DNS & network news

Monthly Archive: September 2017

Registrar temporarily pulled the plug on our domain registration – return to normal service taking a long time… ?!

Chaps, quick one, regarding DNS. We recently made a billing chance in our DNS registration account (hosting done in AWS). This triggered and automated email, requiring we confirm the changes were requested by us.

The guy the email was sent to missed the email, so last night the DNS registrar pulled the plug on our zone (something like pointing our NS at a ‘null’ server – I’m not 100% on details). Anyhow, upshot was issues with our customer facing issues etc. On call support got on the case and fixed it, by confirming link in email.

We are still seeing DNS resolution issues today (this happened at 2am this morning). Our local DC/DNS server is not returning the records at all (‘*** No internal type for both IPv4 and IPv6 Addresses (A+AAAA) records available for ‘). Workaround at present is to set client DNS to use 8.8.8.8, which is successfully resolving the domain.

So as a recap of client DNS lookup: Local DNS server: returns no records OpenDNS: returns no records Local ISP DNS: returns no records 8.8.8.8: returns records (I feel like the security guard from the Day Today at this point).

Although we have a workaround, we can’t exactly advise Joe Public to clear their DNS cache/use a different DNS server for now.

How did the registrar put the blocker on our zone, exactly? How long does that take to propagate?

The issue was tackled quickly (about 2 hours after their change) but 12 hours later we’re still seeing DNS propagation / resolution issues. Is there any way we/ the registrar can expedite the propagation of the correct records?

submitted by /u/stozinho
[link] [comments]

Powered by WPeMatico

A tool to ping through dnscrypt servers

Hi everyone,

I like dnscrypt’s idea a lot, and I’ve using it for some time now in combinaison with pihole. However when it came to choosing which server would have the lowest answer time I didn’t feel like pinging them each individually, so I created a little tool in python3 to do the job here

The servers are all pinged then sorted. It also displays whether the server doesn’t log, whether it uses DNSSEC, and the location. In the end it makes it much easier to choose which dnscrypt server to pick.

I hope y’all enjoy it!

PS: the script needs root privileges, which is unfortunate, but since the creation of socket (needed to ping) is protected, I couldn’t get around it.

submitted by /u/Vaglame
[link] [comments]

Powered by WPeMatico

Microsoft DNS Question

I have 2 primary infastructure Domain controllers which have 2 conditional forwarders setup. The conditional forwarder reaches out to a mutual business partner’s DNS servers for the records, they are not AD-integrated. We then have an enclave which houses 2 more domain controllers which does not have internet access directly outbound and we have them reference the infrastructure DC’s for lookups.

The problem I’m having is that the enclave DCs are unable to lookups the conditional lookups. My assumption when I set this up was that the enclave DCs would ask the infra DC’s which would do a conditional lookup and relay the answer. This does not seem to be the case… Is there a step i’m missing or is this not possible?

Thanks!

submitted by /u/Blacktop36
[link] [comments]

Powered by WPeMatico

Private/public DNS

Hello everyone.

My understanding of DNS is somewhat limited so I have a question.

Let’s assume I have a private network with my domain names tree(directories).

Now let’s say I want a machine from my network to access a public site, let’s say, www.reddit.com.

However, Inside my network, I too have a reddit/com domain.

In this situation, it is my understanding, that the machine from my internal network will resolve it’s path to reddit.com from my private DNS and will never reach the public one.

If all is correct until now, how do I create a private dns with the same name as a public one, but still make it possible for my machine to reach the public one first?

submitted by /u/Wisdomle55
[link] [comments]

Powered by WPeMatico