Things I learnt about DNS:

1. You can't "redirect" an entire domain with CNAME, only subdomains, which is why my website has been broken.

2. You can't specify an AAAA record and use a wildcard for the A record. You have to explicitly put both.

If the IP changes, you have to change it everywhere. I wonder if there is a modern DNS server which lets you avoid this sort of data duplication.

#DNS #Networking #Admin #SysAdmin #BIND9 #BIND

What's the least #evil #DNS provider?

I've put some of my properties on #Cloudflare, and I can still hear the boo's.
#Google cloud DNS and #AWS are no better.

I can put #Bind9 on my own #FOSS stacks, but I probably lack the uptime for reliability.

I'm moving away from my CPanel provider into my own #Selfhosting on a #VPS.

I'm thinking one NS on something reliable and one on my own stack.

What does #masodon hivemind recommend?

At last, a material benefit from all those years of putting 24 hour expiries into BIND configs.

NOT TODAY, SATAN.

#dns #arithmetic #bind9

It has been 0 days since the last #DNS issue in my home lab.

I noticed that queries for the internally used domain started failing in #BIND9, even though the DNS behind that domain (AD DC) was responding correctly. I scoured through the logs with this handy little helper:

tail -f /var/named/log/* | grep --line-buffer mydomain.fake

> lame-servers: info: broken trust chain resolving 'somehost.mydomain.fake/A/IN'

🤔 🧵

DNS-сервер на базе BIND9 на Ubuntu Server VMware Workstation

Я потратил на это в общей сложности 3 месяца и здесь сугубо мой опыт вперемешку с информацией из интернета. Здесь будет рассмотрена настройка Bind9 для виртуальной машины Ubuntu Server. Делаю я это под своими IP. Установка BIND9 Установим пакеты BIND9 и необходимые инструменты: sudo apt install bind9 bind9utils bind9-doc -y

https://habr.com/ru/articles/894524/

#ubuntu #ubuntu_server #bind #bind9 #dns

Schöner DNS-Workaround, den ich bis jetzt noch nicht kannte/brauchte: Um die (z.B. aus versehen zu weit in die Zukunft gesetzte) serial number eines Eintrags zurückzusetzen, muss man einfach nur das 32-bit große Feld zum Überlauf und damit wieder auf 0 bringen. Anschließend kann man es neu auf den Wunschwert setzen 😅

https://www.zytrax.com/books/dns/ch9/serial.html

#DNS #bind9

Hey #PiHole, and #ISC #Bind9 admins, can someone explain this to me?

dig A pi.hole -> noerror
dig HTTPS pi.hole -> NXDOMAIN
dig A pi.hole -> NXDOMAIN

https://github.com/lancachenet/lancache-dns/issues/147

#Named #Network #DNS

Adventures getting #Netflix to work in a somewhat complex home #network 🤯

I decided to give their plan with ads a chance, sounding like a somewhat fair deal. First issue was, I couldn't even register. It only offered me US plans. Figured that's because my #IPv6 connectivity is tunnelled through #HE (for reasons, different story). Of course using an endpoint here in Germany, but nevertheless, Netflix seemed to think it's a US located address.

Running my own #bind9 instance, I found a way to hide relevant AAAA records (netflix' own domain and also amazonws) by adding a view only operating on local loopback and filtering out ALL AAAA records, and then adding forward-only zones for these domains to this local view. Horrible, but works, now I could register, forcing #IPv4.

One particularly cheap "smart-tv" still couldn't connect to netflix, always showing me an error that I was using some "VPN". 🤨 No way to analyze what exactly was happening there, but I finally found a solution for that as well: I created an entirely new network segment (with its own #vlan on the switch). I don't offer IPv6 in this segment at all, and only allow it to access the internet as well as my local #dns server. Putting all tv sets and my #minidlna instance into this segment, everything finally works.

The nice thing is, I always wanted to isolate the tv sets anyways, and this is now finally done, they're unable to see the rest of my home network! 🥳 Still a bit sad I have to restrict them to IPv4 for now, just to work around netflix' geolocation stuff... 🫤