DNS & network news

Non classé

How to point Domain to hosting so that the hosting doesn’t know which register i use ?

Hi everyone i was wondering since i’m a green rookie in this, How can i point my domain to an vps hosting in a way the hosting doesn’t know which domain register i use !

For Example will this work ? if i point my godady domain NS to cloud flare then in hosting add the domain to vps hosting package , would that work ?

submitted by /u/tatsujin90
[link] [comments]

Powered by WPeMatico

DNSSEC trouble, Windows Server 2016

I’m trying to teach myself to properly implement DNSSEC across a local AD domain, and I keep getting broken trust chain errors. I’d like to fix the trust chain if possible. Any info to help will be appreciated.

Big infodump below.

Initial info:
parent public domain: sglrit.com
child local, and private AD domain: hq.sglrit.com

Trust Anchors on local nameservers:

PS C:techScripts> Get-DnsServerTrustPoint TrustPointName TrustPointState LastActiveRefreshTime NextActiveRefreshTime -------------- --------------- --------------------- --------------------- . Active 2018-12-03 8:25:07 AM 2018-12-04 8:25:07 AM com. Active 2018-12-03 9:42:40 AM 2018-12-03 9:42:40 PM sglrit.com. Active 2018-12-03 9:40:04 AM 2018-12-03 10:40:04 AM hq.sglrit.com. Active 2018-12-03 9:25:07 AM 2018-12-03 10:25:07 AM 

I have activated DNSSEC at my registrar and It checks out as secure.

https://dnssec-analyzer.verisignlabs.com/sglrit.com

I then followed this tutorial to activate DNSSEC on my local AD domain.

https://newhelptech.wordpress.com/2017/07/02/step-by-step-implementing-dns-security-in-windows-server-2016/

I then used powershell to export DS records from my local nameserver and entered the records at my public nameserver

Export-DnsServerDnsSecPublicKey -DigestType Sha256 -ZoneName hq.sglrit.com -Path C:Tech -force 

Next I used DIG to confirm the DS records are live on the parent nameserver.

C:WINDOWSsystem32>dig @ns-cloud-c1.googledomains.com. hq.sglrit.com. DS +dnssec +multi ; <<>> DiG 9.10.6 <<>> @ns-cloud-c1.googledomains.com. hq.sglrit.com. DS +dnssec +multi ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48265 ;; flags: qr aa rd; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 512 ;; QUESTION SECTION: ;hq.sglrit.com. IN DS ;; ANSWER SECTION: hq.sglrit.com. 300 IN DS 24284 8 2 ( 2A9CDE75A906BC8D3858FC1B0AB42200F598D996F626 CF42CA875F68F073D005 ) hq.sglrit.com. 300 IN DS 24910 8 2 ( AB60C3B4BC4D4AEC69E63F7DAF0AF4E2BDB46F5EB2CC 1CED83AA7F6EE6600A40 ) hq.sglrit.com. 300 IN RRSIG DS 8 3 300 ( 20181222225627 20181130225627 33054 sglrit.com. jZjIfVJC0cusHh3ipzXKAwxpjz1aoGX5WDWJm3dzOCYA OcvCNbxJ1jgjy7/avzSTjKOZsybYhmG5FYeCm6F+IYMQ BRH3PYGir9NKJeOU9EcKu5pj+G0py/1Q3PNgTfzPS0Fi KWjEhp+IX9krLobeReLQQD8s5B1R5ouRwOhUJ3E= ) ;; Query time: 41 msec ;; SERVER: 216.239.32.108#53(216.239.32.108) ;; WHEN: Mon Dec 03 10:10:21 Eastern Standard Time 2018 ;; MSG SIZE rcvd: 308 

Next I checked a local record with DIG to see if it has a signature.

