Hello!
I was messing around and testing things with the host file in Windows and trying to make it so that when I access www.youtube.com or youtube.com I would get redirected to google.com
As an experiment, I simply added in my Windows hosts file the following two lines:

<google ip address> www.youtube.com

<google ip address> youtube.com

Even after clearing the browser cache, flushing DNS, or using Incognito it does not work.
Why does it not work? Is it impossible to redirect domains such as YouTube?

I want to block access to a specific URL path, for instance, youtube.com/shorts/, while still allowing access to youtube.com as a whole. I tried blocking it directly through my router, but it turns out that only HTTP websites can be blocked, not HTTPS. I also attempted using OpenDNS, but it ended up blocking the entire website instead of just the specific path.

Is there a way to block a specific path on a website while keeping the rest of the site accessible? Any advice or workarounds would be appreciated.

Hi there, I am a bit confused by something that's started happening lately. I am in the process of reconfiguring my network to incorporate a new server and an OPNsense box.

Was previously running Pihole, but a while ago I pointed all my DNS stuff to 9.9.9.9 just to ease the transition.

Then one day after making some changes to the OPNsense box that had nothing to do with DNS (I don't even remember what it was) I could not reach anything on the internet. Started pinging WAN IP addresses I knew and they worked. OK, so DNS issue. Pinged 9.9.9.9 - response "Time to live exceeded".

This happens on all devices on my network.

It's not a major stumbling block as I can just change where the DNS points, but I am still a bit confused as to how this could have happened, why it happened and how I can undo it?

Please help! I am a noob at this and we our devs are not sure either.
The main question is how to manage DNS records to maintain our main site at Heroku and have Canva landing pages.

We have a main site working well at Heroku.
Heroku requires us to have a CNAME record with name “www” pointed at their content.

I want to create landing pages using Canva because its easy and nocode.
Canva requires an A record with name “www” pointed at their content.

Cloudflare doesnt let me have two records with the same name ("www"). It gives an error.
https://developers.cloudflare.com/dns/manage-dns-records/troubleshooting/records-with-same-name/

Is it possible to make this work? How can i have the main site on Heroku and use Canva for aditional landing pages?

Hi everyone, I'm working with FreeDNS.Afraid and I'm having trouble adding my DKIM authentication.
My email domain provided me with the following;

Name: google._domainkey

TXT record value: v=DKIM1; k=rsa; p=MIIBIjANBg...etc etc

However, the place to enter this information looks like this:

https://preview.redd.it/q644xej0wpzd1.png?width=416&format=png&auto=webp&s=79f8039a06ad8fe763a3065e7b3f3ddbc6252abd

Any help would be greatly appreciated! <3

Hi all. Just wanted to first thank y'all for the support of my initial post.

I've came back to announce a European DNS server is now live. Hosted in Switzerland. So now resolving in Europe should be faster.

More info at https://dns.triro.net/

Anyways once again, thanks for the support, and all the kind DM's offering financial support.

Also, might plan a Asia server at some point. Just depends the demand. (Feel free to DM me any issues.)

Edit : You can also use this as a backup server now, in case the North American one is to ever go down! (Vice versa)

Hi everyone, I have a fun question :) I want to design a thank you that is created/designed with code! If any of you have a minute...could you please let me know if there are any special codes that are related to good things that I could use for this design:)

what codes would you like to see in a design that bring happiness/relief lol

Thanks in advance :)

We have a domain, let's say example.com having it's NS records point to ns.myserver.{com,org,net}. We also have a subdomain subdomain.example.com also having it's NS records point to ns.myserver.{com,org,net}.

When we enable DNSSEC on both example.com (adding the DS records to the .com zone) and subdomain.example.com (adding the DS records to the example.com zone) we run into an issue that subdomains on subdomain.example.com can't be validated on servers that do DNSSEC validation with NSEC checks.

I checked dnsviz and it reported this:

Id: NSEC
Description: NSEC record(s) proving non-existence (NODATA) of
                        subdomain.example.com/CNAME
NSEC: subdomain.example.com. IN NSEC subdomain.example.com. A NS SOA AAAA RRSIG
                        NSEC DNSKEY
Sname  subdomain.example.com.
Status: INSECURE
Servers: xxxx
NS  ns.myserver.com., ns.myserver.org., ns.myserver.net.
Query  TCP_-_EDNS0_4096_D_KN<br>UDP_-_EDNS0_4096_D_KN
Errors: 
*   The following queries resulted in an answer response, even though
    the NSEC records indicate that the queried names don't exist:
    xxx.subdomain.example.com/A, xxx.subdomain.example.com/AAAA
    See RFC 4035, Sec. 3.1.3.2.
*   The following queries resulted in an answer response, even though
    the NSEC records indicate that the queried names don't exist:
    xxx.subdomain.example.com/A, yyy.subdomain.example.com/CNAME,
    xxx.subdomain.example.com/AAAA See RFC 4035, Sec. 3.1.3.2.

