DNS & network news

Monthly Archive: August 2018

Internal DNS confusion

Website is hosted at godaddy

Domain 1 forwards to domain 2 (parent site)

Domain 1 masks domain 2 so people only ever see domain 1

Externally the website works fine

Internally we found a forwarding setting in windows 10 dns manager that is forwarding domain 1 to domain 2. Internally the domains does not mask which causes small issues, issues nonetheless, when building and editing the website.

Do we need to have a forwarding set up for our website internally?

With DNS manager for windows 10 is there a way to forward with masking?

submitted by /u/LogieRhythms
[link] [comments]

Powered by WPeMatico

Is Comcast rerouting 1.1.1.1 (Cloudflare) to Comcast’s own DNS servers?

Can someone more knowledgeable than myself comment on this? Take a look at this:

From my home PC, on a Comcast residential account:

$ nslookup pundo.com 1.1.1.1 *** one.one.one.one can't find pundo.com: Server failed Server: one.one.one.one Address: 1.1.1.1 

Same thing but from my Virtual Machine hosted on Amazon:

carter@pundo:~$ nslookup pundo.com 1.1.1.1 Server: 1.1.1.1 Address: 1.1.1.1#53 Non-authoritative answer: Name: pundo.com Address: 52.3.160.43 

Traceroute from my house, on Comcast:

$ tracert 1.1.1.1 Tracing route to one.one.one.one [1.1.1.1] over a maximum of 30 hops: 1 1 ms <1 ms 1 ms router.asus.com [10.11.12.1] 2 10 ms 10 ms 10 ms 96.120.48.65 3 12 ms 12 ms 9 ms po-101-rur02.richfield.mn.minn.comcast.net [68.87.176.93] 4 12 ms 10 ms 10 ms be-25-ar01.roseville.mn.minn.comcast.net [68.87.175.161] 5 12 ms 11 ms 11 ms 69.241.114.158 6 15 ms 14 ms 11 ms one.one.one.one [1.1.1.1] Trace complete. 

From my AWS VM:

carter@pundo:~$ traceroute 1.1.1.1 traceroute to 1.1.1.1 (1.1.1.1), 30 hops max, 60 byte packets 1 216.182.224.188 (216.182.224.188) 16.780 ms 216.182.226.94 (216.182.226.94) 22.298 ms 216.182.225.90 (216.182.225.90) 21.331 ms 2 100.66.13.186 (100.66.13.186) 15.317 ms 100.66.12.122 (100.66.12.122) 21.545 ms 100.66.12.124 (100.66.12.124) 18.678 ms 3 100.66.10.150 (100.66.10.150) 15.067 ms 100.66.15.90 (100.66.15.90) 21.855 ms 100.66.11.26 (100.66.11.26) 13.596 ms 4 100.66.7.69 (100.66.7.69) 12.149 ms 100.66.6.15 (100.66.6.15) 15.176 ms 100.66.7.47 (100.66.7.47) 17.701 ms 5 100.66.4.197 (100.66.4.197) 15.400 ms 100.66.4.95 (100.66.4.95) 11.723 ms 100.66.4.125 (100.66.4.125) 12.958 ms 6 100.65.11.65 (100.65.11.65) 0.703 ms 100.65.8.97 (100.65.8.97) 0.383 ms 100.65.8.33 (100.65.8.33) 0.338 ms 7 52.93.24.52 (52.93.24.52) 1.866 ms 52.93.70.20 (52.93.70.20) 40.700 ms 72.21.220.38 (72.21.220.38) 37.060 ms 8 52.93.24.93 (52.93.24.93) 0.691 ms 52.93.24.83 (52.93.24.83) 2.023 ms 52.93.24.71 (52.93.24.71) 2.858 ms 9 54.239.109.46 (54.239.109.46) 12.292 ms 54.239.111.38 (54.239.111.38) 17.810 ms 54.239.109.46 (54.239.109.46) 11.869 ms 10 54.239.111.249 (54.239.111.249) 0.933 ms 54.239.111.251 (54.239.111.251) 0.872 ms 54.239.111.227 (54.239.111.227) 0.839 ms 11 206.126.237.30 (206.126.237.30) 0.763 ms 0.979 ms 1.123 ms 12 one.one.one.one (1.1.1.1) 0.617 ms 0.657 ms 0.651 ms carter@pundo:~$ 

So: something weird going on here? It looks to me like Comcast might be hijacking 1.1.1.1 to their own DNS servers? Or am I nuts?

submitted by /u/boojit
[link] [comments]

Powered by WPeMatico

DNS request surge causing ISP to block new connections.

Small business of 14 people.

Spectrum Business ISP.

pFsense firewall that is also DHCP and DNS.

Synology NAS files server with Active Directory and DNS.

Clients get DNS servers via DHCP, primary DNS is the Synology NAS box as this is the recommended setup for Active Directory. Secondary DNS is Pfsene box. Third and fourth DNS are ISP, and google.

Each morning our Internet connection refuses to allow new connections for a small period of time, maybe 3 minutes. I have been looking over the stats on the Pfsens box and the only significant even that corosponds to the outage is a large number of outbound DNS requests. Something on the order of 8k outbound connections to DNS servers. These are seen in the pFsense state summary.Is this number really unusual? I am not sure, as from my understanding each DNS request from a client could generate many DNS connections. I have a feeling I am tripping a DNS surge threshold on my ISP, and thus having new connections blocked for a small period of time. Existing connections (VPN) are not affected. My guess for the surge is that the cache has expired on my DNS server and clients so all requests first thing in the morning are forwarded.

Does any of this make sense, and/or any suggestions on how to resolve or further investigate this?

submitted by /u/tdhftw
[link] [comments]

Powered by WPeMatico