Information about DNS and network

Latest Posts

Cname not working for MailChimp (via Enom)

Hey all, so I have a MailChimp and it told me to verify my domain. My txt went through, (v=spf1 include:servers.mcsv.net ?all)

But, my Cname will not go through. I created a Cname file with the name k1._domainkey and the value dkim.mcsv.net.

What I’m assuming is the period is messing the whole thing up, everytime I delete the period and save changes it reappears.

I don’t think it’s the TTL as the TXT went through as soon as I entered it…

Any solutions to my dilemma?

submitted by /u/Hungry_Front
[link] [comments]

Powered by WPeMatico

Help with simple A record question!

Sorry, probably a basic question but I am new to DNS.

I have added a custom A record in my cpanel (football.mysite.com) . I have set this to point to the same IP as my domain mysite.com.

Should football.mysite.com now show mysite.com ? I tried this and get a Not Found page and the support chat for my hosting company say I need to add football as a sub domain. Slightly confused!

submitted by /u/Crackers32
[link] [comments]

Powered by WPeMatico

Windows dns with dnssec, delegated zones and a secondary server with a missing ds record

I have a question about DNSSEC on windows DNS (Not Active Directory, windows server 2012R2).

Now I’ve got all the basics running, but a customer also wants to use it with domain delegations. So I made the delegation, works fine. Then added the DS record for the trust anchor and that works too!

Except on the secondary DNS server. All other DNSSEC stuff seems to sync just fine, except for the DS record of the delegated zone. It’s such a special case that I can’t seem to find anything about it on google (and dnssec with windows is pretty uncommon anyway).

Can anyone point me in the right direction?

submitted by /u/Xzenor
[link] [comments]

Powered by WPeMatico

How to point Domain to hosting so that the hosting doesn’t know which register i use ?

Hi everyone i was wondering since i’m a green rookie in this, How can i point my domain to an vps hosting in a way the hosting doesn’t know which domain register i use !

For Example will this work ? if i point my godady domain NS to cloud flare then in hosting add the domain to vps hosting package , would that work ?

submitted by /u/tatsujin90
[link] [comments]

Powered by WPeMatico

DNSSEC trouble, Windows Server 2016

I’m trying to teach myself to properly implement DNSSEC across a local AD domain, and I keep getting broken trust chain errors. I’d like to fix the trust chain if possible. Any info to help will be appreciated.

Big infodump below.

Initial info:
parent public domain: sglrit.com
child local, and private AD domain: hq.sglrit.com

Trust Anchors on local nameservers:

PS C:techScripts> Get-DnsServerTrustPoint TrustPointName TrustPointState LastActiveRefreshTime NextActiveRefreshTime -------------- --------------- --------------------- --------------------- . Active 2018-12-03 8:25:07 AM 2018-12-04 8:25:07 AM com. Active 2018-12-03 9:42:40 AM 2018-12-03 9:42:40 PM sglrit.com. Active 2018-12-03 9:40:04 AM 2018-12-03 10:40:04 AM hq.sglrit.com. Active 2018-12-03 9:25:07 AM 2018-12-03 10:25:07 AM 

I have activated DNSSEC at my registrar and It checks out as secure.

https://dnssec-analyzer.verisignlabs.com/sglrit.com

I then followed this tutorial to activate DNSSEC on my local AD domain.

https://newhelptech.wordpress.com/2017/07/02/step-by-step-implementing-dns-security-in-windows-server-2016/

I then used powershell to export DS records from my local nameserver and entered the records at my public nameserver

Export-DnsServerDnsSecPublicKey -DigestType Sha256 -ZoneName hq.sglrit.com -Path C:Tech -force 

Next I used DIG to confirm the DS records are live on the parent nameserver.

