Questions tagged as ['domain-name-system']

The Domain Name System, usually referred to by the acronym DNS, is a hierarchical, distributed database where the keys are domain names. Questions involving publicly accessible domains should include the real, Fully Qualified Domain Name (FQDN)
Score: 0
YusufD avatar
Is it possible to alias a non aws service with AWS Route 53
cn flag

We have a domain wich is managed on AWS 53. Is it possible to create an alias record in AWS route 53 to refer to a public IP address (for instance AZURE VM public IP). So that I could use this example "azvm.domain.com" to reference to the Azure VM .

Score: 0
Domain name does not work
cn flag

I created an app with azure, a such link https://viva.azurewebsites.net I got in the end. After that I bought a domain name. The domain provider created a A-Record and CNAME-record, everything is well done. A couple of hours later I saw that the webisite does not work. It only shows the start page. When I log in the brower shows a blank page the following message: https://viva.azurewebsites.net refu ...

Score: 0
vinz avatar
DNS Resolver and Request Port Filtering
gd flag

During DNS amplification attacks on a DNS server, I observed that some DNS requests have for couple IP/port something like 104.49.96.196:80. I understand this is spoofed IP, but is it ok to consider filtering the port of the DNS request? I believe we should not expect a port > 1023. Is it a safe assumption? In that case, I believe this is an easy win to spot and not reply to DNS amplification atta ...

Score: -1
Is it possible to host one TXT record for a domain on a different server, and leave all of the other DNS information intact on the first server?
us flag

I am running a business site on a computer with a managed hosting company. Everything is working fine, until I tried to establish DKIM verification for emails sent from the server. This required adding a TXT record to the DNS information. That TXT record contains an encryption key, so it's a bit over 400 characters long. I couldn't get DKIM working, then discovered that the online DKIM checkers don't re ...

Score: 0
How do I create DNS entries for private addresses on AWS?
ng flag

To do any ops work on our servers, we first need to ssh into a DMZ server with a public IP, before ssh-ing on to the app servers, with ips such as 172.16.3.239. I would rather have memorable hostnames, to do something like ssh app.staging, but I am unsure how this works on AWS. I have only setup DNS for globally accessible ips with my registrar, and since the AWS private subnet is for a private range ...

Score: 0
Tom Johnson avatar
IXFR and inconsistent condensation results
br flag

https://www.rfc-editor.org/rfc/pdfrfc/rfc1995.txt.pdf says:

An IXFR server may optionally condense multiple difference sequences into a single difference sequence, thus, dropping information on intermediate versions.

This may be beneficial if a lot of versions, not all of which are useful, are generated. (...).

But, this feature may not be so useful if an IXFR client has access to two IXFR servers:  ...

Score: 0
Darragh avatar
Why is AWS Route 53 / Application Load balancer resolving a multilevel subdomain
ru flag

Within AWS I terminate TLS at an Application Load Balancer. I have configured a wildcard TLS certificate with AWS' Certificate Manager (ACM), e.g. *.example.com. I have AWS Route 53 resolving *.example.com, but I have nothing for *.*.example.com as I have no need for this.

I know you can't configure wildcard certificates for multi-level domains such as *.*.example.com.

https://x.example.com is all good a ...

Score: 1
Alan avatar
DNS lookup not working when using Ubuntu as an access point
in flag

I have a Ubuntu system with a wired connection to a router, and a USB connection to 4G internet via an iPhone. I want to be able to connect other clients to the router and access the internet via the 4G link. I have followed the steps here iptables forwarding between two interface and it is successfully routing ping requests and seems to connect to sites provided I use the IP address of the site rath ...

Score: 2
inbal stoli avatar
powerdns recursor logging not working
cn flag

i am trying to setup a powerdns recursor with query logging to specific log file with rsyslog. When I set it up and try to query some address and look in the query log file, every line is doubled, it also happens in the journal. I don't know what to do can somebody help me?

This is my configuration files summarized:

/etc/pdns-recursor/recursor.conf -

allow-from=192.168.4.0/24
forward-zones-recurse=.=8.8. ...
Score: 0
trwnh avatar
Local network domain resolution times out with DNSMasq, but works fine remotely
pe flag

For some reason, I can't get this to reliably work the way I want it, across both Linux and Windows, and even across different machines running the same OS.

Let's assume I have a local machine running on 192.168.1.66 and my public IP of 107.214.228.39 is simply forwarding all ports to that local machine via the router.

Ideally, I'd like to be able to simply resolve a FQDN regardless of whether I am loca ...

Score: 2
Secondary DNS is not responding to dig
cn flag

We are new to DNS. we are trying to configure a secondary DNS server using Bind & CentOS for an existing primary server (Eg:142.250.192.110).