I think this means my server says there are no additional records under subdomain.example.com on the same server. Is this just an issue because both zones are on the same nameserver? If I 'merge' the zones, would that fix the issue?

We are using PowerDNS btw.

i am on sky ireland broadband. recently my smart dns stopped working

i found out on sky broadband forum few others have same problem and this is related to incorrect ip country. so i checked my ip

https://nordvpn.com/what-is-my-ip/ shows i am in ireland

https://whoer.net shows i am in UK.

why are these websites showing different results?

and in dns results on whoer.net i get below results for dns

United Kingdom

74.125.43.153 
74.125.18.211
74.125.18.218

what does this mean, any help please?

my main problem is in ireland using my smart dns proxy i get access to indian streaming apps.

now none of them are working. i changed dns proxy servers, also changed the provider. still no luck.

it works with vpn but i dont want to use vpn with streaming services

Hi.

I'm asking because, call me crazy, but for me the malware blocking is a little bit unnecessary. But I'm worried about not having DNSSEC. What do you guys think?

How to achieve the following functions：

The maximum number of IP addresses to return to the client when restricting the response.

I have example.com in my registrar

Lets say I set the NS records for this domain to 2 DNS providers, cloudflare and AWS Route 53. So I have a bunch of NS records:

blabla.ns.cloudflare.com

blabla2.ns.cloudflare.com

blabla.ns.aws.com

blabla2.ns.aws.com

As you can see, the NS records are a mix both from AWS and cloudflare. So after searching a bit I find that when this is done the DNS provider is chosen at random.

BUT, what happens if they have different records?

Of cloudflare has the record for subdomain1.example.com

and AWS has the record for subdomain2.example.com

Will the DNS system union both records from CF and AWS, or randomly select the NS and thus each subdomain only works 50% of the time?

If I go to subdomain2.example.com , will the DNS system recognize that CF doesn't have it but AWS does, and point to AWS, or will it 50/50 between them and when it selects CF, it doesn't return anything because CF doesn't have the record?

Hi there,

I have the front end, backend, and media all in separate containers in the same box. How do I set up the DNS correctly for this?

They all technically have the same ip, so I'm not entirely sure how to get them all to correctly configure.

It it something I need to set up server side?

Hello! This may be common knowledge, but I wanted to share my configuration that sets up Unbound to forward queries to an upstream provider using DNS over TLS. There is a guide on the Pihole site for cloudflared, but as team members said in the comments here that this is only because someone wrote it and made a pull request for it to be integrated.

I started with the basic Alma Linux LXC container and the provided Unbound configuration provided on the Pihole docs site, and added the DNS over TLS configuration at the bottom.

    # TLS settings
    tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem

    # Forward all queries over TLS
    forward-zone:
        name: "."
        forward-tls-upstream: yes
        # Cloudflare DNS over TLS
        # forward-addr: 1.1.1.1@853#cloudflare-dns.com
        # forward-addr: 1.0.0.1@853#cloudflare-dns.com
        # Quad9 DNS over TLS
        forward-addr: 9.9.9.9@853#dns.quad9.net
        forward-addr: 149.112.112.112@853#dns.quad9.net

By default, this setup does not fallback to recursive resolution of DNS requests by the root nameservers, though you can configure to do so if you wish.

Hope this helps, and any tweaks or suggestions are welcome!

i use smart dns for unlocking region specific streaming services.

all was fine until last week when things stopped working.

i checked with getflix/smartdns proxy and they said my isp sky broadband ireland is using transparent dns proxy.

so i checked with others on same isp and same dns and they are all working fine.

i tried hotspot and the services were working fine again.

so i am confused - sky is not an issue as it works for others.

smart dns provider is not an issue as it works on 5g.

i have tried setup few times with refreshing ip, changing dns servers, different devices. no luck.

im lost now as i dont know where the problem lies.

any guidance please?

Hello all you privacy nerds. I'm here announcing my new privacy first DNS server, Tri-DNS.
Which is a privacy friendly, no logs, secure DNS server that supports the latest and most modern encrypted DNS protocols. Such as DOT, DOH/3, and DOQ (Which many still don't support for some reason...)

Anyways, you can learn more at my website, https://dns.triro.net/
Also this was my first time writing HTML / CSS, so yeah, I'll probably improve on the site look and feel at some point.

You can also, if you want, easily view the source of the website on my github page. https://github.com/32bitx64bit/tri-dns-web
And if you so wish, contribute. I'll add a license at some point, probably GPL or MIT, just depends, I'll have to look into the licenses.

