DNS & network news

Monthly Archive: July 2019

Some help needed.

Hi folks,

I wanted to see if there was any helpful reddit users out there.

I was looking to expand my knowledge on dns and how it all works. I currently work for a web design company dealing with the technical aspects of getting the websites live. Domain transfers, modifying DNS zones, migrating customers mailboxes etc.

I still feel like theres alot I dont know and it would be helpful for me to have a good in depth understanding of dns. I downloaded a book called dns in action, but the trouble is I am shit at retaining information from books. I know my question might be abit vague, but is there any up to date articles, websites, or even youtube channels that I could start looking into to help me out.

Am sorry am if am not explaining myself well, but like I said am just looking some tips or pointers.


submitted by /u/weechrissy11
[link] [comments]

Powered by WPeMatico

Does Changing DNS can prevent you from getting booted offline?

So i met this dude at an online game called “GTA V Online” and he tried to threaten me to booted me offline for no entire reason i didn’t do anything bad at him and didn’t even touch him or killed him (at the video game) and he texted me that he will booted me offline and i am kinda curious if i change the dns on my ps4 can i prevent getting booted offline? Or just VPN? Because a-lot of people told me to just download a VPN and it will prevent you from getting booted offline, i don’t know if it’s true or not and I don’t know what exactly “DNS” means it makes me more confused when i tried to search it up.

submitted by /u/CallmeChiiikiii
[link] [comments]

Powered by WPeMatico

Self-hosted DoH Server

I thought I would share this here as there might be a few people who find it useful.

I wanted to test out the EncryptedSNI functionality in Firefox, but to do so I needed to also enable DoH. I use my own resolver and didn’t really want to switch to a cloud provider for my DNS, so I had a look at setting up my own DoH server.

What a load of hassle! There are several options, but they all seem to involve installing some server daemon that has a pile of dependencies and frameworks that also need to be set up on your server to run. I am sure one or two of you have had a similar thought, seen the instructions and thought “too much effort”.

I decided to read the RFC to see just how complicated it is, and see if there was a justification for the complexity.


That was the end result. A PHP script that can be placed on any existing HTTPS enabled web server to turn it in to a DoH server. As far as I can tell it is fully RFC8484 compliant, it certainly works in Firefox in both POST and GET modes. In theory your web server should support HTTP/2, however I put it on a HTTP/1.1 server and it worked just fine with Firefox at least.

So, Anyone else who had thought about doing this and decided it was too complicated and not worth the hassle – have a look at the script. It really is that simple…

Am I missing something? what do the other DoH servers offer that my script does not? The only thing I can think of is parsing the response and setting cache headers, but in practice clients do their own caching of the DNS responses and as far as server-side caching is concerned hitting the resolver each time is probably lighter-weight than building my own cache!

submitted by /u/NotMikeDEV
[link] [comments]

Powered by WPeMatico

Alias/DName/ Whitelabeling DKIM for Amazon SES

I’m trying to white label Amazon’s SES service for our company.

What it does is generate a specific DKIM domain for each domain you want to verify. So it’s something like EXAMPLEGENERATEDSUB.dkim.amazonses.com . What I’m trying to do is whitelabel that for our company so that the domain will actually appear like EXAMPLEGENERATEDSUB.ourdomain.com

One option I have is to CNAME every generated domain, which is bound to get messy. The other option I found is a DNAME record, but that appears to be not very well supported (and definitely not supported on Route53 which is what we use).

What would you guys recommend to tackle this problem?

submitted by /u/throwawayaccelerate
[link] [comments]

Powered by WPeMatico

Google Domains DNS Glue Records


I’m having trouble with domain registration & glue record configuration in Google Domains. I configured a domain, and configured two glue records (ns1 & ns2) which Google calls them “Registered Hosts”, pointing to the same IP. I waited two days for DNS propagation to complete, then setup Virtualmin in a server hosted in that IP.

When I go to do the initial configuration, Virtualmin says that it cannot resolve ns1.mydomain.com from the internet:

Primary nameserver cannot be resolved from the rest of the Internet

I checked the DNS status through various nslookup & dig commands suggested, and here are some of the results:

[root@se64 ~]# dig +short com. NS i.gtld-servers.net. c.gtld-servers.net. h.gtld-servers.net. b.gtld-servers.net. a.gtld-servers.net. f.gtld-servers.net. k.gtld-servers.net. j.gtld-servers.net. e.gtld-servers.net. d.gtld-servers.net. l.gtld-servers.net. m.gtld-servers.net. g.gtld-servers.net. 

And, when I query any of the GTLD servers, this is what I get:

[root@se64 ~]# dig @a.gtld-servers.net xxmydomainxx.com. +cd ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.3 <<>> @a.gtld-servers.net xxmydomainxx.com. +cd ; (2 servers found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49350 ;; flags: qr rd cd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;xxmydomainxx.com. IN A ;; AUTHORITY SECTION: xxmydomainxx.com. 172800 IN NS ns1.xxmydomainxx.com. xxmydomainxx.com. 172800 IN NS ns2.xxmydomainxx.com. ;; ADDITIONAL SECTION: ns1.xxmydomainxx.com. 172800 IN A xx.my.ip.xx ns2.xxmydomainxx.com. 172800 IN A xx.my.ip.xx ;; Query time: 57 msec ;; SERVER: ;; WHEN: Wed Jul 24 10:28:19 2019 ;; MSG SIZE rcvd: 98 

The "AUTHORITY SECTION" here is correct, and matches what I setup in Google Domains, so it seems that the Glue Records are working.

But, when I do a "dig" for the domain, I get this:

[root@se64 ~]# dig xxmydomainxx.com @ ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.3 <<>> xxmydomainxx.com @ ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 60083 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;xxmydomainxx.com. IN A ;; Query time: 743 msec ;; SERVER: ;; WHEN: Wed Jul 24 10:52:33 2019 ;; MSG SIZE rcvd: 30 

Which seems odd from Google's Public DNS. And, I can't find ns1 or ns2 either:

[root@se64 ~]# dig ns1.xxmydomainxx.com @ ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.3 <<>> ns1.xxmydomainxx.com @ ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 39076 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;ns1.xxmydomainxx.com. IN A ;; Query time: 744 msec ;; SERVER: ;; WHEN: Wed Jul 24 10:47:19 2019 ;; MSG SIZE rcvd: 34 


[root@se64 ~]# dig ns2.xxmydomainxx.com @ ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.3 <<>> ns2.xxmydomainxx.com @ ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 29003 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;ns2.xxmydomainxx.com. IN A ;; Query time: 747 msec ;; SERVER: ;; WHEN: Wed Jul 24 10:47:23 2019 ;; MSG SIZE rcvd: 34 

As you can see, even Google's Public DNS fails to give an "ANSWER SECTION", as is expected.

Could someone help me around this issue? I must be doing something wrong somewhere! Thank you in advance for your help!

submitted by /u/cartesx
[link] [comments]

Powered by WPeMatico