Author Archive: firstdns

We are in the process of migrating to a new domain (acquisition). Even though I have most of the servers, workstations, and users already migrated, most of them are still pointing to the old DNS server. I have a trust set up and conditional forwarders, so poiting them to the new one for now wouldn’t really create an issue. The issue would be once I disable to trust and retire the old DNS server.

The guidance I’m needing is really two-fold. Do I create a new zone on the new DNS server to point to the old domain names? If so, what kind of zone (Primary, Secondary, Stub)?

A more explicit issue is with one file server that I have yet to migrate. I am looking to actually move the contents of the file server to a new server that is not names the same. The company has been using this file server to attach a lot of documents in our main ERP system, and it uses UNC path. Can I create a new zone on the new DNS server named the old domain, then create an alias for the old UNC path to point to the new server name?

This should have been announced early last year- https://dnsflagday.net/
But instead, oh by the way, we’re changing the core of authoritative DNS next month, may the odds be ever in your favor.

Check your domains at home and work/change DNS providers if needed.

Sysadmin thread posted yesterday:
https://www.reddit.com/r/sysadmin/comments/agqdkf/dns_flag_day_on_february_1_2019_check_your_domains/

I currently have access to some centralised zone data files through ICANN’s CZDS. I was wondering if there was an existing parsing tool in order analyse these files.

Any recommandations?

Hello,

I can’t seem to find an answer to this question online: Can I have a powerdns server on Ubuntu, using a remote mssql backend? if so, can that support DNSSEC? How?

Hello,

​

So I have 1 IP that I am currently using for multiple usages.

​

Eg. vpn.example.com, nvr.example.com, ts.example.com and so on.

​

For the VPN it uses a port 10443, for the NVR it uses port 61442 and the ts uses default 9987 port.

​

I have tried setting up some SRV records, however I do still have to enter the https://nvr.example.com:61442 in order to view it in my browser. I understand that the browser is very simple. It understands port 80 and 443.

​

But is there any way to bypass having to provide the port number every time? I’ve read something about setting up a proxy server, to manage the redirects, but have only been able to find this on some nginx server settings. But I am not using nginx or apache in this case.

​

The SRV records look like this:

​

SRV record for NVR

​

Any idea on how to set this up properly?

​

TL;DR: Setup to fix subdomain redirection. Eg. remove the need of port extension on URL.

​

I’ve been trying all day to figure out how how to get my new domain I purchased from Google to resolve to my static public IP. I don’t think I have a proper A record in DNS but I’m very green at this so really appreciate any help!

[removed screenshot]

Did I set up the dns wrong in the photo above? I tried changing the hostname of pizza1 to www and neither work. The actual server name is ‘pizza1’ but I can’t find a DNS record: https://dns.google.com/query?name=pizza1.mennens.org&type=A&dnssec=true

When I turn on Nginx and type in the static IP, I can see the Nginx splash page.

Appreciate any help – I’ve been at this all day and feel like I’ve waisted so much time.

I think this might not be possible, but I’m looking for a way for a web site to report to the user whether they got to a site using DNS over TLS, regular DNS, etc. I know that a site normally would not have access to this information, but maybe a way to have a domain only resolvable via encrypted DNS.

Hello all,

I have been tasked to deploy a new powerDNS server for the company I work to as the the current ones we have are not working properly and they are quite old. So the new one that I installed on a centos 7 machine is the powerDNS 4.1 version.

I am not really familiar with configuring DNS servers so I did come across with an issue with pdns_recursor. Before I start explaining about the issue I have to see that the Authoritative Server of the DNS works fine. So I have added a domain to my DNS table and when I query that domain using as DNS my new DNS server it does work fine.

The issue starts when I’d like to query a domain which is not in my DNS table, ex. google.com using as DNS my new DNS. It seems that the server does send the query but never gets the answer. So I assume that my new DNS server sends the query to a Master DNS which I do not which one is as on powerDNS the version 4.1 you do not have that visibility. Unless I do not where to check. It seems that the master DNS does not reply to my DNS.

From the logs I do see that error message:

pdns_recursor[1548]: Failed to update . records, got an exception: Too much time waiting for…5msec

pdns_recursor[1548]: Failed to update . records, RCODE=-1

Not sure what it is for.

Also below is the output when I dig google.com from my new DNS server.

dig google.com @localhost

; <<>> DiG 9.9.4-RedHat-9.9.4-72.el7 <<>> google.com @localhost

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 30811

;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;google.com. IN A

;; Query time: 0 msec

;; SERVER: 127.0.0.1#53(127.0.0.1))

;; WHEN: Fri Jan 11 12:29:34 GMT 2019

;; MSG SIZE rcvd: 39

PowerDNS doco is not the greatest regarding these issues. I would really appreciate if someone could give some light here.

Many Thanks in advance