#dns
Xubuntu 22.04: no DNS after PXE/overlay boot #2204 #networkmanager #dns #pxe
Halleluja! OLG Dresden verneint #Störerhaftung für #DNS-Anbieter
We're excited to release NSD 4.8.0. Our authoritative #DNS server now features the PROXY protocol, which was graciously sponsored by the Swedish NREN, Sunet. 🙌🇸🇪 https://nlnetlabs.nl/news/2023/Dec/06/nsd-4.8.0-released/
PowerDNS Recursor 5.0.0-rc1 Released
https://blog.powerdns.com/2023/12/06/powerdns-recursor-5-0-0-rc1-released #dns #dnssec
Sharing an interesting message from our QA Manager about a site deployment erroneously flagged as malicious and how to fix it
#devops #deployment #dns #webdev
https://thomasrigby.com/posts/interesting-funtimes-with-nhs-website/
after spending a good week moving my #freebsd cloud install over to a more modern #linux cloud install, with all my services and web hosting, naturally today I decided my cloud host sucks and moved over to #hetzner
because I haven't fucked with #DNS enough in the last two weeks, obviously
at least I'm saving some money
What is #crowdsourced #dns filter lists by the people, for the people , of the people ?
i mean - politically
#Internet
Netplan DNS configuration is overridden UBUNTU 22.04 #dns #netplan #systemdresolved
I've successfully set up [Mox](https://github.com/mjl-/mox) by Mechiel Lukkien as my new mail server. It handles SMTP, IMAP, SPF, DKIM, and DMARC. It has a built-in spam filter, a web interface, webmail, autoconfiguration and it can show a checklist whether your DNS is set up correctly or not. All in a single binary! Pretty cool stuff. I'm planning to test various other solutions and document it on my blog soon.
#admin #sysadmin #mail #email #smtp #imap #dkim #spf #dmarc #dns #web #webmail #mox
This is the wildest thing I've ever seen.
#root #dns #tech #ksk #kskceremony
https://youtu.be/jlATrPfoL84
#Unbound supports DNS-over-TLS and DNS-over-HTTPS which allows clients to encrypt their communication. In addition, it supports various modern standards that limit the amount of data exchanged with authoritative servers. These standards do not only improve privacy but also help making the DNS more robust. The most important are Query Name Minimisation, the Aggressive Use of DNSSEC-Validated Cache and support for authority zones, which can be used to load a copy of the root zone.
#dns
https://nlnetlabs.nl/projects/unbound/about/
If you'd like to use #redis with my @nlnetlabs #unbound #docker image using rather a #socket than #tcp connection, this should get you covered: https://github.com/madnuttah/unbound-docker/blob/main/doc/redis/INSTRUCTIONS.md
J'en avais marre du #DNS de #Free qui bloquait @YggTorrent
Et là.. j'ai découvert le site https://changetondns.fr/ qui est super claaaaair !!
Automation is key!
There's a saying that IT professionals tend to be lazier than others - any maybe there's some truth to it. But is it really a bad character trait? Not necessarily.
Lazy developers and admins automate. They don't repeat the same set of tasks over and over again, but instead come up with an idea to make their lifes easier and more convenient ;-)
As even ZERO GmbH is not safe from lazy developers, we have automated some processes in our IT - including the setup of various software components for our #AMPS nodes and the associated IT infrastructure, such as #VPN and #DNS setup.
This saves us a huge amount of time. A quarter of an hour of manual labour can become a few seconds of waiting time and we have time for more interesting tasks :-)
We mainly use the Ansible configuration tool, which we like because it works without an additional daemon on the target and via a simple SSH interface.
At ZERO GmbH, we're managing a lot of #AMPS Nodes (see: https://zero-iee.com/en/products/). Most of them are connected to our management VPN. Each of the nodes has a unique identifier (serial no.).
