DNS & network news

Author Archive: firstdns

DNS firewall

Essentially I want to implement a “firewalling” DNS preferably using ISC BIND

  • Default user is supposed to get no (outside) DNS recursion (all Internet access goes through an authenticating explicit proxy)
  • Default user however needs access to all internal zones, incl. delegations and forwarded zones
  • Some users still require outside access, optimally to some whitelisted zones, in addition to the internal zones

I can’t really find an easy way to do this.

  • How to create an actual whitelist? All I’ve found is how to blacklist individual zones or hosts using RPZ.
  • Disabling recursion removes the ability to use delegation, forwarders or RPZ at all, but we need that since e.g. our AD is accessed via delegation from central DNS.
  • Views (for the different types of users listed above) can’t use shared zones. Yes there’s “in-view” but which doesn’t allow using the exact same zone files between domains (“writeable file”, “already in use”), you’d still have to dynamically generate config instead of just pointing to the files

Anyone ever implemented an actual DNS firewall? Do I need to use another product than Bind to do this?

submitted by /u/mro21
[link] [comments]

Powered by WPeMatico

another country dns ip

hello! i have an openvpn server in Europe. when i check my ip, it shows IP – european, DNS IP – european. I need to change my dns so i would show up as IP – european, DNS IP – american (weird, i know). How do i achieve this? I’ve been trying different US DNS servers for the last half hour, i keep getting either european DNS IPs, or N/A. I’m assuming all those DNS providers have european servers as well, and redirecting me there? Ideally i would want to keep using, but tell it somehow that i want their US server lol.

edit: parhaps i should get a server in US, install pihole there and point my vpn to use it? hmm

submitted by /u/Jacob_sb
[link] [comments]

Powered by WPeMatico

DNS slow to resolve requests after new configuration

My host machine is running Win10. I created a VM tonight running Ubuntu, then set up a Docker container for PiHole. On the Ubuntu VM I changed the /etc/reserv.conf to point to OpenDNS. From there I set both my router, host machine and virtual switch to point to PiHole for DNS, and in the PiHole settings, pointed DNS settings to Open DNS as well.

While web pages ARE resolving, non-cached sites are taking anywhere from 6-15 seconds to actually load.

Can anyone help me narrow down what the issue could be?

submitted by /u/Hepatitis_420
[link] [comments]

Powered by WPeMatico

Open dns familyshield and pornhub

Hi, I just changed my DNS settings and I’m now using the addresses for the family shield provided by Open DNS. These are and …220.123

I tried directing my broswer to xhamster and it gets filtered all right.

I tried on pornhub, and I can access the site.. I’m quite puzzled. I tried from different browsers to rule out the hypothesis of it being cached.. but it just works from all browsers.

What’s happening here? Thanks AC

submitted by /u/Putrid-Farter
[link] [comments]

Powered by WPeMatico

[question] Is there a way to force www.reddit.com to resolve to old.reddit.com.

Everything I’ve tried requires an IP address but both “www.reddit.com” and “old.reddit.com” resolve to I’ve tried editing the Windows hosts file and my pfSense configuration.

I’m a total pfSense n00b. I had spare hardware that could run it at 10gbps so I thought I’d try using it instead of buying a new router.

EDIT: Is there a way to intercept the DNS request and change www to old?

EDIT: Thanks everyone! To summarize, the browser gets the ip from the DNS server then connects to the website securely. A solution would have to change the what the browser requests from the site. Another solution might be to setup a local webserver that would act as an intermediary between the browser and reddit.

EDIT: or just opt out!

submitted by /u/ElvisDumbledore
[link] [comments]

Powered by WPeMatico

Cloudflare A record DNS proxy issue

Hi, maybe someone can help in solving this situation. Had website where DNS is in cloudflare and website hosting another company. Site whent down, so i in cloudflare proxied DNS to another hosting company. Now i can open site only in incognito mode or have to clear cookies if i want to open site without incognito mode in either browser. SSL sertificate was disabled as after proxied i saw SSL problem. In cloudflare proxied A( both main site and dvs.sitename.com) and CNAME records.

The second problem is that i had A record, that i also proxied, name was like dvs and then you enter website address. Now – when i try to open this dvs.websiteaddress.com – i have 522 error in incognito mode and in normal mode it just does not load (too many redirects error on both sites in normal browser mode).

I do not work with DNS much, colleague left company and all management are now angry as site not working properly for 3 days. I do not know whom to ask regarding this, cloudflare or new hosting provider. Maybe i should proxy some other records?

submitted by /u/absan4ez39
[link] [comments]

Powered by WPeMatico

Domain registration help

I’m having trouble trying to get a edu.za domain registered. I’m being told I need a DNS setup before the domain can be registered. I have purchased and registered domains in the past with no problem but I have never been told I need the DNS setup before its registered.

I have no idea what the problem is. Cloudflare won’t work because it needs existing records. I tried setting up the domain in Azure’s DNS and sent the register that information but they still won’t take it.

Can anyone help me out? What am I missing here?

submitted by /u/J_Plissken
[link] [comments]

Powered by WPeMatico

DNS servers for the DNS servers

So, this is the setup:

I’ve got two dns servers, and all the workstations are assigned those two servers as dns through DHCP. The two server has forwarding dns servers (google / cloudflare) set in named.conf, so everything works as intended.

But i’m wondering, which dns servers should the operating system (linux and netplan) on those two dns servers use? This is kind of a chicken and egg problem.

should it be like this:

dns-server 1: <ip-of-other-dns-srv> and vice versa for other server 


dns-server 1: <ip-of-other-dns-srv> <its-own-ip> and vice versa for other server 


dns-server 1: <ip-of-other-dns-srv> <> and vice versa for other server 

or (current setup):

dns-server 1: <google-ip> <cloudflare-ip> 

Or is there any other way to do this?

It works now, and i know this is just minute details, but i also want to make my system as reliable and resilient as possible.

submitted by /u/cavetroll3000
[link] [comments]

Powered by WPeMatico