Information about DNS and network

I have 2 primary infastructure Domain controllers which have 2 conditional forwarders setup. The conditional forwarder reaches out to a mutual business partner’s DNS servers for the records, they are not AD-integrated. We then have an enclave which houses 2 more domain controllers which does not have internet access directly outbound and we have them reference the infrastructure DC’s for lookups.

The problem I’m having is that the enclave DCs are unable to lookups the conditional lookups. My assumption when I set this up was that the enclave DCs would ask the infra DC’s which would do a conditional lookup and relay the answer. This does not seem to be the case… Is there a step i’m missing or is this not possible?

Thanks!

Hello everyone.

My understanding of DNS is somewhat limited so I have a question.

Let’s assume I have a private network with my domain names tree(directories).

Now let’s say I want a machine from my network to access a public site, let’s say, www.reddit.com.

However, Inside my network, I too have a reddit/com domain.

In this situation, it is my understanding, that the machine from my internal network will resolve it’s path to reddit.com from my private DNS and will never reach the public one.

If all is correct until now, how do I create a private dns with the same name as a public one, but still make it possible for my machine to reach the public one first?

Hello Reddit,

I need some help. I’ve been living at my current apartment for 6 months and I’ve been having problems with my router. After some research, I’m starting to think it might have been hijacked. I’ve gotten certain alerts from my laptop, Norton security and even my Xbox. The alerts mention a DNS changes and unsecured wifi pop ups. I’m not sure where to start with this.

My assumption is no. I know that a flattened CNAME record is basically spoofing an A record, but in my line of work, we’re using a lot of flattened CNAME records and I can’t verify the correct values are in place because when I use dig on the domain name, it just looks like an A record.

‘Stubby’ is an application that acts as a local DNS Privacy stub resolver (using DNS-over-TLS). Stubby encrypts DNS queries sent from a client machine (desktop or laptop) to a DNS Privacy resolver increasing end user privacy.

https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Daemon+-+Stubby

I have found 3 so far, but not sure with one is better:

• Adguard DNS (i have use the aplicattion and at the start was osom, but then it started accepting payments to show ads from certains sources, not sure if the DNS is the same)

176.103.130.130

176.103.130.131

• Alternate DNS (i used it for quite a while and i was quite happy with it, but it have a expiration date for free use)

198.101.242.72

23.253.163.53

• opendns (read good things about it, not sure how good it really is, so i am currently testing it.)

208.67.222.222

208.67.220.220

If anyone have a more deeper comparative table of then i would appreciate it.

edit: OpenDNS still shows some stuff, Adguard DNS seems to block more, if anyone know another ads blocking dns please tell me as well.

So I am trying to setup SPF and MX records for a mailserver. I tried looking with mxtoolbox and it doesn’t find any records for it.

@ 3600 IN A
domain.ltd 3600 IN A
domain.ltd 3600 IN MX 10 mail.domain.ltd.
domain.ltd 300 IN SPF “v=spf1 mx a ip4: a:mail.domain.ltd ~all”
domain.ltd 3600 IN TXT “v=spf1 mx a ip4: a:mail.domain.ltd ~all”
mail 3600 IN A
mail.domain.ltd 300 IN SPF “v=spf1 mx a ip4: a:mail.domain.ltd ~all”
mail.domain.ltd 3600 IN TXT “v=spf1 mx a ip4: a:mail.domain.ltd ~all”

Those are the records I currently have. Have been playing around with adding the mail.domain.ltd as well with SPF records and SPF/TXT records.

What am I missing to get mxtoolbox to return my MX records and SPF? (And with that hopefully the headers recognize my SPF)
DNS provider Gandi.

Hello, earlier the DNS server of my ISP was down and apparently my ISP does not allow the use of other DNS servers (shit ISP I know). Requesting from 8.8.8.8 (or other DNS servers) just times out, while pinging them works. I found a workaround that worked partly.

I set up a DNS proxy that sends all DNS Requests over TOR, by simply adding:

DNSPort 53 DNSListenAddress 0.0.0.0 

to my /etc/tor/torrc file and then restarting the TOR service, on one of my Linux machines. On my other Linux machines I changed the nameserver in /etc/resolv.conf to the IP of my DNS proxy. This worked fine on my Linux machines.

However on Windows (Windows 10) it did not really work. I changed the DNS server in the IPv4 settings of my network device to the IP of my proxy (leaving the alternative DNS server field blank.) Funnily nslookup worked fine on Windows with my DNS proxy. But other applications such as browsers, ping etc. did not.

The DNS server of my ISP is working fine again, but I don’t want to have to depend on it. Any idea how I can get it to work on Windows?