C:Windowssystem32>dig @10.42.60.7 hq.sglrit.com. A +dnssec ; <<>> DiG 9.12.3 <<>> @10.42.60.7 hq.sglrit.com. A +dnssec ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22544 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 4000 ; COOKIE: 365f2a5dc0aa70f4 (echoed) ;; QUESTION SECTION: ;hq.sglrit.com. IN A ;; ANSWER SECTION: hq.sglrit.com. 600 IN A 10.50.1.4 hq.sglrit.com. 3600 IN A 10.50.1.5 hq.sglrit.com. 600 IN A 10.42.60.7 hq.sglrit.com. 600 IN RRSIG A 8 3 600 20181213014237 20181203004237 17416 hq.sglrit.com. XBlbO+xbnGgmhNBqYS4YI0H/+OWfUpfFbCzQBMUhek9E1XXdQ6lFY8DO JcHR3Q6ErtL7eaazo+nSiu+ihZNCrq9+pRDom6g7PgRyx05eFhmWS3XT r1K34kh27Czq5iObkyQ5Xup9SGnu6xltpTvw39lJvkbfS34oDhR7qVeM Vho= ;; Query time: 0 msec ;; SERVER: 10.42.60.7#53(10.42.60.7) ;; WHEN: Mon Dec 03 10:06:34 Eastern Standard Time 2018 ;; MSG SIZE rcvd: 275 

The DIG command shows an RRSIG, so I see that my local server is signing something, but the DELV command below shows a break in the trust chain that I have no idea how to resolve.

C:Windowssystem32>delv @10.42.60.7 blackbox.hq.sglrit.com. A +vtrace ;; fetch: blackbox.hq.sglrit.com/A ;; validating blackbox.hq.sglrit.com/A: starting ;; validating blackbox.hq.sglrit.com/A: attempting positive response validation ;; fetch: hq.sglrit.com/DNSKEY ;; validating hq.sglrit.com/DNSKEY: starting ;; validating hq.sglrit.com/DNSKEY: attempting positive response validation ;; fetch: hq.sglrit.com/DS ;; chase DS servers resolving 'hq.sglrit.com/DS/IN': 10.42.60.7#53 ;; fetch: sglrit.com/NS ;; validating sglrit.com/NS: starting ;; validating sglrit.com/NS: attempting positive response validation ;; fetch: sglrit.com/DNSKEY ;; validating sglrit.com/DNSKEY: starting ;; validating sglrit.com/DNSKEY: attempting positive response validation ;; fetch: sglrit.com/DS ;; validating sglrit.com/DS: starting ;; validating sglrit.com/DS: attempting positive response validation ;; fetch: com/DNSKEY ;; validating com/DNSKEY: starting ;; validating com/DNSKEY: attempting positive response validation ;; fetch: com/DS ;; validating com/DS: starting ;; validating com/DS: attempting positive response validation ;; fetch: ./DNSKEY ;; validating ./DNSKEY: starting ;; validating ./DNSKEY: attempting positive response validation ;; validating ./DNSKEY: verify rdataset (keyid=20326): success ;; validating ./DNSKEY: signed by trusted key; marking as secure ;; validating com/DS: in fetch_callback_validator ;; validating com/DS: keyset with trust secure ;; validating com/DS: resuming validate ;; validating com/DS: verify rdataset (keyid=2134): success ;; validating com/DS: marking as secure, noqname proof not needed ;; validating com/DNSKEY: in dsfetched ;; validating com/DNSKEY: dsset with trust secure ;; validating com/DNSKEY: verify rdataset (keyid=30909): success ;; validating com/DNSKEY: marking as secure (DS) ;; validating sglrit.com/DS: in fetch_callback_validator ;; validating sglrit.com/DS: keyset with trust secure ;; validating sglrit.com/DS: resuming validate ;; validating sglrit.com/DS: verify rdataset (keyid=37490): success ;; validating sglrit.com/DS: marking as secure, noqname proof not needed ;; validating sglrit.com/DNSKEY: in dsfetched ;; validating sglrit.com/DNSKEY: dsset with trust secure ;; validating sglrit.com/DNSKEY: verify rdataset (keyid=11906): success ;; validating sglrit.com/DNSKEY: marking as secure (DS) ;; validating sglrit.com/NS: in fetch_callback_validator ;; validating sglrit.com/NS: keyset with trust secure ;; validating sglrit.com/NS: resuming validate ;; validating sglrit.com/NS: verify rdataset (keyid=33054): success ;; validating sglrit.com/NS: marking as secure, noqname proof not needed ;; validating hq.sglrit.com/DNSKEY: in dsfetched ;; validating hq.sglrit.com/DNSKEY: falling back to insecurity proof (SERVFAIL) ;; validating hq.sglrit.com/DNSKEY: checking existence of DS at 'com' ;; validating hq.sglrit.com/DNSKEY: checking existence of DS at 'sglrit.com' ;; validating hq.sglrit.com/DNSKEY: checking existence of DS at 'hq.sglrit.com' ;; fetch: hq.sglrit.com/DS ;; chase DS servers resolving 'hq.sglrit.com/DS/IN': 10.42.60.7#53 ;; fetch: sglrit.com/NS ;; validating sglrit.com/NS: starting ;; validating sglrit.com/NS: attempting positive response validation ;; validating sglrit.com/NS: keyset with trust secure ;; validating sglrit.com/NS: verify rdataset (keyid=33054): success ;; validating sglrit.com/NS: marking as secure, noqname proof not needed ;; validating hq.sglrit.com/DNSKEY: in dsfetched2: SERVFAIL ;; no valid DS resolving 'hq.sglrit.com/DNSKEY/IN': 10.42.60.7#53 ;; validating blackbox.hq.sglrit.com/A: in fetch_callback_validator ;; validating blackbox.hq.sglrit.com/A: fetch_callback_validator: got SERVFAIL ;; broken trust chain resolving 'blackbox.hq.sglrit.com/A/IN': 10.42.60.7#53 ;; resolution failed: broken trust chain 

