DNS & network news

Monthly Archive: June 2018

I need help.

Hello, I need to setup a Name Server record on my Github Pages website – problem is I can’t find any guide that says how to use an NS record on Github.

I have two nameservers, ns1.biz.nf and ns2.biz.nf.

Is it ok if I put them in my CNAME record? I’ve tried creating a file called NS but that doesn’t seem to work. Do you have a solution?

Go easy on me, I’m 13.

submitted by /u/GoDzM4TT3O
[link] [comments]

Powered by WPeMatico

DNS Checker for Russia/DNS-server list

After changing some DNS entries I have problems with the availability in some regions. So I’m looking for a DNS checker such as https://dnschecker.org specifically for Russian DNS servers. Alternatively, I’d need a list of the main Russian DNS servers, especially mobile providers: Beeline, Megafon,…

All I found is a DNS list https://public-dns.info/nameserver/ru.html but it doesn’t help much since I don’t know the importance of those entries.

Hope you can help me. Thx

submitted by /u/noomretsim
[link] [comments]

Powered by WPeMatico

Wildcard DNS entry : Am I missing something ?

Collective Hivemind,

I inherited DNS duties for the company I work for and had issues with some of the low-level tools not returning what I though were the appropriate responses to dns lookup internally. Turns out that my predecessor had honeypotted the internal DNS with a wildcard to swallow any undefined look up request rather than forward it on. (Although our web clients were working fine, nslookup was failing spectacularly. If I did a nslookup on reddit.com from our domain – I will use consoto.com for a stand in – I would get reddit.com.consoto.com and the IP address of our web server. Once I removed the wildcard record, I got four addresses in the 151.101.x.y range as expected.)

By removing the A / AAAA record for * did I miss some subtle nuance that I should be aware of ? (I do understand why you want the wild card on your external DNS server, although with application aware firewalls and newer methodologies for detection malfeasance ongoing, I am beginning to question the wisdom of such.)

Stuff bolded for clarity only.

submitted by /u/duffelbagninja
[link] [comments]

Powered by WPeMatico

Looking for DNS server software recommendations

So I’m used to running bind9 with manually edited zone files because I’ve never really had a need for dynamic entries, but I’m just getting tired of that, but bind9’s DLZ backend is slow and a real PITA to set up. As such I’m looking recommendations for DNS server software that meets the following criteria:

  • runs on Linux or FreeBSD
  • must do split horizon on individual zones
  • must able able to have master mode that can use a MySQL, PostgreSQL, or LDAP backend on another server
  • must be able to have a slave mode rather than just a caching resolver in order to have a copy of all zones in case the master goes down for an extended period
  • must support zone transfers for the slaves

My current set up has a master DNS server plus a slave running on separate AWS instances, and a slave at home for local resolution. I would add a third AWS instance for a SQL or LDAP server that would replicate to a server at home.

I tried PowerDNS a few days a go, and while it was easy to set up and get running using MySQL it doesn’t do split horizons so I thought I’d make use of hive-mind experience.

Thanks in advance.

submitted by /u/CoryCA
[link] [comments]

Powered by WPeMatico

Pihole, a Raspberry Pi, is being accessed on port 443 even though port 443 is not open. Are clients looking for DNSSEC?

I have a Raspberry Pi running pihole, https://pi-hole.net/ , which acts as a DNS proxy. I do NOT have DNSSEC enabled in pihole.

When looking at Wireshark traffic to the Pi I, with tracing limited to the tcp syn flag, I notice network traffic to port 443. The traffic comes from Apple devices and my Amazon Dot.

Are clients looking for DNSSEC on 443?

submitted by /u/reddittk
[link] [comments]

Powered by WPeMatico