Hello Guys

I'm not sure to create this post , but i was in a mistake , trying to solve a situation , i wil explain :

SCENARIO :

One month ago , i was using my mikrotik with the DNS function enable , always works fine for my own purpose resolve a domain external an internal ( the domainname was the same ) also my internal registers works fine example:

payment.mydomain.com --- recordar internal ip

monitor.mydomain.com - record internal ip

if i write in my own network mydomain.com that is hosted in namecheap , it will resolve without problems , i was very happy , with that set up .

But recently i decide to disable mikrotik for dns , and installed bind9 in a server , and with the correct rules in routering , its working the server . but only i can resolve the domain that i defined in named.conf mydomain.com , but when i try to resolve the registers in external . i can't .

​

i dont know what type of Dns way i need to put the server , some information that i found in internet told me to use split DNS ,

​

please any information to configure my bind9

​

​

​

We are just taking ove a DNS zone from AWS. The strange thing is, that they seem to have A records with FQDN instead of IPs. That's not allowed in the offical RFC. So I wonder what this is and why they are not within standard.

Here is an example:

www.domain.com A ffdsakfjlkasj.cloudfront.net.

This should only be allowed as a CNAME.

Thanks for letting me know, what AWS is doing here.

As mentioned, it appears as though sometime today that all of my subdomains are no longer working. I believe that all my A and CNAME records fail to find any results on ping. The primary domain is working just fine. The DNS provider (Network Solutions) changed our nameservers temporarily, I assume to cause the records to repopulate, but even now that the changes have been reverted back to the correct nameservers and the primary domain is working again, the sub-domains do not work. Any thoughts why those would stop working wholesale?

HI,

​

I would like to know if I should use many upstream dns servers? I only use controld for now but I see somes usig many, cloudlfare, adguard, quad9...

thanks

Im at a complete loss of what to do and its a long story there will be a tldr So I graduated from highschool almost 3 years ago and they had a server that of course blocked a lot of things, I had used my personal gmail account on those wifi servers and their device so I think that might be why this is happening? But now as an adult my phone is continuing to have “suggested content” blocked on google and YouTube and in my google settings there’s a locked advanced settings but I’ve never set anything up and my mom didn’t either for me forever ago and I know it wasn’t set this way before highschool. But I have reason to think it’s my dns server because now I’m suddenly blocked from Reddit without an account when I’ve never had the problem and I get a “this page is blocked by your dns” at my own damn apartment with my own wifi ??? Pornhub being blocked I couldn’t care less about but the fact I can’t search anything vaguely adult that might be important to me AS AN adult is infuriating

Hey 👋 I’ve had 2 A records turn up on my domain which I’ve been confused about - been asking for help for ages and It turns out I don’t get along with GoDaddy. Would they have put those a records on my dns?

My situation is basically:

1 huge zone Many simple zones

I would like the simple zones to use ns1.hugezone and ns2.hugezone for nameservers. I have successfully set the glue records and all is working on this end.

I would like the NS records for hugezone to be ns1.betterserver and ns2.betterserver, though, so nsX.hugezone doesn’t have to deal with hugezone’s traffic as well.

Am I going to run into a situation where a resolver is going to find the glue and not check if the NS is different before trying to finish the job? My gut tells me this shouldn’t happen, but I can also see where it could. Does anybody have experience with such a situation?

EDIT: It appears that the simplest way to avoid what I am worried about may be to not use glue records at all for the hugezone, but instead rely on the betterserver zone’s glue records.

any issue when using wildcaed dns on subdomains? how it will become a risk?

Hello,

My zone for local DNS records is example.sk. However, my external website is outside my network and also has the domain example.sk. How do I set it up so that users within the network, when entering example.sk, are directed to the public IP address of my website rather than the local DNS server address?

Here is my config:

named.conf

options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
//
allow-query { any; };

//
listen-on { 10.81.0.102; };

//
forwarders {
8.8.8.8;
};
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//========================================================================
dnssec-validation auto;
listen-on-v6 { any; };
};

db.example

;
; BIND data file for example.sk
;
$TTL 604800
@ IN SOA dns.example.sk. root.example.sk (
3 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS dns.example.sk.
@ IN A 10.81.0.102
@ IN AAAA ::1
dns IN A 10.81.0.102

named.conf.local

//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
zone "example.sk" {
type master;
file "/etc/bind/db.example.sk";
};
//zone "0.168.192.in-addr.arpa " {
// type master;
// file "/etc/bind/db.10";
//};
logging {
channel my_syslog {
syslog daemon;
severity notice;
};
channel my_file {
file "/var/log/named/messages";
severity info;
print-time yes;
};

channel to log all zone transfers:

channel my_xfer_file {
file "/var/log/named/xfers";
severity info;
print-time yes;
};

channel to log all dynamic updates:

channel my_update_file {
file "/var/log/named/updates";
severity info;
print-time yes;
};
category default { my_file; };
category update { my_update_file; };
category xfer-in { my_xfer_file; };
category xfer-out { my_xfer_file; };
};

My IP has been banned and thus this account will be shadowbanned within a week. And as I don’t want to spend money on a VPN, would a dns do the same thing for me and allow me to browse and on Reddit?