We've set up an internal DNS server that resolves their serial bumber-based FQDN and returns the corresponding VPN IP address. Thus it's easy to find the correct VPN and IP address to start maintenance or troubleshooting :-)
Our requirements on a DNS Server are quite low. We could have picked THE ONE, the only, the allmighty Bind DNS server - but instead we tried something different:
Yadifa. https://www.yadifa.eu
Yadifa is a less-known DNS server implementation by EURid - the nonprofit organization that powers the .eu top level domain!
We were surprised of the simplicity of Yadifa and had our DNS Server up and running in minutes! If you're looking for an easy to configure DNS server, check it out.
The .ing and .meme #domains have their sunrise registration phase ending in about 90 minutes and enter general availability. Get 'em while they're hot!
https://blog.google/products/registry/google-registry-meme-domain/
https://blog.google/products/registry/introducing-the-ing-top-level-domain/
Configuring CoreDNS is easy, but managing more than one or two zones quickly becomes cumbersome 😓. DNSimple’s CoreDNS integration makes managing zones simple 💪. Once the CoreDNS plugin is installed and connected 🔌 to DNSimple, zone managers can use the DNSimple UI or API to add, edit, and remove #DNS records, including custom DNS records and functionalities, like regional, #ALIAS, #POOL, and #URL records from their #CoreDNS zones. Learn more 👉 👉 https://blog.dnsimple.com/2023/08/coredns-integrated-provider/?utm_source=mastodon&utm_medium=social&utm_campaign=coredns
"Latest copyright decision in Germany rejects blocking through global DNS resolvers"
Cloudflare Applauds Court for Rejecting DNS Piracy Blocking Order
https://torrentfreak.com/cloudflare-applauds-court-for-rejecting-dns-piracy-blocking-order-231205/
9. 🇸🇮 Slovenia's ISO 3166-1 alpha-2 code is "SI" and its internet top level domain (TLD) is .si
Because "sí" is also the word for "yes" in Spanish, .si domains are occasionally seen as a form of domain hack in the Spanish speaking world.
@forumstandaardisatie @minbzk @nora @internet_nl @ministerieezk sjongejonge
#dns #dhcp van lijst standaarden af.
Spijkers op laag water mensen
@bert_hubert
@forumstandaardisatie @minbzk @nora @internet_nl @ministerieezk eindelijk geen dns meer. #dns
Router changing default gateway when creating a DNS #dns
How to add multiple domains to my dns server? #dns #domainserver
New little test service for fans of #RFC 9460 (#DNS SVCB and HTTPS RRs): Go to https://svcbtest.amsuess.com/ to see whether your browser uses the ports indicated in DNS.
So far it seems like Firefox only uses it when DoH is enabled (no matter whether the network.dns.force_use_https_rr flag is set in about:config or not); I didn't get Chromium to use it yet.
How to manually create your own nameservers and manage multiple domains(without the help of control web panels) #networking #apache2 #dns #domainserver
UDP 53 not working #networking #server #dns #iptables #firewall
Cloudflare WARP
De gratis app die uw internet veiliger en sneller maakt.
#Column L.Yo
https://mijn5euro.wordpress.com/2023/12/04/cloudflare-warp/
#app #Argosmartrouting #BoringTun #Cloudflare #cloudflarewarp #dns #DNSresolver #internet #privacy #Review #Rust #software #UDP #vpn #WireGuard
AdGuard Update:
Conclusie: bijna complete software. Niet super voor mobiel.
