June 2026
M	T	W	T	F	S	S
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30

Archive for the ‘DNS’ Category

RFC2606: Reserved Top Level DNS Names (RFC); draft-ellermann-idnabis-test-tlds-04: Reserved Top Level DNS Names (Internet-Draft, 2008)

Posted by jpluimers on 2022/01/20

Note

Though there are .example.edu and .example.info, though used in documentation and registered by IANA, have a status is different from the official Reserved Top Level DNS Names:

This is not exactly the same situation as for say ".example.org", where IANA is the registrant *and* registrar.

Wikipedia links:

- .example – Wikipedia
- .invalid – Wikipedia
- .local – Wikipedia
- .localhost – Wikipedia
- .test – Wikipedia
- localhost – Wikipedia
- Email address: Reserved domains – Wikipedia
  
  Of note for e-mail are example, invalid, example.com, example.net, and example.org.
- Example.com – Wikipedia (which puts example.edu on the same level as example.com, example.net and example.org; this is not true, despite the domain being registered by the IANA, the IANA is not the registrar of the .edu domain)
- Top-level domain: Reserved domains – Wikipedia
  Reserved by RFC 2606 and explained further in RFC 6761:
  - .test
  - .example
  - .invalid
  - .localhost
  Reserved by RFC 6762: .local
  
  Reserved by RFC 7686: .onion
  
  Reservation proposal by Internet-Draft draft-wkumari-dnsop-internal-00: .internal

Read the rest of this entry »

Posted in Development, DNS, Documentation Development, Internet, Power User, Software Development, Testing | Leave a Comment »

Is it a battery or a DNS record?

Posted by jpluimers on 2021/11/05

Somehow naming of DNS resource record types and cylindrical battery types might seem for most parts mutually exclusive:

But the A and AAAA battery types, though uncommon, do exist.

–jeroen

Read the rest of this entry »

Posted in DNS, History, Internet, Power User | Leave a Comment »

Using Google/Cloudflare/central DNS can bite you with large downloads

Posted by jpluimers on 2021/10/22

If you think download speeds are slow for large downloads (or multi-media playback is slow or quality is low) on a fast link, then consider your DNS.

Many people report that using one of the centralised DNS services (like Google/Cloudflare/…) causes slowness because they direct CDN lookups to a small pool of servers that get overloaded.

Some links:

Via [WayBack] How to check whether DNS is working through a browser? – Super User

Google DNS also allows for interactive querying, for example [WayBack] Google Public DNS

Read the rest of this entry »

Posted in Cloud, Cloudflare, DNS, Hardware, Infrastructure, Internet, Network-and-equipment, Power User | Leave a Comment »

Tricks used by software developers to https://127.0.0.1

Posted by jpluimers on 2021/09/07

Long interesting thread at [WayBack] Thread by @sleevi_: “@SwiftOnSecurity So, some history: It used to be folks would get certs for “localhost”, just like they would from “webmail”, despite no CA e […]”

In 2019, applications were still using tricks (including shipping private keys!) to “securely” access https://127.0.0.1 on some port.

This should have stopped in 2015, but hadn’t. I wonder how bad it still is today.

[WayBack] SwiftOnSecurity on Twitter: “Me: Threat-hunting rare DNS lookups in a corporate network. Confluence: … “