I've been using DNS66 on my phone (Samsung Galaxy 8), and keeping it updated with F-Droid, but anytime it's active, almost none of my push notifications come through. Things like (Facebook)Chat messages, Youtube subscription notifications that I DO want, Reddit replies, emails, etc. Also my Accuweather does not update status as often as it should while DNS66 is active.

I'm not even sure which area would be affecting this. Do I need to change something in the host files I'm using, or allow some specific system app/service to bypass?

I'm using:

• Adaway hosts file
• Dan Pollock's hosts file
• Peter Lowe's Ad server list

And most system apps bypass, but honestly I'm not always sure which ones control what.

​

We will host private DNS server that a number of people will use.

Some of users will own proprietary domains (with custom TLDs, like .mocash).

Assuming I can verify domain ownership using some third party (match email + domains owned), what's the easiest out-of-the-box user dashboard we can implement with our DNS server?

We are yet to decide which DNS server to use (BIND / NSD/ Knot / PowerDNS).

Hi,

We have a win 2019 DC with internal dns running and have machines (also win2019) linked to this.

Those machines each have 2 ip addresses: 192.168.x and 172.x for their machine name (A record)

We only want to have the A record point to the 172.x ip address.

​

We have configured the DNS server to only listen to 172.x, we have manually removed the 192.x records and we have set the network cards on the machines to only "register this connection's addresses in DNS" on the card with 172.x, but they still reappear in our DNS list

​

Any tips on how to solve this will be very much appreciated!

Thank you

Is it possible to host a DNS server that can resolve requests with not publicly recognized TLDs?

For example: domain.customtld

Where ".customtld" is the TLD

Is it possible to host a DNS server that can resolve requests with not publicly recognized TLDs?

For example: domain.customtld

Where ".customtld" is the TLD

I am switching providers and our new website host is saying the record for www is still being blocked by the AWS servers. They are claiming our old host has not fully deleted AWS or Route 53 dashboard records from both locations. Until that takes place, there’s nothing that can be done.

Is there a work around for this? How can an old provider keep the domain hostage? It’s a bit interesting.

Can anyone on here recommend a good video course for learning DNS covering both basic fundamentals and more advanced level concepts?

Thanks

Here are cloud fare's directions to set up DNS for Android 9 or 10

Android 9 and Android 10 support DNS over TLS to secure your queries through encryption. In Android, this option is called Private DNS. It prevents your queries from being tracked, modified or surveilled by third-parties. Unlike previous versions of Android, this method also ensures 1.1.1.1 does not need to be configured for each new Wi-Fi network your smartphone joins.

Which dns should i choose next dns or mullvad dns?

Anyone else having DNS issue this morning - especially with google?

https://dnsspeedtest.online/ DNS Speed Test Benchmark - Find the Fastest DNS Server for Your Location

HI,

those Encrypt the DNS traffic, but someone has tested which one of those protocols is the best, I mean, fast, secure, private etc..?
thanks

I host my own primary DNS server on coredns and this works well (home network just for context)

I need (or could do with) an internal DNS server that resolves internal names - these internal names need to resolve to local resources on different IPs that the primary does (primary for firewall IPs, internal for local IPs - standard split DNS stuff) - looking at coredns it looks like I might be able to do what I want with views but the documentation on the corefile is to me very thin on the ground with just a handful of examples - is this type of configuration possible? or do I have to spin up another coredns container and essentially run 2 (which I can do I am just trying to be clever) - so ideally depending on source IP you are served from 2 different zone files and the internal should allow recursion and the external not (as it currently doesn't) - anyone done anything like this?

Hi, so lets say I have created a dns zone(parent) with example.com and second zone(child) with blog.example.com. Now in the nameserver of example.com I have set ns records for blog.example.com zone which is a different nameserver with a different zone file. So my question is that when a client queries about blog.example.com will tld server delegate to example.com nameserver and then it will delegate to blog nameserver or will tld directly delegate to blog nameserver. I am confused because they both have different zone files and so by that I assume that tld will directly have ns records for blog nameserver(no caching in consideration).

Hello, I have an interesting issue with one of my sites, I just moved it to another host, so I changed the DNS servers, including Nane Servers and updated the DNS records about 5 hours ago... The A record IP address being reported by google (8.8.8.8) sometimes flips back and forth between 173.245.58.51 and 159.65.187.151 (159 being the good IP) the problem is 173.245.58.51 has never been the IP address of this website (this is a cloudflare IP), the previous IP was 167.99.127.104

I understand that it might not have been propagated everywhere within 8.8.8.8 hardware, and it seems like it's the only DNS resolver that has this issue.

