DNS & network news

Monthly Archive: January 2018

Having a hard time hosting my own DNS

Hello,

I’m having a hard time hosting my own BIND DNS. can someone please let me know if I’m doing something wrong?

  1. I have my domain name registered with my provider (register.com).

  2. I have created “A” records for my name servers in a different resource domain that I own and manage (call it ns1.resourcedomain.com, ns2.resourcedomain.com pointing to my BIND server ip addresses).

  3. On the BIND servers, I have created the zone file without issue.

  4. NSLOOKUP queries to my BIND servers return “A” records and “MX” records without issue.

  5. If I do DNS checks using services (mxtoolbox for example), it reports that my DNS servers do not respond or timeout.

  6. I am able to receive email from all domains EXCEPT (1) customer domain. This customer’s domain reports that our DNS is invalid.

How could NSLOOKUP respond correctly, I receive email from most domains, and my www “A” record responds OK, but (1) single domain cannot? Also why would a service like MXTOOLBOX report that I’m timing out? The error I get from MXTOOLBOX is:

DMARC Record Published No DMARC Record found

DNS No Valid NameServers Responded Not able to get a response from name servers within timeframe

Help is appreciated, thanks!

submitted by /u/jkeegan123
[link] [comments]

Powered by WPeMatico

Curious why facebook failed to connect to websites after hoster did something weird with their nameservers. All sites seemed to be up and running.

You can see the problem here:

http://dnscheck.pingdom.com/?domain=franska.nl&timestamp=1517309655

Everywhere I tested the sites were reachable so I was kind of freaking out until I ran the above test. Host said it shouldn’t cause any problems but they fixed it anyway and now facebook’s crawlers can resolve the domains again.

So what was putting facebook off and/or what did the host do wrong?

Cheers!

Edit: wording.

submitted by /u/MrNotPink
[link] [comments]

Powered by WPeMatico

Reverse DNS

Hi All,

I’m just wondering if somebody can help me understand reverse DNS. My understanding is that its used to point an IP to a domain name.

I performed a dig on my domain and its shows me the IP of the server.

When I do a reverse lookup “dig -x” on the IP address, the output shows the Name Server for the domain registrar. I thought the output would show my domain name. Is this right, how would I get the PTR record to show my domain name instead of the Name Server

submitted by /u/cmcmx
[link] [comments]

Powered by WPeMatico

Site doesn’t work without www, hosting company refuses to fix it. I’m confused, could someone please help me understand?

Hi all,

I’ve run into an issue with a local organization I work with. Their website only works with the www in front. The non-www URL hasn’t had an address associated with it (at least as a website) since April of 2014. However the organization’s emails work, so obviously there’s an MX record there.

When I look up the www address, it says it’s an alias for an adobecqms.net subdomain.

I brought up the issue to one of the members of the organization, who spoke with their IT support company (it sounds like they’ve asked about this repeatedly). The company says they can’t do both addresses because “we have a dynamic IP address. So it has a hard time redirecting (because our IP changes over time) if someone leaves out the www.

I’m so confused. Isn’t having both kind of best practice? I’m a newbie (I’m a web designer/developer, with a little training and experience with DNS management), but with what little experience I have, I was taught to have the non-www as an A record and the www as a CNAME so the site could be accessed either way. Also is there any clout to the claim that the changing IP would cause issues? Wouldn’t they just have to change the A record as they already do, and all the CNAMES will continue as normal? If nothing else, shouldn’t there be a redirect at the server level so that both versions of the address will work?

I don’t want this to turn into an issue between the organization and their IT company, but with what I understand of DNS and the research I’ve done this shouldn’t even be an issue to begin with.

Can someone please help me understand what’s going on? And, if I’m correct in thinking this should be a relatively easy fix, how I can explain it to the organization?

I really appreciate any help you can offer.

submitted by /u/zumer92
[link] [comments]

Powered by WPeMatico

Visibility of Subdomains Over HTTPS

I’m curious about what can be seen by a DNS resolver (e.g ISP) when using HTTPS websites.

My current understanding, and please correct me if I’m wrong, is that if I want to access the subdomain ns1.example.com that is contained within the domain example.com, a DNS request is sent out in clear text to a DNS resolver for example.com, an encrypted connection is established and then all subsequent requests for the subdomain ns1.example.com and any information that may follow the domain name are encrypted and can not be seen by the DNS resolver. Is this correct?

submitted by /u/3x0byte
[link] [comments]

Powered by WPeMatico

Did we get hacked? What is this?

Yesterday we had some emails come from our WordPress website to quite a few of our users. Instead of the normal domain, they came from a subdomain.

The day before that our security scan reported this:

Your DNS records have changed Old DNS records: asmblog.ourdomainnamehere.com points to ourdomainnamehere.com New DNS records:
Severity: Warning Status New We have detected a change in the CNAME records of your DNS configuration for the domain amazingstoriesmag.com. A CNAME record is an alias that is used to point a domain name to another domain name. For example foo.example.com can point to bar.example.com which then points to an IP address of 10.1.1.1. A change in your DNS records may indicate that a hacker has hacked into your DNS administration system and has pointed your email or website to their own server for malicious purposes. It could also indicate that your domain has expired. If you made this change yourself you can mark it ‘resolved’ and safely ignore it.

We don’t have a subdomain named asmblog.ourdomainnamehere.com to begin with. What’s up here?

submitted by /u/kwoodall
[link] [comments]

Powered by WPeMatico