#Column L.Yo
https://mijn5euro.wordpress.com/2023/12/03/adguard-voor-windows/
#Adblocker #beoordeling #browser #childsafety #dns #Network #revieuw #security #software #stealth #windows
For those of us in the admittedly obscure world of #DNS security and #DNSSEC, this is very important as it marks a transition to elliptic curve algorithms…
… but for probably 99.9% of Internet users, this is serious “eyes glaze over” territory. 😃
From: @rr
https://txt.udp53.org/@rr/statuses/01HGT0ZPH6G5E96HZB6GK6E7J1
Some of our folks are giving a technical webinar December 13th on SMS Cybercrime -- a DNS perspective. They will cover the malicious link shortener Prolific Puma and how we discovered it, what we see from an MFA phishing perspective, and look at what DNS actors doing all that USPS phishing look like. #dns #cybersecurity #infosec #phishing #prolificpuma #sms #malware #cybercrime #infoblox https://www.infoblox.com/registration-sms-cybercrime-a-dns-perspective/
Strange UFW Block Logs #networking #server #dns #firewall #ufw
Changing dns to OpenDns works only in the current session, not for my child and not after reboot #networking #dns #opendns
Chez ARN, on aime @lacontrevoie qui a produit plein de belles choses:
- un résolveur #DNS ouvert compatible #DoH https://lacontrevoie.fr/services/doh/
- des #conferences https://lacontrevoie.fr/activites/conferences/
- de la doc technique pour les autres @ChatonsOrg https://docs.lacontrevoie.fr
Aujourd'hui, cette asso vient de publier sa feuille de route et n'attends plus que vos dons pour les aider à garder le cap.
https://lacontrevoie.fr/blog/2023/lancement-de-notre-feuille-de-route-2024-2026/
Je fais un don et je pose mon étoile dans la constellation:
https://constellation.lacontrevoie.fr/
Weekend Reads:
* DNS at IETF 118 https://www.potaroo.net/ispcol/2023-11/dns-ietf118.html
* Renaming the DNS root https://www.sidnlabs.nl/en/news-and-blogs/renaming-the-dns-root-opportunities-pitfalls-and-a-testbed
* Linux hardening guide https://madaidans-insecurities.github.io/guides/linux-hardening.html
* NAT side-channel threats https://arxiv.org/abs/2311.17392
* F-ROOT Southeast Asia performance https://arxiv.org/abs/2311.16545
Thanks to @feistyduck Bulletproof TLS Newsletter I learned the `.et` #ccTLD publishes #CAA records in the #DNS, alone among all TLDs. With at least an error (using `wildcard` property for one instead of `issuewild`) and 0 TTL values. Because of "climb to the root", it impacts transitively any domains under `.et`. I kept this for posterity at https://dnsviz.net/d/et/ZWqfLg/dnssec/ as it should be a fluke that will disappear (seems APNIC in May searched and found 0 TLDs doing that: https://blog.apnic.net/2023/06/28/whose-certificate-is-it-anyway/)
Why Memorize IP's When You Can Self-Host #DNS Instead?
I've updated my @nlnetlabs #unbound #docker image and build environments to #alpine #linux 3.18.5 and optimized the #openssl and image #dockerfiles a bit. The size got reduced, too. The version is 1.19.0-2 now.
It's almost the image's second anniversary, btw! 🥳
Google wants you to bring the laughs with its new .meme domain | TechRadar
> The new top-level #Google .meme domain is here to support lol-worthy content.
Managing multiple AWS accounts? Experiencing DNS or domain sprawl? 😓 Get a clean, simple overview of all your domains and DNS in one place 😉. Manage your Route53 zones in DNSimple with our Domain Control Plane 👉 https://blog.dnsimple.com/2023/06/manage-aws-routes-in-dnsimple/ #aws #route53 #domains #dns
#15yrsago Neil Gaiman explains why he opposes laws banning speech he disagrees with https://journal.neilgaiman.com/2008/12/why-defend-freedom-of-icky-speech.html
#15yrsago Why #Candyland doesn’t suck https://web.archive.org/web/20081205063135/http://playthisthing.com/candy-land
#15yrsago Vietnam’s amazing phone-unlockers https://www.cnet.com/culture/unlocking-iphone-3gs-the-vietnamese-way/
#15yrsago UK to punish “publishing police info” with 10 years in jail https://www.indymedia.org.uk/en/2008/11/413023.html
#15yrsago How #DanKaminsky broke and fixed #DNS https://www.wired.com/2008/11/ff-kaminsky/
7/
Je pars en retard du boulot, mais j'ai vu passer un mail où les gens se grattaient la tête car il y avait un nom de domaine bizarre commençant par "xn--" dans une de nos applis.