C:WINDOWSsystem32>dig @ns-cloud-c1.googledomains.com. hq.sglrit.com. DS +dnssec +multi ; <<>> DiG 9.10.6 <<>> @ns-cloud-c1.googledomains.com. hq.sglrit.com. DS +dnssec +multi ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48265 ;; flags: qr aa rd; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 512 ;; QUESTION SECTION: ;hq.sglrit.com. IN DS ;; ANSWER SECTION: hq.sglrit.com. 300 IN DS 24284 8 2 ( 2A9CDE75A906BC8D3858FC1B0AB42200F598D996F626 CF42CA875F68F073D005 ) hq.sglrit.com. 300 IN DS 24910 8 2 ( AB60C3B4BC4D4AEC69E63F7DAF0AF4E2BDB46F5EB2CC 1CED83AA7F6EE6600A40 ) hq.sglrit.com. 300 IN RRSIG DS 8 3 300 ( 20181222225627 20181130225627 33054 sglrit.com. jZjIfVJC0cusHh3ipzXKAwxpjz1aoGX5WDWJm3dzOCYA OcvCNbxJ1jgjy7/avzSTjKOZsybYhmG5FYeCm6F+IYMQ BRH3PYGir9NKJeOU9EcKu5pj+G0py/1Q3PNgTfzPS0Fi KWjEhp+IX9krLobeReLQQD8s5B1R5ouRwOhUJ3E= ) ;; Query time: 41 msec ;; SERVER: 216.239.32.108#53(216.239.32.108) ;; WHEN: Mon Dec 03 10:10:21 Eastern Standard Time 2018 ;; MSG SIZE rcvd: 308 

Next I checked a local record with DIG to see if it has a signature.

C:Windowssystem32>dig @10.42.60.7 hq.sglrit.com. A +dnssec ; <<>> DiG 9.12.3 <<>> @10.42.60.7 hq.sglrit.com. A +dnssec ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22544 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 4000 ; COOKIE: 365f2a5dc0aa70f4 (echoed) ;; QUESTION SECTION: ;hq.sglrit.com. IN A ;; ANSWER SECTION: hq.sglrit.com. 600 IN A 10.50.1.4 hq.sglrit.com. 3600 IN A 10.50.1.5 hq.sglrit.com. 600 IN A 10.42.60.7 hq.sglrit.com. 600 IN RRSIG A 8 3 600 20181213014237 20181203004237 17416 hq.sglrit.com. XBlbO+xbnGgmhNBqYS4YI0H/+OWfUpfFbCzQBMUhek9E1XXdQ6lFY8DO JcHR3Q6ErtL7eaazo+nSiu+ihZNCrq9+pRDom6g7PgRyx05eFhmWS3XT r1K34kh27Czq5iObkyQ5Xup9SGnu6xltpTvw39lJvkbfS34oDhR7qVeM Vho= ;; Query time: 0 msec ;; SERVER: 10.42.60.7#53(10.42.60.7) ;; WHEN: Mon Dec 03 10:06:34 Eastern Standard Time 2018 ;; MSG SIZE rcvd: 275 

The DIG command shows an RRSIG, so I see that my local server is signing something, but the DELV command below shows a break in the trust chain that I have no idea how to resolve.

