DNS & network news

Monthly Archive: May 2019

Internal DDNS recommendations?

I’m trying to decide on a solution to handle DNS updates for mobile DHCP clients.

Vehicles will have an onboard router providing NAT between the local network and the stations. An application running centrally will know the vehicles by hostname, and that hostname should resolve to the dynamic IP of the NAT router on the vehicle, not the IP of the server behind the NAT.

I’m imagining a DDNS agent running on the server in the vehicle, and a private DDNS server running centrally which will receive the updates from the agent and update the IP for a given hostname based on the source IP of the connection which in this case will be the dynamic IP of the router on the bus.

I’m unfamiliar with DNS server options and wouldn’t personally be setting it up but rather making a suggestion to the customer to avoid our company having to write a janky custom DDNS solution (someone proposed host file updates *shudder*)

If I have to, I could write a service to poll a central server from the vehicle, and when the central server receives an update, it updates the associated AD DNS A record. But I suspect there’s a massively more secure and reliable option to handle it.

submitted by /u/ClaytonDouglas
[link] [comments]

Powered by WPeMatico

DNSSEC and chain of trust for delegated sub-domain that doesn’t accept zone transfers

Does anyone know what DNSSEC files are required in Windows Server DNS (Server 2016) to setup a chain of trust between a child and parent domain where a zone delegation is used? Working with a delegated sub-domain between Windows that runs the parent zone which is signed with DNSSEC. The delegated sub-domain doesn’t accept zone transfers and runs on Citrix ADC (NetScaler). I thought an imported DS file via PoSH (Import-DnsServerResourceRecordDS) would work but it’s stating corrupted key. The DS file was pulled from the NetScaler after creating the ZSK and KSK and signing the zone for the delegated sub-domain. Any thoughts on what I am missing as I am a DNSSEC newb?

submitted by /u/themightymaxtastic
[link] [comments]

Powered by WPeMatico

DNS Career Path?

Hey Everyone,

I was wondering if working solely on DNS is viable career path. Do public DNS providers, such as Google, Cloudflare, and OpenDNS (Cisco), employ DNS Engineers or something similar? Do large organizations have dedicated DNS Engineers? I find DNS completely fascinating and would love to build a career around it. What would be the best way to go about this?

submitted by /u/AppropriateSoft3
[link] [comments]

Powered by WPeMatico

156.154.70.1 timed out

PING 156.154.70.1 (156.154.70.1): 56 data bytes

156.154.70.1 ping statistics —

5 packets transmitted, 0 packets received, 100% packet loss

I used to use this DNS server provided by UltraDNS but over the last year I can’t get to it. Everyone else says they can but I cannot. I loved how fast and reliable these servers were when being pared with cloudflare DNS.

MY ISP: Spectrum (Legacy Charter)

Even if I turn off my firewall entirely and connect directly to the modem the same issue occurs. Is UltraDNS dead?

submitted by /u/ihoman202
[link] [comments]

Powered by WPeMatico

Research advice

Hello I’ve been tasked with doing a research project in DNS which I’m not familiar I only have a fairly basic understanding of the concepts and terminology.

I’ve been asked to research public facing dns,dns security and alerting in relation to a data centre virtual environment.

Could anyone please provide me with some starting points ie,some tools,products topologies or services that I should be looking at

Thank you so much

submitted by /u/dermo35
[link] [comments]

Powered by WPeMatico

DNSSEC Validation Windows Server 2016, (create exception for stubzone/conditional forwarders?)

Hi,

I have started to enable DNSSEC validation on every Windows DNS used as resolver that i manage. ( dnscmd.exe /RetrieveRootTrustAnchors )

I check this site https://dnssec.vs.uni-due.de/ and it says everything is OK.

but i have some problems with the customers that have alot of stub-zone / conditional forwarders configured in their dns-server to domains that are either .local or have dnssec enabled domains.

When i enable dnssec validation, all .local-zones that are added as stubzone/conditional forwarders breaks, also if the domain is signed with dnssec.

Is it possible to keep DNSSEC validation enabled for everything on the internet, but make some kind of exception for the stub-zone/conditional forwarders?

Example:

ad.domain.com AD domain

justsomerandomdomain.com (DNSSEC enabled)

justanotherdomain.com (DNSSEC disabled)

justanotherdomain2.com (DNSSEC disabled)

DNS-Server:

DC1

Primary Zones:ad.domain.com

test.contoso.com

Stub Zone:random.local (<---THIS ONE WILL BREAK)

justanotherdomain2.com (<---THIS ONE WILL STILL WORK)

Conditional Forwardersjustsomerandomdomain.com (<---THIS ONE WILL BREAK)

justanotherdomain.com (<---THIS ONE WILL STILL WORK)

random2.local (<---THIS ONE WILL BREAK)

When i try to run nslookup against the domains that breaks after enabling dnssec validation, i will only retrieve Server Failed.

So right now i have only been able to enable dnssec validation on the small customers without stub zones or conditional forwarders in their internal dns.

Hope you can save me this time reddit! 🙂

s

EDIT: Seems like this guy have the same problem

https://social.technet.microsoft.com/Forums/ie/en-US/a9babd3c-46fb-4df5-a5e3-2a9d18249de9/dnssec-validation-disable-checking-for-internal-zones-using-nrpt?forum=winserveripamdhcpdn

submitted by /u/deadbeefcafe-guy
[link] [comments]

Powered by WPeMatico

Namecheap ‘default nameservers’ vs ‘hosting nameservers’ question

Hi!

I’m trying to understand the difference between these two types of DNS provided by Namecheap. Their support line says they use a cluster or shared dns for hosting, which I’m trying to get clarity on. Their ‘basicdns’ (which I think is the default) allows for custom records, however the hostingdns does not. Why is this?

Ultimately, I’ve got a site hosted but would like to change the records. Can I just change it to basicdns and be Ok?

Thanks!

submitted by /u/mosgrn
[link] [comments]

Powered by WPeMatico