Is this as good as it gets on a private domain? or is there something I can do to get proper validation from local AD up to root domain?

submitted by /u/DoctroSix
[link] [comments]

Powered by WPeMatico

Correct DNS settings for sub-subdomain?

Update:

Solved. As /u/b00m2k mentioned, I need a DNAME entry.

Original post:

Hey everyone,

I need your help. I’ve got a VPS, running under example.org. Now I want my homeserver to be reachable through home.example.org. My router support various dyndns providers, and my homeserver is now reachable through example.dyndns.org. I’ve created one CNAME entry, which redirects home.example.org to example.dyndns.org, looking like that:

#Host #Type #Destination home CNAME example.dyndns.org 

So far, so good. Typing home.example.org redirects to example.dyndns.org, and finally reaches my homeserver.

My problem is, I’d like to access various services through a sub-subdomain. E.g. cloud.home.example.org should redirect to cloud.example.dyndns.org. Since I don’t want to add a CNAME entry for every sub-subdomain, I’m not sure what exactly is necessary to get everything working.

Or would the following, additional entry be enough?

#Host #Type #Destination *.home CNAME example.dyndns.org 

I’m really no DNS expert, and I’d appreciate every help 🙂

submitted by /u/KopfKrieg
[link] [comments]

Powered by WPeMatico

I just want to know did I find something new or not

I just want to know did I find something new or it’s the thing everyone knows except me.

When trying to make a home server by orange pi, I buy a domain in Black Friday and create a website by the free host at infinityfree.net.

And I think I find a trich (Maybe or not) to using Cloudflare DNS and a free host at the same time.

Maybe I just too exciting so I make a post for this.

https://tuansun.wordpress.com/2018/12/01/diy-story-number-4-a-trich-for-a-free-host-at-infinityfree-net/

Sorry if it disturbs you, it my first time on Reddit

submitted by /u/sun_tuan
[link] [comments]

Powered by WPeMatico

Global Domain Name System (DNS) Firewall Market – Size, Outlook, Trends and Forecasts (2019 – 2025)

Domain Name System (DNS) Firewall is a network security solution that increases the security, performance, and distribution of data for providers, registrars, enterprises. Global Domain Name System (DNS) Firewall market size was valued at $149.7 million in 2017 and is estimated to reach $409.37 million by 2025 with the CAGR of 13.4% during 2019-2025.

Download a sample report at:- https://www.envisioninteligence.com/industry-report/global-domain-name-system-dns-firewall-market/?utm_source=Reddit-Santhosh

submitted by /u/prasadlotti
[link] [comments]

Powered by WPeMatico