FirstDNS

Archives par auteur: firstdns

DNS failing for Domain

Hey r/DNS I’m a new sysadmin for a small business and I’ve encountered what I believe to be a strange DNS issue.

Individual clients are unable to correctly resolve host names for servers inside our domain. This issue is intermittent and will only affect a single machine at a time, and I am unable to find any common link between affected machines. It has affected machines in different physical locations, different OS’s (win 7 and 8) and various levels of patching (fresh image to fully patched version of windows). It has affected at some point 70% of the machines on our network, often affecting the same machine multiple times. Frequency is approximately 1 per day across a total of 100 connected machines.

On an affected machine we can still able to ping the IP address directly and NSLOOKUP will correctly return the address. On an individual machine level I can release and renew IP address which resolves the issue. Flushing DNS does not. Affected machines never have issues resolving host names outside of our domain. As I understand NSLOOKUP will bypass the windows DNS client which makes me think the local DNS has been poisoned somehow, but I do not understand what causes this and how to permanently resolve?

Any help or direction you guys could point me in would be much appreciated!

submitted by PStyleZ
[link] [comment]

Powered by WPeMatico

Locally Hosted DNS server?

I’m attempting to create my own server, the goal was to make mini version of a professional platform (minus all the security enhancements) all i have left to do is host my own DNS but I’m having trouble finding any free DNS program that works. I tried Bind but that required an account and subscription which i don’t want to bother with. Like i mentioned, this was meant to be a self-sustaining server with no need for domain hosting services. MaraDNS/Deadwood seemed promising but there were run-time errors and unfortunately couldn’t get it running. The first attempt at making an accessible site was made with PolarWebSrv but I had some problems with it, but it had the most potential for all-in-one hosting. Anyone else know of a way to host your own DNS server?

submitted by whatever_isnt_taken
[link] [4 comments]

Powered by WPeMatico

DMARC records

I’ve been working on optimizing the outgoing mail from my virtual server. This server has several virtual domains which send and receive mail as well. I’ve been using the mail-tester.com service to check configurations, and I seem to be able to get 9 or 10 out of 10 on all my sites. However, there’s a warning that comes up about the DMARC record. The mail-tester advice is:

You do not have a DMARC record A DMARC policy allows a sender to indicate that their emails are protected by SPF and/or DKIM, and give instruction if neither of those authentication methods passes. Please be sure you have a DKIM and SPF set before using DMARC. You do not have a DMARC record, please add the following one to your domain _dmarc.lists.example.net

v=DMARC1; p=none

and my bind entry is:

_dmarc.lists.example.net. IN TXT « v=DMARC1;p=none »

Finally, a dmarcian.com inspection does show a record matching what I put in bind. Does this look correct, or is there some nuance that I’m missing and mail-tester.com isn’t explaining in a way that I see? Thanks!

Edit: To remove the obvious noob mistake question…no my bind entry does not actually say example.net, it’s the actual name of the server used in the Errors-To, Sender, and Return-Path headers in the emails.

submitted by TheRealBeakerboy
[link] [comment]

Powered by WPeMatico

Curious random DNS queries

Hello, I did see a post (http://redd.it/2isn35) similar to this, but it doesn’t seem to be the same case.

I get some random queries, but the frequency is way to low to be an attempt to a DDOS/DOS attack. Also, I thought that a « good » DNS amplification should be querying existing records (to ensure a « larger » response), not random, guaranteed to always return « No such name » responses.

My traffic is usually quite low; I get those about once a minute, grouped in ~5 queries from the same IP (probably spoofed, not always the same, but frequently from the 8.0.7.0-8.0.6.255 range).

Some examples (domain has been changed to protect the innocent):

MZLUVOoN.MydOmAIn.Com (yes with randomized capitals)

qqevjfrviwzxll.mydomain.com

RnMFgaSIYZXl.mYDoMaiN.COm

winrar.mydomain.com

ocsinventory-ng.mydomain.com

2010cr0198.mydomain.com – this one does look like some attempt to a DDOS, because I just saw the exact same query coming from 3 different networks almost at the same time (just once from each, though).

So what are they? Do you guys get those too?

(my server accepts no recursion and answers to those all with « No such name ». I’m considering dropping the recurrent ips on the firewall, but if they are spoofed, it may do more harm than good).

thanks!

submitted by jsveiga
[link] [11 comments]

Powered by WPeMatico