The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 2,573 other followers

Archive for the ‘DNS’ Category

Overriding some DNS entries for internal networks

Posted by jpluimers on 2022/01/27

Based on [Wayback] domain name system – Overriding some DNS entries in BIND for internal networks – Server Fault and some further reading, there seem to be two ways used in these scenarios:

I wonder how that would interact best with Pi-Hole based solutions. Would it be best to have your local network use the Pi-Hole server, then have the Pi-Hole server obtain the DNS information it cannot resolve through one of the above solutions? Or would other solutions work better?

So here are a few links:

Pi-Hole seems not interested in RPZ: [Wayback] Implement Response Zone Policies (NXDOMAIN) for end-user performance increase – Feature Requests / Implemented – Pi-hole Userspace

Pi-Hole default blacklist is mentioned in [Wayback/Archive.is] pi-hole/basic-install.sh at master · pi-hole/pi-hole (look for adlistFile which defaults to [Wayback/Archive.is] StevenBlack/hosts: 🔒 Consolidating and extending hosts files from several well-curated sources. Optionally pick extensions for porn, social media, and other categories.).

Since I need this for ESXi: [Wayback/Archive.is] Let’s Encrypt SSL for ESXi

–jeroen

Posted in *nix, *nix-tools, bind-named, DNS, Internet, Linux, Power User | Leave a Comment »

RFC2606: Reserved Top Level DNS Names (RFC); draft-ellermann-idnabis-test-tlds-04: Reserved Top Level DNS Names (Internet-Draft, 2008)

Posted by jpluimers on 2022/01/20

Note

Though there are .example.edu and .example.info, though used in documentation and  registered by IANA, have a status is different from the official Reserved Top Level DNS Names:

This is not exactly the same situation as for say ".example.org", where IANA is the registrant *and* registrar.

Wikipedia links:

 

 

On Reserved Top Level DNS Names

These lists all reserved and special domain names:

From [Wayback] RFC2606: Reserved Top Level DNS Names (RFC):

2. TLDs for Testing, & Documentation Examples

   ... four domain names are reserved as listed and described below.

                   .test
                .example
                .invalid
              .localhost

      ".test" is recommended for use in testing of current or new DNS
      related code.

      ".example" is recommended for use in documentation or as examples.

      ".invalid" is intended for use in online construction of domain
      names that are sure to be invalid and which it is obvious at a
      glance are invalid.

      The ".localhost" TLD has traditionally been statically defined in
      host DNS implementations as having an A record pointing to the
      loop back IP address and is reserved for such use.  Any other use
      would conflict with widely deployed code which assumes this use.

3. Reserved Example Second Level Domain Names

   The Internet Assigned Numbers Authority (IANA) also currently has the
   following second level domain names reserved which can be used as
   examples.

        example.com
        example.net
        example.org

...

From [Wayback] RFC6761: Special-Use Domain Names (RFC):

...
   This document describes what it means to say that a Domain Name (DNS
   name) is reserved for special use, when reserving such a name is
   appropriate, and the procedure for doing so.  It establishes an IANA
   registry for such domain names, and seeds it with entries for some of
   the already established special domain names.
...

From [Wayback] RFC6762: Multicast DNS (RFC):

...
   this document allows any computer user to
   elect to give their computers link-local Multicast DNS host names of
   the form: "single-dns-label.local.".  For example, a laptop computer
   may answer to the name "MyComputer.local.".  Any computer user is
   granted the authority to name their computer this way, provided that
   the chosen host name is not already in use on that link.
...

From [Wayback] RFC7686: The “.onion” Special-Use Domain Name (RFC)

...
   The Tor network is designed to not be subject to any central
   controlling authorities with regards to routing and service
   publication, so .onion names cannot be registered, assigned,
   transferred or revoked.  "Ownership" of a .onion name is derived
   solely from control of a public/private key pair that corresponds to
   the algorithmic derivation of the name.
...

