Information about DNS and network

Latest Posts

Which appliance to choose?

I’m looking for some help with choosing the right DNS-appliance. We’re not in that place to build and implement some Linux/NSD/Ubound/Bind on our own – we need a finished and resilienced, hardened solution/product, with garantuee, support and logistics for replacement and such…we have just done a quick “googling” and found some suppliers but i would love to here your tips and suggestions. What we’re looking for is to build a smaller replica of Internet with root-servers, TLD- and ordinary nameservers (smaller amount of course). There is no connection to Internet or public networks at all. This would be a testbed and we need to emulate DNS-strucure disconnected from everything else. There would probably be central administration, DNSSEC, Anycast, separated resources (recursive, authoritative, cache) and maybe hidden master/s. Maybe there’s some lessons learned and you would like to share?

submitted by /u/jhalldn
[link] [comments]

Powered by WPeMatico

SSL upstream with unbound 1.6.7

Though the latest unbound seems to be version 1.8.0, the latest available to users of Ubuntu 18.04 is version 1.6.7. The syntax of the config settings seems to change a lot, and I am having trouble finding proper examples for this version.

I have unbound working, using either direct access to root servers or using unencrypted forwarding. But I would like to use encrypted forwarding and I can not find a consistent set of options that will start properly. For example, some references call it ‘tls’ while others call it ‘ssl’. Some use ‘crt’ certificates while others use ‘pem’. There is an option ‘tls-cert-bundle’ in the latest version which is not present in 1.6.7. What do I use instead, and where do I get the file of certificates to use with it?

submitted by /u/greenbluewhite
[link] [comments]

Powered by WPeMatico

cant reach specific server while DNSCRYPT on

i do webcam Thing )))

so my websites closed in my country (i can open it with VPN but – its not working with my “cam apps”) although with DNSCrypt perfectly.

so what i’m experiencing – is massive delay in video on one website. and its absolutelly because i have 100% packet loss (((

i’ve tried to ping all of them and here’s what i got

C:UsersUser>ping lj.com

Pinging LJ.COM [109.71.161.200] with 32 bytes of data:

Reply from 109.71.161.200: bytes=32 time=192ms TTL=55

Reply from 109.71.161.200: bytes=32 time=191ms TTL=55

Reply from 109.71.161.200: bytes=32 time=191ms TTL=55

Reply from 109.71.161.200: bytes=32 time=192ms TTL=55

Ping statistics for 109.71.161.200:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 191ms, Maximum = 192ms, Average = 191ms

C:UsersUser>ping sm.com

Pinging SM.COM [216.127.59.245] with 32 bytes of data:

Reply from 216.127.59.245: bytes=32 time=228ms TTL=51

Reply from 216.127.59.245: bytes=32 time=227ms TTL=51

Reply from 216.127.59.245: bytes=32 time=228ms TTL=51

Reply from 216.127.59.245: bytes=32 time=227ms TTL=51

Ping statistics for 216.127.59.245:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 227ms, Maximum = 228ms, Average = 227ms

C:UsersUser>ping fl.com

Pinging FL.COM [204.8.234.144] with 32 bytes of data:

Request timed out.

Request timed out.

Request timed out.

Request timed out.

Ping statistics for 204.8.234.144:

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss)

But heres a thing – without DNScrypt i have no problem pinging the last one

but still have 10% packets lost (not a big deal its not 100)

is there any chance that i can make it work ? )

sorry i dont even really know what im talking about so please use simple words ))

tracert shows that it starting sending time out requests after it reach my provider i guess

C:UsersUser>tracert fl.com

Tracing route to fl.com [204.8.234.144]

over a maximum of 30 hops:

1 * * * Request timed out.

2 1 ms 1 ms 1 ms subnet.speedy.telkom.net.id [***.***.***.***]

3 5 ms 12 ms 1 ms 180.252.***.***

4 3 ms 2 ms 2 ms 61.94.***.***

5 31 ms 34 ms 30 ms 180.240.193.214

6 * * * Request timed out.

…..

30 * * * Request timed out.

Trace complete.

I Hope theres a way to fix this thing <3

submitted by /u/GYMNOLOGIZE
[link] [comments]

Powered by WPeMatico

Help with redirection of DNS queries?

Hello all, I was wondering if I could get a bit of help here. I was on a team that implemented a solution some years ago to accomplish this but for the life of me, I can’t remember what we had done. I’m trying to do the same thing now and can’t fiure it out.

Say my client owns example.com. He has a DNS server that he wants to resolve queries for mail.example.com, but requests for www.example.com need to be resolved by his ISP’s DNS server.

Is there a type of record that I can configure on the ISP’s DNS server that says, “For www go to 1.2.3.4, for mail, ask 5.6.7.8 for the IP address” ? I know the first would be an A record but I’m lost on the second.

Appreciate any help. Thanks!

submitted by /u/conan876
[link] [comments]

Powered by WPeMatico

PowerDNS & TinyDNS

Hey gang,

So I have a PowerDNS server running on Ubuntu. It has the djbDNS backend enabled:

launch=tinydns,gmysql

gmysql-dnssec=yes

I have a script that pulls and compiles our customer zones from a SQL server into a data.cdb file.

PowerDNS can read this file just fine. My question is: If I want to enable DNSSEC for a domain in the data.cdb file, how do I go about doing this? Because it seems like I have to import that domain into the PowerDNS database and then run the “

pdnsutil secure-zone domain.com” command to enable DNSSEC.

Is there a way for me to enable DNSSEC on a domain that’s only on the data.cdb file?

submitted by /u/honeysnakes
[link] [comments]

Powered by WPeMatico

Dynamically and scallably do views

I’m looking for a solution to creating a DNS server that allows for me to dyamically update views and handle a large number of statements. My goal is to create an ip specific DNS filter. I have looked at using bind-dlz with Berkeley DB, but I’m leery of it’s scale limitations. I have also looked at some interesting open source dns libraries like https://github.com/miekg/dns but it’s unclear on whether/how it supports views.

submitted by /u/jwsomis
[link] [comments]

Powered by WPeMatico