[WayBack] Tavis Ormandy on Twitter: “This turned out to be a real vulnerability! 😮 The certificate was issued by @digicert, who are now required to revoke it. It was issued before mandatory CT, so didn’t show up in …. See … for context.…”
[WayBack] Ryan Sleevi on Twitter: “So, some history: It used to be folks would get certs for “localhost”, just like they would from “webmail”, despite no CA ever having validated the name. They just relied on pinky promises to be good. Luckily, browsers forbid that … “
[WayBack] Ryan Sleevi on Twitter: “Look at the dates on those. Yes, it’s a things CAs used to do, and they had to be dragged kicking and screaming into not doing it (and even then, *many* ignored/“oopsied” the requirement to revoke). I regret to inform you it didn’t stop until 2015/2016 – … “
[WayBack] Guidance on Internal Names – CAB Forum
[Archive.is] HTTPS encryption on the web – Google Transparency Report: atlassian-domain-for-localhost-connections-only.com
[Archive.is] HTTPS encryption on the web – Google Transparency Report
- SubjectC=AU, O=Atlassian Pty Ltd, L=Sydney, ST=New South Wales, CN=atlassian-domain-for-localhost-connections-only.com
- Serial NumberA:3E:93:53:0E:74:53:AE:CB:40:BA:20:10:12:F8:FB
- IssuerC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CAValidity11 May 2017 — 15 May 2020
The domain is (at the time of writing, so hopefully that is now “was”) used by the [WayBack] Administering the Atlassian Companion App – Atlassian Documentation
- [WayBack] Companion App doesnt work in corporate network.

At the time of writing, the interactive Google DNS showed the domain pointing to localhost [WayBack] Google Public DNS:

Result for atlassian-domain-for-localhost-connections-only.com/A with DNSSEC validation:

{
  "Status": 0,
  "TC": false,
  "RD": true,
  "RA": true,
  "AD": false,
  "CD": false,
  "Question": [
    {
      "name": "atlassian-domain-for-localhost-connections-only.com.",
      "type": 1
    }
  ],
  "Answer": [
    {
      "name": "atlassian-domain-for-localhost-connections-only.com.",
      "type": 1,
      "TTL": 1620,
      "data": "127.0.0.1"
    }
  ]
}

[Archive.is/WayBack] SSL Server Test: atlassian-domain-for-localhost-connections-only.com (Powered by Qualys SSL Labs)

Assessment failed: IP address is from private address space (RFC 1918)

Read the rest of this entry »

Posted in Communications Development, Development, DNS, HTTP, Internet, Power User, Software Development, TCP, TLS | Leave a Comment »

For my link archive: DNS over https

Posted by jpluimers on 2021/09/02

DNS over HTTPS

For my link archive:

DNS over HTTPS – Wikipedia / Public recursive name server – Wikipedia
[WayBack] RFC 8484 – DNS Queries over HTTPS (DoH)
- [WayBack] DNS Queries over HTTPS
- [WayBack] GitHub – dohwg/draft-ietf-doh-dns-over-https: Discussion of draft-ietf-doh-dns-over-https in the IETF’s DOH Working Group
[WayBack] DNS over HTTPS · curl/curl Wiki · GitHub (which has a list of publicly available servers)
[WayBack] A cartoon intro to DNS over HTTPS – Mozilla Hacks – the Web developer blog
[WayBack] DNS over HTTPS – Cloudflare Resolver

JSON DNS output

Some DNS over HTTSP providers support dns-json, which Cloudflare delivers non-pretty printed.

Read the rest of this entry »

Posted in Cloud, Cloudflare, Communications Development, Development, DNS, Encryption, HTTP, https, HTTPS/TLS security, Infrastructure, Internet, Internet protocol suite, Power User, Security, Software Development, TCP, TLS | Leave a Comment »

Firefox: disable DNS over HTTPS (which they call TTR)

Posted by jpluimers on 2021/08/03

There are many reasons to disable DNS over HTTPS (DoH), of which enough are discussed in the links below.

Disabling DoH always talks about setting TTR (the abbreviation Mozilla uses for it) to 5 (like [WayBack] Thread by @isotopp: “Firefox is about to break DNS by enabling DNS-over-HTTP by default […]”), but hardly ever explains the meaning of 5, or any other potential values.