J'étais contractuellement obligé d'expliquer (sans citer de RFC pour ne pas achever les interlocuteur·trice·s) :) #DNS #IDN
Today, I FINALLY got fed up with the subtle bugs that come with `lvh.me` being such a short domain name; such as Rails' `domains: :all` not working by default (it's documented behavior! This sucks! https://api.rubyonrails.org/classes/ActionDispatch/Cookies.html)
So I registered `local-loopback-wildcard.com`. No matter what you throw, it always resolves to `127.0.0.1`. So you can test against subdomains without TLD hacks. Your testing environment matches production; as it should be.
Thanks to those who helped with my #DomainRegistrar search. I wanted to act before #GoogleDomains transferred my #Domains to #Squarespace.
After a review of suggested companies’ histories, websites, and pricing, I’ve started transferring my domains to #Porkbun. #Google has made it fast to transfer domains out of Google Domains. The transfer was done in an hour, unlike the 7+ days that register.com put me through in 2021.
#GoogleGraveyard #TechHelp #Recommendation #DNS #Domain #Websites
I appreciate all of the #Recommendations for superior #DomainRegistrar companies with trickery-free UIs. I have some research to do before #GoogleDomains transfers my #Domains to #Squarespace.
Much thanks to:
@Lesley
@shuLhan
@ipstenu
@jeroenrotty
@rmbolger
@technicat
@steris
@croc
@aohorodnyk
@esg
#GoogleGraveyard #TechHelp #Websites #Advertisements #WordPress #Google #Recommendation #DNS #Domain
🚚 Hinweis 🚚
Unser DNS-Resolver ist auf einen anderen Server umgezogen. Wer ihn direkt über die IP-Adressen verwendet, sollte diese ändern! Mehr Infos (und die aktuellen IP-Adressen): https://dns.artikel10.org
Great responses! This is what I love about #Mastodon.
@shuLhan — Thanks for a vote against #Squarespace.
On the positive side, thanks for #recommendations of:
* #CloudFlare from @aohorodnyk
* name.com from @Lesley
* hover.com from @ipstenu
Does anyone else have a #recommendation for a #DomainRegistrar whose UI lets me make changes to my #DNS #domain without being bombarded by #ads (or outright failures) in the process?
#TechHelp #Websites #Domain #DomainRegistration #Advertisements #Google
Years ago I switched my #DomainRegistrar from register.com to #Google #Domains. I liked the Google Domains UI. It let me get in, make changes, and get out without being bombarded by #ads.
I should’ve known Google would kill a decent product.
They're selling each #domain to #Squarespace. Does anyone have experience with Squarespace? Is their #DNS interface as clutter/ad free? Should I transfer to #WordPress instead?
#TechHelp #Websites #Recommendation #DomainRegistration #Advertisements
Fun with #DNS TXT Records
I installed Portmaster[1] on Windows 10 (VM) and blocked Adobe Lightroom Classic. That made the whole software to freeze and become non-responsive.
319 connections so far, 0% blocked. The software talks to some subdomains for adobe.io (photos, lcs-cops, ic, lcs-robs, and a few more) and photoshop.com.
Oh how I wish darktable were just like Lightroom: automated and easy to use.
[1]: https://safing.io
#privacy #firewall #dns #OpenSource #darktable #lightroom #adobe
There's now a mailing list for those interested in the new Registry System Testing system that #ICANN is building for the next round of gTLDs: https://mm.icann.org/mailman/listinfo/subpro-irt-rst
I'll be talking about the new system (fully automated, API driven, machine readable test plans and open source code) on an upcoming call of the SubPro[1] IRT[2]: https://mm.icann.org/pipermail/subpro-irt-rst/2023-November/000000.html
We need subject matter experts on #DNS, #DNSSEC, #EPP, #RDAP and #IDNs to review our work and make it better!
