged. This could either mean that
DNS SPOOFING is happening or the IP address for the host
and its host key have changed at the same time.
Offending key for IP in /Users/taylor/.ssh/known_hosts:4
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
ce:a1:ce:c7:90:15:41:c4:ac:81:5f:a3:f9:7d:97:1d.
Please contact your system administrator.
Add correct host key in /Users/taylor/.ssh/known_hosts to get rid of this message.
Offending key in /Users/taylor/.ssh/known_hosts:1
RSA host key for intuitive.com has changed and you have requested strict checking.
Host key verification failed.

Pretty scary!

But you can see that it shows you the solution if you're confident that you are pointing at a new IP address and all is well: simply wipe out the "known_hosts" file for that connection in your "ssh" configuration folder (in my case, it's /Users/taylor/.ssh).

You can either just remove the offending line or delete the entire file and let it reprompt you whether to save the secure keys for other sites you visit too. I usually opt for the latter.

If you haven't made any changes, then you need to get on the phone with your Internet Service Provider ASAP to figure out what's going on!

Hope that helps clear things up!


More Useful Unix and Linux Help Articles:
✔   Copy and Paste from the Mac OS X Command Line?
I am constantly running commands in Terminal.app on my MacBook and then copying and pasting the results into email messages or documents. Yes,...
✔   Shell script to convert lowercase to title case?
As part of a project I'm working on, I find myself deep in a Linux shell script, needing to have a subroutine that...
✔   Can I script renaming files based on an XML data map?
I have a folder full of files which are named with four digits and a file extension e.g. 0312.file and an XML-file describing...
✔   Test for valid numbers in a Bash shell script?
In a different discussion on this site [see Redirecting input in a shell script] a visitor commented that "I was too busy trying...
✔   Review: iSSH for the iPad/iPhone
If you're running an online business like I am, there are times when you need to connect and log in to the server...

Let's stay in touch!
Sign up for my weekly AskDaveTaylor Newsletter and you'll receive even more tech and gadget help right to your inbox, along with exclusive news and industry updates. It's good stuff. I promise!
    Enter your name: and your email addr:  




Categorized: Mac OS X Help , Unix and Linux Help   (Article 5841, Written by )
Tagged: dns spoofing, sftp, ssh
Previous: What is WiMAX?
Next: Are Sony PSP's regionally encoded?




Reader Comments To Date: 2

Keith said, on April 6, 2008 11:17 AM:

I followed all your steps to seting my psp up for the internet but now it says a dns error has occured. How do I fix this?

gm said, on November 13, 2011 4:26 PM:

thanks so much! the fix worked perfectly.
for all those looking for the .ssh folder you have to unlock the "hidden files" on your mac. a simple google search will show you how to do this.

Starbucks coffee cup I do have a lot to say, and questions of my own for that matter, but first I'd like to say thank you, Dave, for all your helpful information by buying you a cup of coffee!

I do have a comment, now that you mention it!











I will never send you any unsolicited email. Ever.






Check This Out Too...

 
Look for Answers
Need Help? Ask Dave Taylor!
Powered By
Linux Journal: Free Issue!


Follow Me on Pinterest

Find Me on Google+
ADT on G+
© 2002 - 2013 by Dave Taylor. All Rights Reserved.

Note: This web site is for the purpose of disseminating information for educational purposes, free of charge, for the benefit of all visitors. We take great care to provide quality information. However, we do not guarantee, and accept no legal liability whatsoever arising from or connected to, the accuracy, reliability, currency or completeness of any material contained on this web site or on any linked site. Further, please note that by submitting a question or comment you're agreeing to my terms of service, which are: you relinquish any subsequent rights of ownership to your material by submitting it on this site. My lawyer says "Thanks".
"Ask Dave Taylor®" is a registered trademark of Intuitive Systems, LLC.