Also, I'm very open to feedback. And yes, I know. Only one server in one region, this is a small passion project. Might add more servers in the future if need be.

WARNING (11/6/24) 6:15 : Tri-DNS seems to be suffering a DDoS attack.

Update (11/6/24 6:20 : The DDoS attack seems to have ceased. Shame to see someone already launching a attack, really makes me rethink the morality of the world. Anyways, service has been restored. If you have any issues, do let me know asap.

This post briefly introduces 0ms.dev DNS, a free and public global DNS resolver. It may be a solution for users experiencing unreliable ISP peering, those looking to avoid rate limits on specific DNS resolvers, or anyone interested in exploring a different alternative.

0ms.dev DNS performs comparably to 1.1.1.1, but offers unique benefits and flexibility not found in other public resolvers. The technical details on the website are worth reading for a deeper understanding.

As one of the developers maintaining the project, I understand this information may be technical for some. I apologize for any complexity and welcome any questions you may have, which I will answer to the best of my ability.

Edit:

It may be a solution for users experiencing unreliable ISP peering, those looking to avoid rate limits on specific DNS resolvers, or anyone interested in exploring a different alternative.

The post clearly says “it may be a solution”, not saying it's an absolute solution for everyone, nor does it say everyone should use it.

We have users too and they tested it. This works fine for them. This project did solve some of our users' problems. We just wanted to share this because we think it might help 'someone', not 'everyone'.

A tool (for terminals) that allows me to benchmark the major DNS servers on the web (Cloudflare, DNS0, Quad9...). Something like dnsspeedtest.online.

Bonus points if it also allows you to benchmark different protocols: DNS over HTTPS, DNS over TLS, DNS over QUIC...

Can someone confirm? I have NS for our domain hosted there and 20 mins ago, no records of my domain are available on the internet. I check my administration and all records are still there and intact

Serves me right for not moving it elsewhere, but still does anyone else is experiencing same issues?

Hi

I'm in a testing phase of an internal powerdns setup which i will take into production in a few weeks.

Setup:

• Primary Powerdns Authoritative 4.9 (hidden master, it is not used as resolver for clients)
• Secondary 1, Powerdns Recursor with Powerdns Authoritative (used as resolver for clients)
• Secondary 2, Powerdns Recursor with Powerdns Authoritiative (used as resolver for clients)
• The authoritatives are responsible for about 10 internal zones like example1.mydomain.com, example2.mydomain.com etc- - this are configured in forward-zones file of the recursor and pointing to the secondaries
• The SOA of this zones is set to the FQDN of the primary Powerdns
• As Pdns Backend sqlite3 is used

Possible Problem:

• During tests we came aware that the internal zones (like example1.mydomain.com) does not give back an Authoritative answers to queries in a zone. So:

$ dig test.example1.mydomain.com @<ip-of-my secondary>

; <<>> DiG 9.18.28-0ubuntu0.22.04.1-Ubuntu

..
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:

;test.example1.mydomain.com. IN A

;; ANSWER SECTION:
test.example1.mydomain.com. 400 IN A 10.0.25.28

As you can see above "AUTHORITY: 0" is a none authoritative answer

Note that this only happens for records in the internal zones. If i dig an internal zone it gives back AUTHORITY:1

$ dig example1.mydomain.com @<my-secondary-ip>

..
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52050
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;example1.mydomain.com. IN A

;; AUTHORITY SECTION:

example1.mydomain.com. 400 IN SOA
my-primary.example1.mydomain.com. rz.mydomain.com. 2024103103 10800 3600
604800 3600

Compared to my old setup with BIND Servers (a Master and a slave which are being used as resolver for clients)

$ test.example1.mydomain.com @<ip of my current BIND Servers)

..
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;test.example1.mydomain.com. IN A

;; ANSWER SECTION:
test.example1.mydomain.com. 400 IN A 10.0.25.28

;; AUTHORITY SECTION:

example1.mydomain.com. 400 IN NS bind-primary.example1.mydomain.com.
example1.mydomain.com. 400 IN NS bind-secondary.example1.mydomain.com.

;; ADDITIONAL SECTION:

bind-primary.example1.mydomain.com. 400 IN A 10.0.40.10

bind-secondary.example1.mydomain.com. 400 IN A 10.0.40.20

Note that the behavior does not change when making the queries with nslookup - also with nslookup it is non-authoritative

Question:

With regards to resolving everything works - but i wonder why this happens. Is this normal behavior for a setup with a resolver and using forward-zone in PDNS? Do i have to care about this behavior to avoid running intoproblems? I've already tried to set the SOA to the secondary instead of the hidden master. But this does not change the authoritity value in a dig query.