Dzisiaj na #blog o tym jak przeniosłem instancję #WriteFreelyPolska (https://writefreely.pl) z #VPS od #Oracle do @ftdl oraz o tym jak zmieniłem providera #DNS z #Cloudflare na #FreeDNS42 (https://freedns.42.pl). W sumie to bardziej o tym drugim 😉 Taki wpis o tym, że Cloudflare jest złe i pokazanie fajnej alternatywy 😉
Zapraszam!
https://blog.tomaszdunia.pl/migracja-writefreelypl-freedns42/
I'm not enough of a protocol or encryption wonk to have a firm opinion on the newly published RFC for this alternative to #DNS named #GNS but I sparkleheart the design goals. From a cursory reading, it seems like it isn't a boil-the-ocean solution (unlike so many other GNU initiatives) so perhaps it can gain momentum in niches and work its way out from there.
https://www.rfc-editor.org/rfc/rfc9498.html
🐃 #RFC9498: The #GNU Name System
https://lists.gnu.org/archive/html/info-gnunet/2023-11/msg00000.html
congratulations and thanks you to all involved. urn:ietf:rfc:9498
#DNS #NLnet https://nlnet.nl/project/GNS/ @nlnetlabs @NGIZero @EC_NGI #@djb #@Stallman
via https://lobste.rs/s/0hga6k/rfc_9498_gnu_name_system
¹ https://mro.name/axfh62x
So my recommended #DNS setup for #privacy aware individuals is: always use a public resolver that is operated by a third party you trust. Maybe that is @quad9dns or @mullvad or @digitalcourage. This way your DNS requests are hidden behind their IP 9/n
The three most popular DNS protocols with transit encryption are DNS-over-HTTPS (DoH), DNS-over-TLS (DoT), and DNS-over-QUIC (DoQ). This should help you choose what to use:
- Do you actually need to override OS DNS support? If not, or if you’re unsure, go to 6.
- Are you ready to implement DNS protocols correctly, or add a dependency that does so? If you’re not, go to 5.
- Does the network filter DNS traffic? If it does, go to 5.
- Do you already have QUIC support? If not, use DoT. If you do, use DoQ.
- Do you have an HTTPS stack? If you do, use DoH.
- Give up and delegate to the OS.
Let your HTTPS stack handle HTTP/1.1 vs. HTTP/2 vs. HTTP/3 support; don’t treat DNS-over-HTTP/3 as a separate protocol. I don’t know enough about DNSCrypt to make an informed recommendation about it, but DoQ and DoH meet my needs well enough.
Originally posted on https://seirdy.one/notes/2023/11/18/choosing-an-encrypted-dns-proto/ (POSSE).
What is everyones favorite DNS service and why? Or do you just use the one of your provider? Bonusquestion: do you use DoT or DoH?
#DNS #privacy #cybersecurity
An Anycast DNS server of the .ar domain was installed today in the Argentine Antartic Sector, improving IPv6 and legacy IPv4 data network availability. #Anctartica #DNS
Anyone else seeing random DNS lookup failures from systemd-resolved in #fedora39?
e.g., if you run:
dig kittens.small-web.org
(Random SERVFAIL errors.)
or
resolvectl --no-pager status; resolvectl query kittens.small-web.org
(Random “'kittens.small-web.org' does not have any RR of the requested type” and SERVFAIL errors. Calls reportedly routed from stub at 127.0.0.53 → my router. DNS on router set to 1.1.1.1 & 1.0.0.1)
It’s always DNS… :neko_roling_eyes:
CC @fedora
DNS DevRoom at FOSDEM2024 - Call for Participation
https://blog.powerdns.com/2023/11/16/fosdem-2024-dns-developer-room-call-for-participation
Come join @habbie, me and other DNS nerds!
