DNS & network news

Monthly Archive: January 2020

DNS CNAME Not Resolving

Morning all,

Having some DNS problems that I can’t figure out. Let me start by giving you a rough guide to how I have things set up.

I have a Windows DNS server set up and configured at home, along with an NGINX reverse proxy, serving a couple of different sites on a web server. On the web server I have Plex, Radarr, Sonarr and NZBGET installed, and have set up the reverse proxy to point to this server but with a passthrough to the relevant port. This is all working fine.

Obviously, I have then set up CNAME records for each of the following, all pointing to the reverse proxy.

  • plex.domain.com
  • radarr.domain.com
  • sonarr.domain.com
  • nzb.domain.com


I have OpenVPN set up on my router, and I’m currently at work, connected to my home network via the VPN.

The problem I’m having is that “plex.domain.com” is resolving externally from my work PC, both in a browser and when I try and ping it.

Initially I thought that it was a problem with the VPN not pushing my DNS server, but everything else, which is configured exactly the same as “plex.domain.com” is working fine across the VPN.

If I RDP or SSH onto any of my devices at home “plex.domain.com” resolves as it should and is routed through the reverse proxy.

Any ideas welcome.

submitted by /u/TheD4rkSide
[link] [comments]

Powered by WPeMatico

How would the TTL of a CNAME work?

Hi, we use Windows DNS and you can set the TTL per record there (is that possible in bind btw?) but I dont know how the TTL of a CNAME works.

For example, if I have an A record a.example.com with a TTL of 15 minutes and a CNAME pointing to that with a TTL of 1 day. Someone/something caches that. Then would it cache the result of the lookup (the IP) for 15 minutes and the fact that it points to a.example.com for a day? So, treat it as 2 seperate lookups..

Or would it cache the complete result for a day, treating it as 1 lookup with the ttl of the cname?

My guess is the first, simply because it makes more sense (to me) but I would really like to be sure.

submitted by /u/Xzenor
[link] [comments]

Powered by WPeMatico

Very slow DNS lookup unless using Google/Cloudflare

I’m setting up WiFi for a new Win 10 laptop and the DNS lookup is abysmally slow, on the order of seconds when it doesn’t time out. However if I manually change the DNS provider to either or everything loads lightning fast. Likewise punching in the IP directly for a website loads it quickly too.

Is this a symptom of any particular problem? Other devices (phones, game consoles) on the same network don’t have this issue at all, just the laptop.

submitted by /u/xXx_THYME_LOOPER_xXx
[link] [comments]

Powered by WPeMatico

Layman Needs Help Understanding (privacy) Implications of Self-Hosted DNS server

Hi everyone.

tl;dr What are the pros and cons of hosting your own DNS server via unbound (for the purposes of privacy)?


I am concerned that there may be misinformation being spread about self-hosting (not for a website) your own DNS sever. Please help me to clear up my own confusion/point me to what I need to learn to begin to understand and discern for myself.

I frequent subreddits such as r/pihole, r/privacytoolsIO, r/privacy, and r/theprivacymachine. Occasionally people recommend self-hosting your own DNS server on your LAN for the purpose of not giving your internet history to recursive DNS servers (think CloudFlare, Google, Quad9, NextDNS, etc.) and minimizing the requests that you’re sending out by having a local cache.

Here is the usual recommended setup: Unbound with DNSSEC and a cache. They recommend not forwarding requests to recursive DNS servers, however, wouldn’t this make my network traffic stand out more than if I had discerningly picked a handful of privacy-respecting recursive DNS servers in my Unbound configuration? Additionally, the only guide I have found that has included properly setting up TLS certificates has been this one: https://www.ctrl.blog/entry/unbound-tls-forwarding.html

I am currently using the following setup: https://docs.pi-hole.net/guides/unbound/


Based on my reading so far I think I should be using:


Please help an ignorant layman learn to understand this for himself, so I can take my own threat model and understand fully what I’m doing here.

submitted by /u/DavidJAntifacebook
[link] [comments]

Powered by WPeMatico

Should I have the same DNS entries with my domain registrar and on the hosting server?

I’m migrating away from shared hosting and had a question about configuring my new set-up.

I’ve transferred the domain to Google Domains. I’m using their name servers. And, I’ve moved the DNS records over as well.

And, I’ve transferred the site to a VPS at Upcloud. I have an option to add some DNS entries (A and CNAME–but not TXT) to the server as well.

Do I want to create the same A and CNAME on the Upcloud server that I use at Google Domains? Or do I leave them blank at the Upcloud server since they’re already included at Google Domains?

Any insight or context would be appreciated.


submitted by /u/chriscasemart
[link] [comments]

Powered by WPeMatico

Best way to audit/validate addresses are still valid?

Hi, IT manager here. We have hundreds of domains on bulk register and enom, at an annual cost right around $5-6k. Some are purchased and used, others simply purchased for potential future use.
Most don’t have a business contact/requester, only my Engineer contact info when they set it up. Clearly not all of them resolve to an active site.

What is the best way to audit our list of DNS to see if they are active? IS there a way to audit the list with confidence of accuracy?

Likely a basic question, I appreciate any help as DNS isn’t my area of knowledge.

submitted by /u/DukePooler
[link] [comments]

Powered by WPeMatico