After some searching, I found [WayBack] Firefox disable trr | Knowledge Base:

0: Off by default

1: Firefox chooses faster

2: TRR default w/DNS fallback

3: TRR only mode

5: Disabled

I imagine the setting we’re all looking for is: user_pref(“network.trr.mode”, 5); (emphasis mine)

It pointed me to [WayBack] Trusted Recursive Resolver – MozillaWiki:

Read the rest of this entry »

Posted in Cloud, Cloudflare, Communications Development, Development, DNS, Firefox, Infrastructure, Internet protocol suite, Power User, TCP, Web Browsers | Leave a Comment »

Listing information on all active interfaces on MacOS part 2: adding DHCP/BOOTP and routing details

Posted by jpluimers on 2021/07/27

This is a continuation of yesterdays

Listing information on all active interfaces on MacOS part 1: getting the active interface names.

It is based on ideas in these StackExchange posts:

I threw most of the implementation details in the ideas away, as they were way to much based on empirical trial and error, than proper research.

So I tried doing the research and came up with the things below.

Getting the IPv4 address and DHCP/BOOTP information of a NIC

By using the ipconfig command, you can get specific details for a NIC like an IPv4 (with the getifaddr) or DHCP (with the getpacket option to get the latest DHCP packet):

for i in $(ifconfig -l -u); do if ifconfig $i | grep -q "status: active" ; then echo $i; fi; done | xargs -n1 -I_nic_ sh -c 'echo "_nic_: $(ipconfig getifaddr _nic_)"'

or DHCP/BOOTP:

for i in $(ifconfig -l -u); do if ifconfig $i | grep -q "status: active" ; then echo $i; fi; done | xargs -n1 -I_nic_ sh -c 'echo "_nic_: $(ipconfig getpacket _nic_)"'

The latter returns a very long list, which I wanted to shorten into a more readable format.

ipconfig syntax

You can find more information in the [Archive.is] ipconfig(8) [osx man page] / [WayBack] ipconfig Man Page – macOS – SS64.com excerpt:

Read the rest of this entry »

Posted in *nix, *nix-tools, Apple, bash, Development, DNS, ifconfig, Mac OS X / OS X / MacOS, Power User, Scripting, Software Development | Leave a Comment »

Microsoft subdomains

Posted by jpluimers on 2021/06/02

Almost every company I know has more than one subdomain, but while researching why support.microsoft.com could not be archived in the WayBack machine, I realised how many they have and bumped into a few sites listing most of them:

All via microsoft.com subdomains – Google Search.

–jeroen

Posted in Development, DNS, Internet, Power User, Software Development, Web Development | Leave a Comment »

Need to do some reading on local domains on the internal network

Posted by jpluimers on 2021/04/09

A long time I wondered why I saw ESXi systems on my local network have two entries in their /etc/hosts file:

[root@ESXi-X10SRH-CF:~] cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1   localhost.localdomain localhost
::1     localhost.localdomain localhost
192.168.71.91   ESXi-X10SRH-CF ESXi-X10SRH-CF

Then I bumped into someone who had a different setup:

[root@ESXi-X10SRH-CF:~] cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1   localhost.localdomain localhost
::1     localhost.localdomain localhost
192.168.0.23    esxi.dynamic.ziggo.nl esxi

So now I knew that the first entry can have a domain resolving it (it still makes be wonder why ziggo is using a top-level domain to resolve local stuff; but searching for dynamic.ziggo.nl did not get me further on that).

So I installed a quick ESXi machine on that local network, and got the same.

When back home the machine still thought it was esxi.dynamic.ziggo.nl, though clearly I was outside a Ziggo network

I wanted to get rid of it, but that was hard.

Since I forgot to take screenshots beforehand, I can only provide the ones without a search domain bellow.

Reminder to self: visit someone within the Ziggo network, then retry.

Normally you can edit things like these in the default TCP/IP stack. There are two places to change this:

Web interface, at 192.168.71.91/ui/#/host/networking/netstacks/defaultTcpipStack:
- The fields “Domain name” and “Search domains” are mandatory.
DCUI, under “Configure Management Network”

Neither of these allowed me to change it to a situation like this, but luckily the console did.

