Information about DNS and network

I am using heroku and trying to use let’s encrypt for my ssl/Tls certificate. Herku is pushing me to switch my dns from godaddy to a dns provider that can support Alias records. I read this article …

https://iwantmyname.com/blog/why-alias-type-records-break-the-internet

And a bit concerned.

1) would using alias be bad? Is this article correct? 2) if I should not use alias what other solution do I have to maintain my website on heroku and still setup SSL/TLS? 3) if alias records are ok, what is a good provider that won’t cost me $25 a month as I spend $12 a year to register my domain with godaddy and they handle the dns. Companies like DNSimple seem to charge an arm and leg but not sure why or what they provide, which may be more than I need.

Hello, Need some guidance (I’m almost noob).

Domain is registered at Godaddy. DNS is managed using Cloudflare, with DNSSEC. Godaddy has Cloudflare nameservers and DS records for the website.

Now, can I copy ALL dns records to Google Cloud DNS, and then add google nameservers along with Cloudflare’s in Godaddy records for my website? Can I also have DNSSEC enabled at Google? or should disable DNSSEC totally in Cloudflare and Google?

I am hoping to have both Google and CF act as primary and both will have same records.

Thank you in advance.

unable to open '/etc/bind.keys'; using built-in keys instead managed-keys-zone: Unable to fetch DNSKEY set '.': timed out

How can I get these errors to go away? I have tried googling it but every result is vague and/or has the error but it isn’t mentioned at all.

I recently started using CyberGhost Vpn.

Today I ran a DNS leak test on ipleak.net and I am not sure what to make of the result.

It showed me 23 different DNS adresses (e.g. 74.63.24.248 ISP: WoodyNet).I am not sure if these are adresses of CyberGhost DNS servers (and therefore trustworthy) or of my own ISP (therefore being a DNS leak).

I would really love some help here since I have no knowledge about all that stuff whatsoever.

I need help. I have a 2 router setup. A Linksys EA7300 and an Eero mesh.

1st Router (Linksys): Handles PPPOE connection and has Google DNS 8.8.8.8 and 8.8.4.4 blocked. I have setup the second router, Eero, under DMZ using a static IP within Linksys router, so effectively having 2nd router handle the firewall.

2nd Router (Eero): Connected to the LAN of 1st router and WAN of Eero. It handles all internal IPs of my devices.

Both routers are set to use DNS 1.1.1.1. All devices connect to Eero. I decided to block Google DNS since some of my devices use their hardcoded Google DNS, like Pixel phones and echo devices.

However, I can’t access my noip domain. I can ping it and its success but I can’t access some IP cameras within my own wifi. I disconnect my wifi and connect to 4G cellular data, and I can access it without any problems.

Any thoughts?

I’m wondering if any of the new / long-form TLDs have typically lower-latency than classic ‘prime’ TLDs of olde.

I understand that some countries could have higher latency, if they’ve made all DNS bottleneck through the country. I don’t really know how propogation happens across all/most/many of them. Which major DNS sign up for all TLDs, or which they defer (is that even right?)

Is .xyz slower or faster than most? What about .bank, etc? Compared with .mk or .az?

I’m sure there’s tons of naivety in what i’m asking. Thanks for any bits you know, or bigger picture insight.

Hi, Over the past few years I have seen every company using Microsoft Outlook Protection, reject our company email. In each case I had to ask the company admin to white list us. This only happens with Microsoft as far as I know. Our IP address is not on any DNSRBL.

The reject message from them was :

Recipient address rejected: Access denied. AS(201806281) [DB5EUR01FT045.eop-EUR01.prod.protection.outlook.com] (in reply to RCPT TO command) Diagnostic-Code: smtp; 550 5.4.1 Recipient address rejected: Access denied. AS(201806281) [DB5EUR01FT045.eop-EUR01.prod.protection.outlook.com] 

I image that my DKIM/SPF records are misread. However they look good to me.

I would be very grateful if someone could just tell me if they are ok, or not.

$ dig -t txt klunky.co.uk @dns1.p07.nsone.net|grep TXT ;klunky.co.uk. IN TXT klunky.co.uk. 600 IN TXT "v=spf1 mx a a:elk.klunky.co.uk -all" klunky.co.uk. 600 IN TXT "spf2.0/mfrom a mx a:elk.klunky.co.uk ~all" $ dig -t txt klunky.co.uk @ns3.he.net|grep TXT ;klunky.co.uk. IN TXT klunky.co.uk. 1800 IN TXT "v=spf1 mx a a:elk.klunky.co.uk -all" klunky.co.uk. 1800 IN TXT "spf2.0/mfrom a mx a:elk.klunky.co.uk ~all" klunky.co.uk. 1800 IN TXT "google-site-verification=REDATED" 

The main records are hosted on NSone, but there exists backup records on Hurricane Electric. The domain register only has Hurricane Electric registered, which is odd. NSone is not listed.

Any help would be very much appreciated.

Regards, GK