Our secondary server configuration is as follows:

    listen-on port 53 { 127.0.0.1; any; };
        listen-on-v6 port 53 { ::1; any; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/ ...
Score: 0
What if you give a certificate without domain authentication?
cn flag

I know that domain authentication is required to get a certificate for HTTPS. But I really don't know why this is needed. Can't you just give a certificate without domain verification? What happens if I just give the certificate? Are there any concerns?

I searched the website, but couldn't find a satisfactory answer. I'm very curious about that part.

Score: 0
Charlie avatar
Force host to use alternate DNS servers on unresolvable queries with dnsmasq
gg flag

So here is the situation. I have an IOT device running a Digital Signage system. I am trying to set it up so that it hosts it's own WIFI network and a user can connect to that WIFI, enter an http address on their device and be routed to a Webserver that the IOT device is running. It is important to note that this IOT Device itself is not connected to the internet.

This works fine up until someone ...

Score: 0
DNS priority with *.domain and *.subdomain.domain resolution
co flag

I have a DNS zone hosted on Google Cloud DNS with records similar to:

(assume the zone is example.com, and there are SOA and NS records for the zone root):

example.com          A       10.20.30.40      # <- points to some real IP address
*.example.com        CNAME   example.com      # everything else is a CNAME to example.com
*.sub1.example.com   CNAME   example.com
*.sub2.example.com   CNAME    ...
Score: 0
comctimert avatar
How to create TCP proxy that supports multiple hosts?
jp flag

I would like to create a TCP proxy that supports multiple hosts. The example I saw was where a DNS server was used to point a specific host to a TCP proxy which had the host hardcoded in it. The TCP proxy can not handle multiple hosts because if all hosts were routed to the TCP proxy, the proxy would not know where to send the data to. Are there any ways to get around this issue?

Score: 0
stevenmiller avatar
DNS suffix not being used with windows server hostnames over VPN
it flag

Our internal network is a windows domain, contoso.net. Internally, if a user needs to get to a file server share, they can navigate to \\fileserver\share or \\fileserver.contoso.net\share and both resolve without issue.

We recently stood up an external VPN (Azure P2S) using IKEv2 that is configured to use our internal DNS servers, DNS suffix contoso.net and is configured for split tunneling.

PPP ada ...
Score: 1
GP and RDP not working after Domain Rename
gr flag

I recently carried out a domain rename on our domain controller. We switched from a .local to our domain name as we are planning to implement 365 very soon. Mostly everything went well with the switchover. I followed instructions to use rendom/netdom/gpfixup. What didn't work was gpfixup. When I ran these commands, they completed without errors and outputted "successful", however, it did not make any ch ...

Score: 0
Aboodnet avatar
Domain Controllers Cross-Site DNS IP Configuration Best Practice
hk flag

Dears,

Currently, we have the below setup for DNS/DC IP configurations in our environment. I feel that something is not right/missing.

HO-DC1 IP: 10.10.10.11 Primary DNS: 10.10.10.12 Secondary DNS: 127.0.0.1

HO-DC2 IP: 10.10.10.12 Primary DNS: 10.10.10.11 Secondary DNS: 127.0.0.1

HO-DC3 IP: 10.10.10.13 Primary DNS: 10.10.10.12 Secondary DNS: 127.0.0.1

DR-DC1 IP: 10.10.20.11 Primary DNS: 10.10.20.12 S ...

Score: 0
Salvatore D'angelo avatar
KubeADM cluster: how to configure DNS properly
au flag

I have the following project that I use to create my own Kubernetes cluster on the local machine (macOS) via KubeAdm: https://github.com/sasadangelo/k8s-cluster Basically, I started from this project and did the following update:

  • Configure the Vagrant deployment via a YAML file.
  • Support the K8s 1.6 APIs, K8s 1.18, and Calico 3.8.8
  • Automatic K8s dashboard deploy.

Now I am fine with this cluster bu ...

Score: -1
What is the limitation on what records a .com domain can have?
kw flag
ZAB

If I don't need a subdomain www, can a mydomain.com domain has an A record pointing directly to my server IP without any mediocre NS servers? How many A or NS records can a .com registry store and what minimum TTL it can have? The question is stupid but I can't find any document on this. It seems like a good practice to let *.gtld-servers.net domain servers who host .com domains registry answer IP di ...

Score: 0
Eamon Donovan avatar
Automatic captive portal detection is problematic because some networks redirect outbound traffic and others block DNS requests entirely
in flag

I am trying to automate captive portal detection on an IoT device. My basic understanding of a typical captive portal is that it checks a device's MAC address on connection, and if the device's user hasn't already agreed to the network owner's T&Cs then it will redirect all outgoing traffic to its splash page. This is easy to check for with curl, because if we try to access a known URL and get a 3XX ...