For those curious : DNSCHECKER.ORG

Any idea what might be going on?

Thanks!

Good afternoon everyone, I am not too familiar with how DNS works but I have some coworkers that have ran into a problem trying to access a particular company site. I was told that one user, as I mentioned, was able to access the site, yet another one was getting this when trying to load the webpage. Is this actually possible? What could be the cause? Any information on the matter would be great. Ill try to get more information from the end users as well. Thank you!!

https://preview.redd.it/gkpaao7f8koc1.png?width=447&format=png&auto=webp&s=a9c1c933e2771148329278c15eb5120c0928d172

So here is the Barney version: A client wanted a new website. So I built them one on Wix (their choice, not mine because no one in the org understands WP) and canceled the plan with the old host. The DNS for the old site was with GoDaddy. I told the client how to set up a 301 forward to the new URL so they wouldn’t lose traffic. I was VERY clear about how to do it because they insisted they were comfortable doing it. The redirect kept timing out so the client went and deleted a bunch of DNS records that someone from their church told them weren’t relevant anymore. A records, CNAME records, mx records, they deleted a bunch. Fml. Now the forward doesn’t work at ALL and I don’t know how to recover the deleted records or fix the issue to just get the old URL to just jump to the new one. Does anyone have any easy solutions to this. I want a direct search or Google (the old site is still indexed and coming up) to just redirect to the new URL. This can’t be as complicated as it seems. Right? This is the first time I’ve ever had someone fuck with their DNS and completely fuck shit up. Any ideas are appreciated.

SOLVED: If you have UniFi gear and you have enabled "Ad Blocking" the gateway will intercept traffic and answers as your DNS Server, even with the same IP. This probably wont happen if you use DNS over TLS or DNS over HTTPS, since it cant look/modify those certificates, but for "plain" UDP/TCP requests it should intercept and answer it. Disable that feature and it works as intended :)

Hey folks!

Just struggling with some DNS here:

My internal zone for a public domain is not being resolved by other clients on the network.

First of all, this is the zone definition: And this is the zone file:

zone "kosmos1.int.wavecloud.org" {
    type master;
    file "/etc/bind/zones/db.kosmos1.int.wavecloud.org";
};


$ORIGIN kosmos1.int.wavecloud.org.
$TTL    120
@       IN      SOA     ns.kosmos1.int.wavecloud.org. hostmaster.wavecloud.org. (
                              9         ; Serial
                           3600         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;

; Name Servers
@               IN      NS      ns.kosmos1.int.wavecloud.org.
servers         IN      NS      ns.kosmos1.int.wavecloud.org.

; Name Servers - Records
ns              IN      A       

; Records:
router          IN      A       10.5.0.510.10.0.1

On the nameserver itself, named-checkconf does not return an error. named-checkzone also works. It loads serial 9 and prints "OK", indicating a valid syntax etc.

Dig is also working on the ns itself:

root@ns:/etc/bind# dig 
; <<>> DiG 9.18.24-1-Debian <<>> 
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56816
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: dd994051a6d323540100000065f439a90f57ffe792340c5a (good)
;; QUESTION SECTION:
;router.kosmos1.int.wavecloud.org. IN	A

;; ANSWER SECTION:
router.kosmos1.int.wavecloud.org. 120 IN A	10.10.0.1

;; Query time: 0 msec
;; SERVER:  (UDP)
;; WHEN: Fri Mar 15 12:06:01 GMT 2024
;; MSG SIZE  rcvd: 105router.kosmos1.int.wavecloud.orgrouter.kosmos1.int.wavecloud.org10.5.0.5#53(10.5.0.5)

From a different client (BIND is at 10.5.0.5, Client at 10.10.X.X), BIND just returns NXDOMAIN:

[user@WaveCloud-XPS ~]$ dig  u/10.5.0.5
; <<>> DiG 9.18.24 <<>>  u/10.5.0.5
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 45647
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;router.kosmos1.int.wavecloud.org. IN	A

;; Query time: 3 msec
;; SERVER:  (UDP)
;; WHEN: Fri Mar 15 13:07:10 CET 2024
;; MSG SIZE  rcvd: 61router.kosmos1.int.wavecloud.orgrouter.kosmos1.int.wavecloud.org10.5.0.5#53(10.5.0.5)

Why is this? In my named.conf.options, I have everything set:

options {
    directory "/var/cache/bind";
    dnssec-validation no;
    recursion yes;
    allow-recursion { any; };
    allow-query { any; };
    allow-query-cache { any; };

    allow-transfer { none; };

    listen-on { ; };

    forwarders {
        ;
        ;
    };
};10.5.0.51.0.0.11.1.1.1

I am clueless. Any ideas?