DNS
Jump to navigation
Jump to search
General
- https://webmasters.stackexchange.com/questions/61467/if-icann-only-charges-0-18-per-domain-name-why-am-i-paying-10 [1]
Articles
Domains
Records
- http://en.wikipedia.org/wiki/Wildcard_DNS_record
- xip.io - wildcard DNS for everyone
Root sevrers
Registrars
Comparison
- http://www.domparison.com
- http://www.dotology.co.uk
- http://tld-list.com/ [2]
- https://www.domcomp.com/
- https://news.ycombinator.com/item?id=7839186 - list of good registrars
Good words
- http://www.ukreg.com/ - .co.uk - £2.95pa*com - £5.99pa.net - £9.49pa.eu - £8.89pa All
- https://www.namecheap.com - cheap. nameserver included.
- https://internetbs.net - cheaper. nameserver not included.
- http://www.domains.coop/ - .coop
- Git-based DNS Hosting - Steve Kemp
to avoid
- http://www.1and1.co.uk/ - hmm, bibg corp, ugly ui
- http://123reg.co.uk - transfer out charges
- https://www.123-reg.co.uk/domain-names/cheap-domain-names.shtml
- http://en.wikipedia.org/wiki/Webfusion
- hidden transfer fees still?
- Network Solutions - avoid
- http://www.networksolutions.com/support/changing-payment-methods/
- http://www.networksolutions.com/support/using-paypal-as-your-payment-method/
- http://www.networksolutions.com/support/transfers-within-network-solutions-2/
- http://www.networksolutions.com/support/preparing-a-domain-name-for-a-transfer-out-of-network-solutions/
- http://inessential.com/2014/01/21/network_solutions_auto-enroll_1_850 [3]
Do NOT use GoDaddy. Google it +
Name server
Search
- http://instantdomainsearch.com/
- http://www.bustaname.com/
- https://domize.com/
- http://domaintyper.com/
- http://namevine.com/ - with social service lookup
TLDs
- https://gigaom.com/2014/06/30/the-dark-side-of-io-how-the-u-k-is-making-web-domain-profits-from-a-shady-cold-war-land-deal/ [https://news.ycombinator.com/item?id=8587379
Styles
thoughts
acronym in url, not domain - seo?
Management
- http://uberdns.eu/ - uses git
Selling
Software
Configuration
/etc/resolv.conf
# Google DNS nameserver 8.8.8.8 nameserver 8.8.4.4
See also #DNSCrypt
/etc/hosts
resolvconf
systemd-resolved
- systemd-resolved is a system service that provides network name resolution to local applications. It implements a caching and validating DNS/DNSSEC stub resolver, as well as an LLMNR resolver and responder. In addition it maintains the /run/systemd/resolve/resolv.conf file for compatibility with traditional Linux programs. This file may be symlinked from /etc/resolv.conf.
- systemd-resolve — Resolve domain names, IPV4 and IPv6 addresses, DNS resource records, and services
Other
- https://github.com/kvz/nsfailover - Every minute (or whatever), nsfailover.sh checks to see if the primary configured nameserver can resolve google.com. If it cannot, it writes the secondary, or even tertary server to function as the primary server in /etc/resolv.conf
Servers, proxy, cache
BIND
YADIFA
- http://www.yadifa.eu/ YADIFA® is designed specifically for the efficient management of large Internet zones and uses dynamic updates to instantly change domain name records. It is equally optimised to handle multiple Internet zones. Our benchmark tests show how we measure up to the competition.
PowerDNS
Unbound
- Unbound is a validating, recursive, and caching DNS resolver.
Dnsmasq
- Dnsmasq provides network infrastructure for small networks: DNS, DHCP, router advertisement and network boot. It is designed to be lightweight and have a small footprint, suitable for resource constrained routers and firewalls. It has also been widely used for tethering on smartphones and portable hotspots, and to support virtual networking in virtualisation frameworks. Supported platforms include Linux (with glibc and uclibc), Android, *BSD, and Mac OS X. Dnsmasq is included in most Linux distributions and the ports systems of FreeBSD, OpenBSD and NetBSD. Dnsmasq provides full IPv6 support.
pdnsd
- pdnsd is a proxy DNS server with permanent caching (the cache contents are written to hard disk on exit) that is designed to cope with unreachable or down DNS servers (for example in dial-in networking). Since version 1.1.0, pdnsd supports negative caching.
