DNS & network news

Monthly Archive: April 2016

BIND: constant queries in bind_query.log despite disabling or limiting recursion

In BIND, all night I have been seeing unending requests like this:

10-Apr-2016 23:39:50.097 queries: client <ip-address>#4444: query: <domain.tld> IN ANY +E 

It’s the same domain in every instance. Not a domain I host. I’ve shut off recursion in options in named.conf. Then tried limiting it to 127.0.0.1.

But the queries won’t stop. What am I witnessing here?

submitted by /u/fongaboo
[link] [comments]

Powered by WPeMatico

Configuring Dynamic DNS on Verizon Router…troubles

Hey All,

I’m hoping this is the right place to ask this, if not, please let me know and I’ll move it somewhere else.

I own a domain through namecheap.com. Let’s call it “mydomain.com”. I originally tried to setup dynamic DNS on my Verizon router, a MI424WR-GEN3I, but their provider list for Dynamic DNS doesn’t support namecheap.com, go figure.

Initially, I setup a free DNS domain on changeIP.com, which is supported, but it’s one of those “mydomain.this-is-a-link.net”.

My end goal is to create a subdomain, on namecheap.com, which will point to my home network, but still be able to utilize the dynamic DNS to update my IP, on changeip.com.

From my understanding, I don’t think this is possible. I think I need to first transfer my domain from namecheap to changeip.

Then from there, I can configure my Dynamic Dns to point to “mydomain.com” on changeip.com. I just don’t know how to setup the A record on changeip.com to point to the dynamic IP….but that is another topic entirely.

Sorry for any confusion, I’m a novice when it comes to this level of networking.

Please let me know if I can add any details or answer any questions.

Thanks!

submitted by /u/thadeus13
[link] [comments]

Powered by WPeMatico

What are the pitfalls of building our own public DNS server for company employees?

I run IT for a company with 3500 employees across 800 sites. Managing blacklists is nearly impossible without paying for something like OpenDNS or upgrading our current firewall/gateway solution in all locations.

I thought…why not build my own internet available DNS server(s) and point all internal company resources to this DNS server, and build in configuration to blacklist sites as needed?

I’m sure there are reasons that this will be dangerous or difficult, but I’m not (yet) a DNS wizard. First off, it wouldn’t be feasible to prevent people from the outside from using our DNS server for their own resolution. Secondly, we’d have to make sure the security aspect was very tight so that it couldn’t be used for anything else other than intended.

What else am I missing? Also, any implementations or recommended pathways I should consider in getting started?

submitted by /u/WhistlingCaruso
[link] [comments]

Powered by WPeMatico

DNS not playing nice with failover

Looking for leads. All help appreciated.

When testing our failover from our main FIOS line to our backup basic 25/2 internet connection, the failover works fine, but DNS becomes wonky. Some computers can connect to external sites with no issue, but others don’t. All of them have the same two IPs in the primary and secondary DNS settings for their connection—those IPs being two local DNS servers that we run—but some run into problems pulling up external sites while others don’t. Changing the DNS IPs to external open DNS like 8.8.8.8 fixes the problem, but that means downtime for our users while we make the changes on each computer manually. Less than ideal.

I’m not fantastic with DNS, so maybe I’m missing something simple. All help is appreciated.

submitted by /u/Meadhands
[link] [comments]

Powered by WPeMatico

Huge TTL

Can some one explain why some domains set a huge TTL (several years)? Seems like it makes it really hard to actually effectively change these records. But no cache is gonna held the data for years.

I see e.g.
ns1.ucy.ac.cy A 194.42.1.50 497664000
ns2.ucy.ac.cy A 194.42.1.55 497664000
ucyweb.ucy.ac.cy A 194.42.1.70 497664000
www.ucy.ac.cy CNAME ucyweb.ucy.ac.cy 497664000
www.nullsecure.org A 104.236.114.138 32400000
nullsecure.org A 104.236.114.138 10800000

Even the root servers set it to 3600000 which is still very large

submitted by /u/gavinspearhead
[link] [comments]

Powered by WPeMatico