I have posted this also in pdns-user maillinglist - but usually i dont get answers there

EDIT:

I found this in the pdns FAQ 

https://doc.powerdns.com/authoritative/appendices/FAQ.html

PowerDNS does not give authoritative answers, how come?

This is almost always not the case. An authoritative answer is recognized by the ‘AA’ bit being set. Many tools prominently print the number of Authority records included in an answer, leading users to conclude that the absence or presence of these records indicates the authority of an answer. This is not the case.

Verily, many misguided country code domain operators have fallen into this trap and demand authority records, even though these are fluff and quite often misleading. Invite such operators to look at section 6.2.1 of RFC 1034, which shows a correct authoritative answer without authority records. In fact, none of the non-deprecated authoritative answers shown have authority records!

So how can i evaluate if this the problem in my case?

Hello community, I am trying to log a DNS record for subdomains *www but get a SSL warning.

A es-capetown.com 159.69.28.121 600 CNAME www.es-capetown.com es-capetown.com 600

MX es-capetown.com fwd1.porkbun.com 600 1 MX es-capetown.com fwd2.porkbun.com 600 1 TXT es-capetown.com v=spf1 include:_spf.porkbun.com ~all 600

TXT es-capetown.com google-site-verification=vBwFpbe7tbshWQVQJXt9b14tiyeBwUkzHy1me3co5gs

What am I doing wrong? Should I use alias or wildcard instead? Everything works fine for root.

This is what I now.

DNS record:

;; CNAME Records

miscarriageriskcalculator.app. 1 IN CNAME miscarriage-calculator.pages.dev.

www.miscarriageriskcalculator.app. 1 IN CNAME miscarriage-calculator.pages.dev.

I am sure I am retarded, thanks in advance.

I've read about sub-delegating reverse zones, and if I define two zones in BIND (on server A):

0/25.1.19.172 and 128/25.1.19.172

... each with a zonefile with an NS record pointing to different BIND servers (B and C), the following works:

dig +short @(server A) -t ns 0/25.1.19.172.in-addr.arpa

(returns server B address)

and

dig +short @(server A) -t ns 128/25.1.19.172.in-addr.arpa

(returns server C address)

... but looking up NS for a specific address in either of those ranges returns nothing.

So a client won't get a good answer for the authoritative server unless it already knows to ask for the subzone.

Is there a way for a BIND server to properly delegate a request for a PTR record on a zone that's been subdelegated in this way?

I'm trying to get an IP of 192.168.135.135 to match up to connect.ITcounty.com through DNS, I could do it through hosts, but it's time I learned the proper way and the problem is I don't know the terminology to google it.

The computers are all domain joined, and the networks are linked through a site to site VPN. So what record should I be creating in the server DNS (assuming A, but not sure where) that will communicate that to the computers.

Hello! Im studing some topics of cybersecurity and im trying to attack a DNS that is installed on one of my virtual machines ( Debian Machines), the thing is that the DNS is working on the DNS local machine that is installed and i can ping on it, but when i try to ping from other local machine its not capable to do it, you know what is the answer? I see that you need to edit the /etc/resolve.conf archive to have connections with this DNS but its also not working, someone can help me please?

-Have a good day.

Hi,

this is supposed to be more of a "share your thoughts slash experiences" topic and less an "I have an issue and need help" topic.

I'm a software engineer and have, every now and then, to deal with registering a new domain or requesting the transfer of an existing one from one registrar to another. So I have more the perspective of an "informed customer" than that of a network engineer.

I've experienced a rather wide range of times it takes to have such a transfer completed, ranging from about 4 hours to 10 days. With that I'm not referring to cases where issues existed with the domains that had to be transferred, e.g. there was a 60-days waiting period still in effect or the like. In the cases I refer to, I issued the transfer at the new registrar, provided the EPP code and then played the waiting game for 4 hours to 10 days (although I wrote some "are we there yet"-emails starting after about 5 days in cases that took so long).

What are the technical or administrative reasons for this disparity? Why are e.g. .sk-domains apparently almost always transferred within hours while .com-domains usually take at least 5 days? Again I'm not referring to domain transfers where there's been a cock-up e.g. an employee of the current registrar accidentally hitting the "deny"-button which, according to the email conversation that ensued and eventually involved the registrar's CEO, apparently happened during one of the transfers I requested. I'm looking forward to read about the insights of some professionals in that matter.

Ciaoooooo ,

1. Ho creato la mia bozza sito web su Canva, volevo pubblicare il sito con un dominio che ho comprato, Canva mi chiede di creare un nuovo record tipo A con determinato nome indirizzo: Problema, keliweb non accetta il nome host di canva @ , e io non psso cambiarlo, Suggerimenti?

2)Domanda numero due, ho una bozza di world press sul dominio ancora in fase di staging, c'è qualche barbatrucco per apportare gli stessi layout creati su canva su word press?