nscd
- nscd - name service cache daemon
Tools
whois domain.name
- DNSYO is a little tool I built to help me keep track of DNS propagation. In short, it's nslookup, if nslookup queried over 1500 servers and collated their results.
dig
dig any domain.name show all records for domain
Services
- http://network-tools.com/ - good all round domain/ip tool
- http://www.who.is/ - basic whois archive records
- http://viewdns.info/
Security
TSIG
- https://en.wikipedia.org/wiki/TSIG - Transaction SIGnature, protocol defined in RFC 2845. It is used primarily by the Domain Name System (DNS) to provide a means of authenticating updates to a DNS database. It is most commonly used to update Dynamic DNS or a secondary/slave DNS server. TSIG uses shared secret keys and one-way hashing to provide a cryptographically secure means of authenticating each endpoint of a connection as being allowed to make or respond to a DNS update.
DNSBL
DNSSEC
- http://www.icann.org/en/about/learning/factsheets/dnssec-qaa-09oct08-en.htm
- http://www.dnssec-deployment.org/
- http://www.dnssec-tools.org/
- https://wiki.debian.org/DNSSEC
- http://pir.org/get/faq/dnssec
- https://www.opendnssec.org/about/
- http://www.cisco.com/web/about/security/intelligence/dnssec.html
- http://www.internetsociety.org/deploy360/resources/step-by-step-how-to-use-a-dnssec-ds-record-to-link-a-registar-to-a-dns-hosting-provider/
- http://www.dnsops.gov/dnssec-perform.html
still CAs, registrars and TLDs
DNSCurve
DNSCrypt
Client
- DNSCrypt is a protocol that authenticates communications between a DNS client and a DNS resolver. It prevents DNS spoofing. It uses cryptographic signatures to verify that responses originate from the chosen DNS resolver and haven't been tampered with.
- http://en.wikipedia.org/wiki/OpenDNS#DNSCrypt
- https://wiki.archlinux.org/index.php/DNSCrypt
- https://www.archlinux.org/packages/community/x86_64/dnscrypt-proxy/ - includes systemd service file to enable exec on start
sudo dnscrypt-proxy -R dnscrypt.eu-dk --local-address=127.0.0.1:40
Using dnsmasq listening on port 40 to cache requests.
or
systemctl edit dnscrypt-proxy.socket
Note: The ListenStream and ListenDatagram options need to be cleared with empty assignment before overriding, otherwise the new address would be added to the list of sockets.
[Socket] ListenStream= ListenDatagram= ListenStream=127.0.0.1:40 ListenDatagram=127.0.0.1:40
Server
- https://github.com/Cofyc/dnscrypt-wrapper - A server-side dnscrypt proxy which helps to add dnscrypt support to any name resolver.
Resolvers
- https://github.com/jedisct1/dnscrypt-proxy/blob/master/dnscrypt-resolvers.csv - Current list of free DNSCrypt-enabled resolvers
- DNSCrypt.eu does not censor or change DNS lookups, nor log your traffic through the DNSCrypt service in a way that can identify you.
- 176.56.237.171 and 77.66.84.233
Testing
- https://dnsleaktest.com - test dns connection
DANE
- Wikipedia:DNS-based Authentication of Named Entities (DANE) is a proposed protocol to allow X.509 certificates (commonly used for Transport Layer Security) to be bound to DNS names using Domain Name System Security Extensions (DNSSEC).
- http://www.internetsociety.org/deploy360/resources/dane/
Convergence
DNSNMC
Dynamic
Software
Distributed
GNS
Basic DNS Records
From DreamHost wiki;
- A
- Forward mapping of hostname to an IP address (66.33.201.141).
- AAAA
- Forward mapping of hostname to an IPv6 address.
- PTR
- Reverse mapping of an IP address (66.33.201.141) to a hostname (dreamhost.com).
- MX
- Mail eXchange records tell you which hostname to connect to for sending email.
- CNAME
- Say it, See Name, it points one domain name to another domain name, including mail service.
- TXT
- Text records, these are free form text strings, used for things like SPF.
- SRV
- Service records advertise a specific service a server offers. Zeroconf and XMPP Federation (Jabber and Google Apps) use SRV records in addition to PTR records.
- NS
- Delegates a domain or subdomain to another DNS server.