C:Windowssystem32>delv @10.42.60.7 blackbox.hq.sglrit.com. A +vtrace ;; fetch: blackbox.hq.sglrit.com/A ;; validating blackbox.hq.sglrit.com/A: starting ;; validating blackbox.hq.sglrit.com/A: attempting positive response validation ;; fetch: hq.sglrit.com/DNSKEY ;; validating hq.sglrit.com/DNSKEY: starting ;; validating hq.sglrit.com/DNSKEY: attempting positive response validation ;; fetch: hq.sglrit.com/DS ;; chase DS servers resolving 'hq.sglrit.com/DS/IN': 10.42.60.7#53 ;; fetch: sglrit.com/NS ;; validating sglrit.com/NS: starting ;; validating sglrit.com/NS: attempting positive response validation ;; fetch: sglrit.com/DNSKEY ;; validating sglrit.com/DNSKEY: starting ;; validating sglrit.com/DNSKEY: attempting positive response validation ;; fetch: sglrit.com/DS ;; validating sglrit.com/DS: starting ;; validating sglrit.com/DS: attempting positive response validation ;; fetch: com/DNSKEY ;; validating com/DNSKEY: starting ;; validating com/DNSKEY: attempting positive response validation ;; fetch: com/DS ;; validating com/DS: starting ;; validating com/DS: attempting positive response validation ;; fetch: ./DNSKEY ;; validating ./DNSKEY: starting ;; validating ./DNSKEY: attempting positive response validation ;; validating ./DNSKEY: verify rdataset (keyid=20326): success ;; validating ./DNSKEY: signed by trusted key; marking as secure ;; validating com/DS: in fetch_callback_validator ;; validating com/DS: keyset with trust secure ;; validating com/DS: resuming validate ;; validating com/DS: verify rdataset (keyid=2134): success ;; validating com/DS: marking as secure, noqname proof not needed ;; validating com/DNSKEY: in dsfetched ;; validating com/DNSKEY: dsset with trust secure ;; validating com/DNSKEY: verify rdataset (keyid=30909): success ;; validating com/DNSKEY: marking as secure (DS) ;; validating sglrit.com/DS: in fetch_callback_validator ;; validating sglrit.com/DS: keyset with trust secure ;; validating sglrit.com/DS: resuming validate ;; validating sglrit.com/DS: verify rdataset (keyid=37490): success ;; validating sglrit.com/DS: marking as secure, noqname proof not needed ;; validating sglrit.com/DNSKEY: in dsfetched ;; validating sglrit.com/DNSKEY: dsset with trust secure ;; validating sglrit.com/DNSKEY: verify rdataset (keyid=11906): success ;; validating sglrit.com/DNSKEY: marking as secure (DS) ;; validating sglrit.com/NS: in fetch_callback_validator ;; validating sglrit.com/NS: keyset with trust secure ;; validating sglrit.com/NS: resuming validate ;; validating sglrit.com/NS: verify rdataset (keyid=33054): success ;; validating sglrit.com/NS: marking as secure, noqname proof not needed ;; validating hq.sglrit.com/DNSKEY: in dsfetched ;; validating hq.sglrit.com/DNSKEY: falling back to insecurity proof (SERVFAIL) ;; validating hq.sglrit.com/DNSKEY: checking existence of DS at 'com' ;; validating hq.sglrit.com/DNSKEY: checking existence of DS at 'sglrit.com' ;; validating hq.sglrit.com/DNSKEY: checking existence of DS at 'hq.sglrit.com' ;; fetch: hq.sglrit.com/DS ;; chase DS servers resolving 'hq.sglrit.com/DS/IN': 10.42.60.7#53 ;; fetch: sglrit.com/NS ;; validating sglrit.com/NS: starting ;; validating sglrit.com/NS: attempting positive response validation ;; validating sglrit.com/NS: keyset with trust secure ;; validating sglrit.com/NS: verify rdataset (keyid=33054): success ;; validating sglrit.com/NS: marking as secure, noqname proof not needed ;; validating hq.sglrit.com/DNSKEY: in dsfetched2: SERVFAIL ;; no valid DS resolving 'hq.sglrit.com/DNSKEY/IN': 10.42.60.7#53 ;; validating blackbox.hq.sglrit.com/A: in fetch_callback_validator ;; validating blackbox.hq.sglrit.com/A: fetch_callback_validator: got SERVFAIL ;; broken trust chain resolving 'blackbox.hq.sglrit.com/A/IN': 10.42.60.7#53 ;; resolution failed: broken trust chain 

Is this as good as it gets on a private domain? or is there something I can do to get proper validation from local AD up to root domain?

submitted by /u/DoctroSix
[link] [comments]

Powered by WPeMatico