In the below files, I had to remove the bold parts, then restart the management network (I did keep a text dump, lucky me):

[root@esxi:/etc] grep -inr ziggo .
./vmware/esx.conf:116:/adv/Misc/HostName = "esxi.dynamic.ziggo.nl"
./resolv.conf:2:search dynamic.ziggo.nl 
./hosts:5:192.168.71.194    esxi.dynamic.ziggo.nl esxi
[root@esxi:/etc] cat /etc/resolv.conf 
nameserver 192.168.71.3
search dynamic.ziggo.nl 
[root@esxi:/etc] cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1   localhost.localdomain localhost
::1     localhost.localdomain localhost
192.168.71.194  esxi.dynamic.ziggo.nl esxi

Future steps

Read more on local domains, search domains and related topics
Configure a local domain on my local network, so DHCP hands it out, and DHCP handed out host names are put in the local DNS
Test if all services on all machines still work properly

Reading list

Read the rest of this entry »

Posted in DNS, ESXi6.5, ESXi6.7, Hardware, Internet, Mainboards, Network-and-equipment, Power User, SuperMicro, Virtualization, VMware, VMware ESXi, X10SRH-CF, X9SRi-3F | Leave a Comment »

Domeinnaam prijzen – Internetproviders en Hosting – GoT

Posted by jpluimers on 2021/03/12

For my link archive: domain name registration prices in The Netherlands: [WayBack] Domeinnaam prijzen – Internetproviders en Hosting – GoT

–jeroen

Posted in DNS, Hosting, Internet, Power User | Leave a Comment »

« Previous Entries

Next Entries »

	xyzzy, Relay Confere… on Sad and Useless about Competit…
	jpluimers on Windows warned me of disk full…
	jpluimers on Started making people walk me…
	jpluimers on Stack Overflow’s forum is dead…
	jpluimers on Some links on getting the most…

The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

Subscribe

Archives

Recent Comments

Recent Posts

Blog Stats

Meta title

Tag Cloud Title

Top Clicks

Top Posts

My badges

Twitter Updates

My Flickr Stream

Pages

All categories

Email Subscription

Archive for the ‘DNS’ Category

RFC2606: Reserved Top Level DNS Names (RFC); draft-ellermann-idnabis-test-tlds-04: Reserved Top Level DNS Names (Internet-Draft, 2008)

Note

Wikipedia links:

Is it a battery or a DNS record?

Using Google/Cloudflare/central DNS can bite you with large downloads

Tricks used by software developers to https://127.0.0.1

Result for atlassian-domain-for-localhost-connections-only.com/A with DNSSEC validation:

For my link archive: DNS over https

DNS over HTTPS

JSON DNS output

Firefox: disable DNS over HTTPS (which they call TTR)

Listing information on all active interfaces on MacOS part 2: adding DHCP/BOOTP and routing details

Getting the IPv4 address and DHCP/BOOTP information of a NIC

ipconfig syntax

Microsoft subdomains

Need to do some reading on local domains on the internal network

Future steps

Reading list

Domeinnaam prijzen – Internetproviders en Hosting – GoT

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

Subscribe

Archives

Recent Comments

Recent Posts

Blog Stats

Meta title

Tag Cloud Title

Top Clicks

Top Posts

My badges

My Flickr Stream

Pages

All categories

Email Subscription

Archive for the ‘DNS’ Category

Note

Wikipedia links:

Rate this:

Share this:

Rate this:

Share this:

Rate this:

Share this:

Result for atlassian-domain-for-localhost-connections-only.com/A with DNSSEC validation:

Rate this:

Share this:

DNS over HTTPS

JSON DNS output

Rate this:

Share this:

Rate this:

Share this:

Getting the IPv4 address and DHCP/BOOTP information of a NIC

ipconfig syntax

Rate this:

Share this:

Rate this:

Share this:

Future steps

Reading list

Rate this:

Share this:

Rate this:

Share this: