Marcel SIneM(S)USMay 6
#DNS-Probleme: .de-Domains nicht erreichbar | heise online https://www.heise.de/news/DNS-Probleme-de-Domains-nicht-erreichbar-11283192.html #denic #DomainNameSystem
DNS-Probleme: .de-Domains nicht erreichbar

Ein Problem im Domain Name System verhindert, dass .de-Domains aufgelöst werden – unabhängig von Providern und DNS-Anbietern.

heise online
Show threadJdeBPApr 21

@cks

Yes, no surprises here. People are definitely still scraping DNS content for attacks. I regularly get services being requested for domain names that only appear at all for the sake of NS resource records.

#DomainNameSystem

Show threadJdeBPNov 26

@cks @lanodan

Missing from @drscriptt 's list are AAAA, HTTPS, and SVCB records.

AAAA has plenty of obvious choices.

You'll know the . convention for SRV, SVCB, and MX resource record sets, of course.

I shall just drop in my personal experience from earlier this year that an accidentally supplied HTTPS resource record can *definitely* break WWW traffic; because browsers in practice do not obey RFC9460 §2.4.2.

#djbdns
#DomainNameSystem
#SplitHorizon
#ReservedSuperDomains #DNS #HTTPS #SVCB

Show threadJdeBPNov 26

@cks @lanodan @drscriptt

There are actually quite a few, nowadays. See RFCs 6762, 7686, and 8375.

example. is not the worst choice, although you could have gone with test. or internal. or intranet. .

Given your objective, any of the further ones that imply a residence or a corporation seem less well suited.

Although home.arpa.'s public delegation to the blackhole-{1,2}.iana.org. names is re-used.

https://github.com/jdebp/nosh/blob/trunk/source/examples/tinydns/split-horizon#L96

#djbdns #DomainNameSystem #SplitHorizon #ReservedSuperDomains #DNS

Show threadMarcel SIneM(S)USNov 24
Kommentar zum #AWS-Fail: Hinter dem Sündenbock #DNS steht Hyperscaler-Inkompetenz | iX Magazin https://www.heise.de/meinung/Kommentar-zum-AWS-Ausfall-It-s-always-DNS-unless-it-isn-t-11077553.html #DomainNameSystem #Amazon #AmazonWebServices
Kommentar zum AWS-Fail: Hinter dem Sündenbock DNS steht Hyperscaler-Inkompetenz

Nach den massiven Cloudausfällen bei AWS und Azure war schnell DNS als Sündenbock ausgemacht. Das greift zu kurz, findet Carsten Strotmann.

iX Magazin
Show threadMarcel SIneM(S)USOct 22, 2025
Signal down: Messenger-App weltweit ausgefallen | heise online https://www.heise.de/news/Messenger-App-Signal-offenbar-weltweit-mit-Stoerungen-10778899.html #AWS #Amazon #AmazonWebServices #DNS #DomainNameSystem
Signal down: Messenger-App weltweit ausgefallen

Die Messenger-App Signal hatte weltweit mit Störungen zu kämpfen. Nachrichten konnten weder gesendet noch empfangen werden. Mittlerweile läuft es wieder.

heise online
Marcel SIneM(S)USOct 22, 2025

Hier sieht man, wie viele Dienste #AWS nutzen ...

#AmazonWebServices: Globale Störung am Montagmorgen | heise online https://www.heise.de/news/Amazon-Web-Services-Globale-Stoerung-10778963.html #DNS #DomainNameSystem #Amazon

Amazon Web Services: Globale Störung am Montagmorgen

Diverse Internet-Dienste beklagten am Montagmorgen Ausfälle. Das ging auf Störungen der Cloud-Dienste Amazon Web Services zurück.

heise online
Show threadJdeBPAug 28, 2025

@pmevzek

Thank you. But it actually tells me less than I already knew from cranking up developer tools and the server logs, and using direct observation. Which is, as I said, that the browsers continued to communicate with the origin domain's IP addresses, and did not switch to the target domain's.

#HTTPS alias-mode resource records that nominally upgrade from HTTP to HTTPS actually instead locked the browsers on a Windows machine out of my own WWW site for half a day.

#DomainNameSystem

JdeBPAug 27, 2025

Today's top tip:

Don't use HTTPS resource records.

I set some alias-mode ones up pointing from one domain to another domain. WWW browsers were supposed, per RFC9460 §2.4.2, to talk to the target domain.

All of my WWW browsers that picked up the records continued to send their requests to the IP address for *original* domain, and simply acted as if HSTS was turned on for that domain.

The example scenario in RFC9460 does not actually do what is stated in practice.

#HTTPS #DomainNameSystem

Show threadJdeBPAug 21, 2025

@ermo

There are a much smaller number of people doing SVCB lookups, too. But, interestingly, they are doing them wrongly.

And with a direct correlation to some other abuses.

Which does make me think that, in an ironic twist, it is the bad actors running robot vulnerability probes and scrapers that are the early adopters of SVCB, here.

#djbwares #DomainNameSystem #svcb