Erste Empfehlungen des Nachhaltigkeitsrats zur Fortschreibung der #DNS angesichts aktueller Krisen: u.a. mehr parlamentarische Diskussion, ein klares politisches Leitbild, Nachhaltigkeit als Staatsziel im GG und ein nachhaltiger Bundeshaushalt. Hier lesen: https://www.nachhaltigkeitsrat.de/aktuelles/wege-aus-den-aktuellen-krisen-erste-empfehlungen-des-nachhaltigkeitsrats-zur-fortschreibung-der-deutschen-nachhaltigkeitsstrategie/
Oh, and lastly, this whole Mastodon thread as a much more convenient blog post 😜:
Still, despite being a just recently finalized RFC, the use of#RFC9460 HTTPS #DNS records has already grown beyond just sporadic.
I do expect CDNs to lead further adoption efforts here. The adoption of #ECH, effectively tied to the HTTPS record, will then hopefully also increase.
I know I'll be keeping an eye on that.
Hey, so #RFC9460 HTTPS/SVCB records are neat, right?
They...
- speed up your time-to-first-packet (by basically stuffing the Alt-Svc HTTP header / ALPN TLS extension into the #DNS);
- let you do redirection on the zone apex without using CNAMEs;
- allow for simple DNS load distribution and failover;
- obviate HSTS and the cumbersone preloading process;
- enable stronger privacy protections via Encrypted Client Hello aka #ECH
Periodic reminder that AdGuard DNS is probably the easiest way to keep ads out of your entire home, and all your devices.
No need to install anything, no account, it's free. Just point your router to AdGuard's servers.
Seems like Soulseek is having some DNS troubles today.
I had to hardcode the IP addresses in my hosts file for it to work.
Other folks have reported that switching to OpenDNS worked for them.
If you liked my past #dns research on centralization of the internet with respect to NS, MX, CAA, A/AAA records, you'll probably also enjoy this #apnic blog post by Johannes Zirngibl on parked domains:
https://blog.apnic.net/2023/11/08/the-prevalence-of-domain-parking/
The #PROXY protocol in our authoritative #DNS nameserver NSD is coming up next! https://github.com/NLnetLabs/nsd/pull/281
Unbound 1.19.0 is now available. This release of our recursive #DNS resolver fixes a number of bugs, and adds some smaller features. The redis-logical-db option and cachedb-no-store option can be used for cachedb configuration. The disable-edns-do option can be used for working around broken network parts. For DNS64 there is fallback to plain AAAA when no A record exists. https://nlnetlabs.nl/projects/unbound/download/#unbound-1-19-0
PowerDNS Recursor 4.9.2 Released
https://blog.powerdns.com/2023/11/08/powerdns-recursor-4-9-2-released #dns #dnssec
I finally got around to repurposing my little Raspberry pwn box into a Pi-hole. And in the first few minutes it's blocked almost 500 requests (mostly to Netflix ichnaea & customerevents). So far I'm pleased with the results 💜
Image is of the Pi-hole web interface on my phone.
---
Our authoritative DNS nameservers now support DNS-over-TLS (DoT) with authentication via DANE TLSA and/or WebPKI. This allows DNS resolvers to make queries via securely encrypted connections. We're already seeing lots of DoT encrypted connections from multiple DNS providers.
Dites, j'ai une question pour les maître·esse·s es #DNS.
J'ai migré mes mails (adieu #GandiMail 😥 ) vers #Infomaniak. J'ai mis à jour mes DNS (mon NdD restant chez #Gandi tout de même).
Je reçois bien des mails chez Infomaniak, mais en me connectant au webmail gandi, je viens de m'apercevoir que j'en reçois encore chez Gandi !!
Et le nom de domaine en question : jeey.net
Une explication ? (une solution ?)