Score: 0
buildist avatar
bind9 doesn't load zone with only CNAME record
ua flag

I'm trying to set up a subdomain to point to Google Sites, so I made a simple zone file:

$ttl 38400
subdomain.mydomain.net.    IN CNAME ghs.googlehosted.com.

This doesn't work:

zone subdomain.mydomain.net/IN: has 0 SOA records
zone subdomain.mydomain.net/IN: has no NS records
zone subdomain.mydomain.net/IN: not loaded due to errors.

But adding an NS or SOA record gives a "CNAME and other data" error ...

Score: 0
Anton Patsev avatar
How correctly generate certificate by project localtls?
in flag

How correctly generate certificate by project https://github.com/Corollarium/localtls ?

Run dnsserver.py

python3 dnsserver.py --domain yourdomain.net --soa-master=ns1.yourdomain.net --soa-email=email@yourdomain.net --ns-servers=ns1.yourdomain.net,ns2.yourdomain.net --log-level ERROR --http-port 80 --http-index /somewhere/index.html
12:12:47: starting DNS server on 10.128.0.20/ on port 53, upstream DNS se ...
Score: -1
Clueless_captain avatar
bind9 not resolving intranetlinks
eg flag

As a follow up to a question I've asked earlier: Linux server migration to Windows workstation. A supplier got us a new network-card yesterday, but no harddrives so far. I've also bit the bullet on reconfiguring the server as there was too much behavior on the old machine I couldn't explain/fix and the previous developers left without documenting anything. It'd also be good to upgrade from Ubuntu 14 to 20 ...

Score: 0
Dynamic DNS updates via DHCP on CentOS
in flag

I'm running mostly Ubuntu VMs in an vSphere cluster where a VLAN is managed by a Windows DHCP and DNS. From the Ubuntu VMs I can update the DNS records in the Windows DNS to point the dynamic IP to its hostname (set in /etc/hostname) with dhcp-identifier: mac addition in /etc/netplan/00-installer-config.yaml:

cat /etc/netplan/00-installer-config.yaml
# This is the network config written by 'subiquit ...
Score: 1
onee avatar
PowerDNS subdomain delegation, no answers
tm flag

I'm having trouble redirecting subdomain to other DNS.

I have:

main exsisting domain: d and new subdomain:

| 8412 | 42 | test1.d | NS | ns1.test.test1.d
| 8413 | 42 | test1.d | NS | ns2.test.test1.d
| 8414 | 42 | ns1.test.test1.d | A | 10.64.91.100
| 8415 | 42 | ns2.test.test1.d | A | 10.64.91.200

and return:

 dig admin.test1.d

; <<>> DiG 9.10.6 <<>> admin.test1.d
; (1 server  ...
Score: 0
TCP connections retains even sessions terminates
in flag

We have client/server application running in our environment, we are experiencing an issue that single client having multiple connections to the server, although, there is only one instance is running on the client machine.

enter image description here

We have server running Windows 2016 standard and clients are running Windows 10.

On the other note even we are killing the process manually from Task manager and terminating th ...

Score: 0
proximacentauri avatar
Pfsense DNS address could not be found
za flag

I was accessing a site daily until this morning. Now I cannot ping the site through ping on my pfsense firewall or on a client behind the firewall. I have made no changes to the firewall.

If I bypass the firewall I can access the site OK https://www.ncbi.nlm.nih.gov.

Running wireshark from a client I can see the DNS request:

Info: Standard query 0x0cf2 Server failure A https://www.ncbi.nlm.nih.gov

Score: 0
DNS Server Search order in Windows 10 and VPNs
ph flag

DNS queries to hosts accessible through a VPN fail. How to fix?

On a Windows 10 host, DNS queries for hosts known only to the VPN-accessible DNS Server fail to resolve. The DNS queries are sent to my local DNS Server (192.168.1.1) which returns no DNS Answers. DNS queries are not sent to the VPN-accessible DNS Server (10.0.1.1).

Powershell Get-DnsClientServerAddress shows:

PS> Get-DnsClientServerAdd ...
Score: 0
Seedy avatar
Selective routing through a VPN : route only certain websites using the domain name
de flag

tl;dr: Force or block traffic through VPN only for a few websites and only using the domain names.

Hi everyone,

I set up a VPN server using OpenVPN for a company I work with.

We'd like to hide our backoffice and administration platforms behind the VPN so that they can only be reachable by connected and allowed users.

I achieved this by setting up the VPN server on an EC2 and adding a WAF rule to th ...