DNS & network news

Monthly Archive: October 2019

PowerDNS: How to disable TTL per record

I’m trying to get pdns to refrain from setting a record TTL. We have a default TTL set in the SOA record and it should not set a TTL per record that is added. Is there a way to configure powerdns to just keep the entry empty? (or add the record with a ttl of “” )

I’m used to bind, but in this organisation, the admin interface is a requirement so less skilled personel can edit the dns records.

submitted by /u/TheInsane42
[link] [comments]

Powered by WPeMatico

Clearing up basic question about DNS

So I’m just trying to get the basics down about DNS and I feel that I’m nearly there, just have a last question that I can’t seem to get working in my head.

Say for example I want to find the IP associated with the hostname youtube.com

It goes through the usual DNS process (local cache –> root –> TLD) now from here youtube.com has 4 name servers or dns servers: (I grabbed these from an nslookup).

ns2.google.com

ns4.google.com

ns1.google.com

ns3.google.com

I’m assuming the TLD will redirect the request to the primary name server for example ns1.google.com . and on that dns server it should contain multiple different records (A, CNAME, AAAA, NS etc.) and return the A record containing the IP mapped to the domain name.

However when I perform an NSlookup on a name server ns1.google.com , the information returned is the A record IP address ( 216.239.32.10 ) which is the IP for the name server itself.

How do I query the nameserver ns1.google.com so that I can see it’s records relating to youtube.com and not it’s own server?

Thanks so much!

submitted by /u/DrKriegersGF
[link] [comments]

Powered by WPeMatico

Validating zone file changes

My org is running BIND 9 and I would like to add some additional checks to make sure folks aren’t making silly mistakes when editing zone files. BIND, of course, refuses to reload a zone file that doesn’t have correct syntax, but I’d like to automatically check for mistakes that are common, but syntactically valid; e.g.

  • forgot a trailing period, so we’re serving mail.example.com.example.com
  • created multiple PTRs for the same IP
  • used invalid SPF syntax inside a TXT record
  • created an A or AAAA record for an IP under our control, but didn’t create a PTR
  • used spaces instead of tabs (only kind of kidding)

I’ve had little luck finding something like this on my own. Does anyone here have tools they use and trust?

submitted by /u/typo180
[link] [comments]

Powered by WPeMatico

Asking Microsoft Azure – when will you add DNSSEC support?

Someone on Twitter is asking when Microsoft Azure DNS will finally add DNSSEC support given that customers have been asking about it for years. He points to an Azure forum post where this request was raised in April 2016. If you would also like to see Azure DNS support DNSSEC, please either share the tweet or upvote/comment on the Azure forum post (or both).

submitted by /u/danyork
[link] [comments]

Powered by WPeMatico

Running into issues with bind9

I setup the bind9 service and entries in ubuntu for the local office network, I’ve used it multiple times at other locations over the past decade with no problems for small networks like this. Only odd items here is it uses a non-standard domain internally (we will say company.fgh for example), as well as an IP subset assigned to the company that is typically external IPs (Class B, not a standard LAN 10.x or 192.x class A or C, we will use a hypothetical similar Class B address 133.0.0.x), but these IPs are used for LAN addresses (servers) with a few externally used facing the internet (email server for example).

I suspect there is something with the Class B addresses which are being sent out to resolve externally which is causing the failure.

It worked fine for a week or two (or maybe not) but suddenly all the SMB network shares (permissions handled by AD) stopped working and I cannot see why. For this example the SMB shares are at nas.company.fgh using a similar (hypothetical) Class B address 133.0.0.33.

There are no other odd nor unusual entries nor networks added.

I have the db.company.fgh, and formatted properly per every single time I’ve used it before and other instructional sites online. One piece that seems to be an issue is the NS records lines. If I just use:

IN NS ns1.company.fgh IN NS ns2.company.fgh 

then when I start bind9 service, it says “skipped db.company.fgh as no NS records exist”.

Yet if I use

company.fgh. IN NS ns1.company.fgh company.fgh. IN NS ns2.company.fgh 

then the service starts but the SMB shares are broken/unresolvable. It does have 20+ entries, things like:

ns1.company.fgh IN A 133.0.0.21 ns2.company.fgh IN A 133.0.0.20 nas.company.fgh IN A 133.0.0.33 email.company.fgh IN A 133.0.0.14 scans.company.fgh IN A 133.0.0.54 

The named.conf.local does have the “company.fgh” zone with all IP subsets that would use the DNS server, such as 133.0.0.0/24;10.0.0.0/24;10.0.1.0/24, etc. as well as the 0.130.in-addr.arpa zone with all the same entries (and proper alterations needed).

The named.conf.options file has the acl “trusted” with the same list of networks, I have tried the allow-recursion, allow-query, allow-query-cache, and allow-transfer as both “any” and “trusted” which seems to make no difference.

Any ideas or suggestions please.

submitted by /u/scr3wballl
[link] [comments]

Powered by WPeMatico

What organization to contact?

If my company, who is the registered owner of its domain through GoDaddy.com, has found out that a certificate with the same FQDN has been issued to another company/domain in Saudi Arabia? We are located in Southern California.

I have proof and have done my homework to prove that LetsEncrypt.com has fraudulently issued a domain name certificate to another organization not even within our country.

Who do I contact to have this certificate revoked and placed on the CRL?

Any further details, I can provide. I’ve done nslookups and the almighty shodan has also proved my findings to be correct.

DNS Gurus of Reddit, plz halp.

submitted by /u/Danaaerys
[link] [comments]

Powered by WPeMatico

cPanel account transfer and webmail

Hey all,

A few months ago I started renting a new dedicated server. I used cPanels transfer feature to move all of the accounts from my old server to my new server.

I hadn’t noticed until today that webmail is broken. I don’t really use webmail, but there are lots of emails in my inboxes that might be worth going through.

In particular, something strange happens when I try and access the webmail subdomain.

Let’s say my server has hosts domains “first.com” and “second.com“.

When I try access webmail, e.g. https://webmail.first.com, the index.html file from second.com is served.

Somehow the webmail subdomain is being pointed to the other domain on my server.

I have no idea why this is happening, when I look at the DNS records, I can’t see anything unusual.

The first.com zone has A records for mail, webmail, etc, which all point to the servers IP. The second.com zone only has the standard A records, mail, www, etc.

Does anyone have any ideas what might of gone wrong / how I can attempt to troubleshoot the issue?

The reason why I can’t access my webmail is because when I click on “View emails” cPanel directs me to webmail.first.com/login/ which is pointed to first.com/login/ which doesn’t exist.

I have found a work around by adding an A record for webmail to the second.com domain, but I still would like to understand what is going on.

Thanks in advance

submitted by /u/lindacupple
[link] [comments]

Powered by WPeMatico