From [Wayback] draft-ellermann-idnabis-test-tlds-04: Reserved Top Level DNS Names (Internet-Draft, 2008):

Appendix A.  Educational Info

   This informative appendix tries to answer three frequently asked
   questions:

   1.  As of 2008 IANA is the registrant of ".example.edu"; TLD ".edu"
       has no contract with ICANN; its administration is based on a five
       years contract with the US DoC renewed in 2006; see
       <http://net.educause.edu/edudomain/policy.asp>.  Under amendment
       6 of their current policy generic names cannot be registered.
       This is not exactly the same situation as for say ".example.org",
       where IANA is the registrant *and* registrar.

   2.  As of 2008 IANA is the registrant of ".example.info"; TLD ".info"
       was created by ICANN in 2001.  The ".info" registry agreement
       lists reserved DNS labels including "example"; see
       <http://www.icann.org/tlds/agreements/info/> appendix 6 (2006)
       and K (2001), respectively.  This is not exactly the same
       situation as for say ".example.org", where IANA is the registrant
       *and* registrar.

   3.  Ignoring [RFC2965] the TLD ".local" issue was discussed in a
       bunch of Internet-Drafts related to AS112, zeroconf, and
       [RFC3927].  Presumably TLD ".local" should be registered as
       reserved for technical reasons, but deserves its own document
       with the fine print.

From [Wayback] draft-wkumari-dnsop-internal-00: The .internal TLD. (Internet-Draft, 2017):

...
   It has become clear that many users would like to use the DNS
   resolution system for names which do not have meaning in the global
   context but do have meaning in a context internal to their network.
   This document reserves the string ".internal" for this purpose.
...

–jeroen

Posted in Development, DNS, Documentation Development, Internet, Power User, Software Development, Testing | Leave a Comment »

Is it a battery or a DNS record?

Posted by jpluimers on 2021/11/05

Somehow naming of DNS resource record types and cylindrical battery types might seem for most parts mutually exclusive:

But the A and AAAA battery types, though uncommon, do exist.

–jeroen

Read the rest of this entry »

Posted in DNS, History, Internet, Power User | Leave a Comment »

Using Google/Cloudflare/central DNS can bite you with large downloads

Posted by jpluimers on 2021/10/22

If you think download speeds are slow for large downloads (or multi-media playback is slow or quality is low) on a fast link, then consider your DNS.

Many people report that using one of the centralised DNS services (like Google/Cloudflare/…) causes slowness because they direct CDN lookups to a small pool of servers that get overloaded.

Some links:

Via [WayBack] How to check whether DNS is working through a browser? – Super User

Google DNS also allows for interactive querying, for example [WayBack] Google Public DNS

Result for atlassian-domain-for-localhost-connections-only.com/A with DNSSEC validation:

{
  "Status": 0,
  "TC": false,
  "RD": true,
  "RA": true,
  "AD": false,
  "CD": false,
  "Question": [
    {
      "name": "atlassian-domain-for-localhost-connections-only.com.",
      "type": 1
    }
  ],
  "Answer": [
    {
      "name": "atlassian-domain-for-localhost-connections-only.com.",
      "type": 1,
      "TTL": 1620,
      "data": "127.0.0.1"
    }
  ]
}

–jeroen

Posted in DNS, Internet, Network-and-equipment, Power User | Leave a Comment »

Tricks used by software developers to https://127.0.0.1

Posted by jpluimers on 2021/09/07

Long interesting thread at [WayBack] Thread by @sleevi_: “@SwiftOnSecurity So, some history: It used to be folks would get certs for “localhost”, just like they would from “webmail”, despite no CA e […]”

In  2019, applications were still using tricks (including shipping private keys!) to “securely” access https://127.0.0.1 on some port.

This should have stopped in 2015, but hadn’t. I wonder how bad it still is today.

Related:

Read the rest of this entry »

Posted in Communications Development, Development, DNS, HTTP, Internet, Power User, Software Development, TCP, TLS | Leave a Comment »

 
%d bloggers like this: