DNS

From Things and Stuff Wiki
Revision as of 17:39, 26 February 2021 by Milk (talk | contribs) (→‎dog)
Jump to navigation Jump to search


General



Articles

mDNS

  • https://en.wikipedia.org/wiki/Multicast_DNS - mDNS, resolves host names to IP addresses within small networks that do not include a local name server. It is a zero-configuration service, using essentially the same programming interfaces, packet formats and operating semantics as the unicast Domain Name System (DNS). Although Stuart Cheshire designed mDNS to be stand-alone capable, it can work in concert with unicast DNS servers. The mDNS protocol is published as RFC 6762, uses IP multicast User Datagram Protocol (UDP) packets, and is implemented by the Apple Bonjour, Spotify Connect, Philips Hue, Google Chromecast, and open source Avahi (software) software packages. Android contains an mDNS implementation. mDNS has also been implemented in Windows 10, but its use is limited to discovering networked printers. mDNS can work in conjunction with DNS Service Discovery (DNS-SD), a companion zero-configuration technique specified separately in RFC 6763.

Domains


  • http://www.icann.org/
    • https://en.wikipedia.org/wiki/ICANN - a nonprofit organization that is responsible for coordinating the maintenance and procedures of several databases related to the namespaces of the Internet - thereby ensuring the network's stable and secure operation.[1] ICANN performs the actual technical maintenance work of the central Internet address pools and DNS Root registries pursuant to the Internet Assigned Numbers Authority (IANA) function contract.


  • ICANNWiki - a nonprofit organisation dedicated to providing a community developed wiki on ICANN and Internet Governance. We specialize in outreach, engagement and accessibility. Our mission to "give everyone a voice in the future of the internet" by providing educational resources, workshops and building a strong sense of community.





Records

  • http://en.wikipedia.org/wiki/DNS_zone - any distinct, contiguous portion of the domain name space in the Domain Name System (DNS) for which administrative responsibility has been delegated to a single manager. A DNS zone is implemented in the configuration system of a domain name server. Historically, it is defined in the zone file, an operating system text file that starts with the special DNS record type Start of Authority (SOA) and contains all records for the resources described within the zone. This format was originally used by the Berkeley Internet Name Domain Server (BIND) software package, and is defined in RFC 1034 and RFC 1035.

The domain name space of the Internet is organized into a hierarchical layout of subdomains below the DNS root domain. The individual domains of this tree may serve as delegation points for administrative authority and management. However, usually it is furthermore desirable to implement fine-grained boundaries of delegation, so that multiple sub-levels of a domain may be managed independently. Therefore, the domain name space is partitioned into areas (zones) for this purpose. A zone starts at a domain and extends downward in the tree to the leaf nodes or to the top-level of subdomains where other zones start.


From DreamHost wiki;

A
Forward mapping of hostname to an IP address (66.33.201.141).
AAAA
Forward mapping of hostname to an IPv6 address.
PTR
Reverse mapping of an IP address (66.33.201.141) to a hostname (dreamhost.com).
MX
Mail eXchange records tell you which hostname to connect to for sending email.
CNAME
Say it, See Name, it points one domain name to another domain name, including mail service.
TXT
Text records, these are free form text strings, used for things like SPF.
SRV
Service records advertise a specific service a server offers. Zeroconf and XMPP Federation (Jabber and Google Apps) use SRV records in addition to PTR records.
NS
Delegates a domain or subdomain to another DNS server.
  • xip.io - wildcard DNS for everyone. xip.io is a magic domain name that provides wildcard DNS for any IP address. Say your LAN IP address is 10.0.0.1. Using xip.io, [maybesomething.]10.0.0.1.xip.io resolves to 10.0.0.1. No configuration required! A free service from Basecamp.


  • https://en.wikipedia.org/wiki/Name_server - a computer hardware or software server that implements a network service for providing responses to queries against a directory service. It translates an often humanly-meaningful, text-based identifier to a system-internal, often numeric identification or addressing component. This service is performed by the server in response to a service protocol request. An example of a name server is the server component of the Domain Name System (DNS), one of the two principal namespaces of the Internet. The most important function of DNS servers is the translation (resolution) of human-memorable domain names and hostnames into the corresponding numeric Internet Protocol (IP) addresses, the second principal name space of the Internet which is used to identify and locate computer systems and resources on the Internet.

Root zone

  • https://en.wikipedia.org/wiki/Root_name_server - a name server for the root zone of the Domain Name System (DNS) of the Internet. It directly answers requests for records in the root zone and answers other requests by returning a list of the authoritative name servers for the appropriate top-level domain (TLD). The root name servers are a critical part of the Internet infrastructure because they are the first step in translating (resolving) human readable host names into IP addresses that are used in communication between Internet hosts.

A combination of limits in the DNS and certain protocols, namely the practical size of unfragmented User Datagram Protocol (UDP) packets, resulted in a decision to limit the number of root servers to thirteen server addresses. The use of anycast addressing permits the actual number of root server instances to be much larger, and is 504 as of 17 January 2016.


Registrars

Comparison

Good words(?)


to avoid




Do NOT use GoDaddy. Google it +

Lookup

Search



TLDs







Styles

acronym in url, not domain - seo?

Management

Services

Selling

Software

Configuration

/etc/resolv.conf



# Quad9
nameserver 9.9.9.9
nameserver 149.112.112.112
# Provides: Security blocklist, DNSSEC, No EDNS Client-Subnet sent.
nameserver 9.9.9.10
nameserver 149.112.112.10
# Provides: No security blocklist, DNSSEC, sends EDNS Client-Subnet.

# Cloudflare
nameserver 1.1.1.1
nameserver 1.0.0.1
# For IPv6: 2001:2001::, 2001:2001:2001::

# Google DNS
nameserver 8.8.8.8
nameserver 8.8.4.4



/etc/hosts

resolvconf


  • openresolv - Works with POSIX shell and userland; Does not need awk, grep or sed which means we can work without /usr mounted; Works with other init systems than Debians' out of the box; Available as a 2 clause BSD license; Prefer configs via IF_METRIC for dynamic ordering; Configures zones for local resolvers other than libc [11]

systemd-resolved

  • systemd-resolved is a system service that provides network name resolution to local applications. It implements a caching and validating DNS/DNSSEC stub resolver, as well as an LLMNR resolver and responder. In addition it maintains the /run/systemd/resolve/resolv.conf file for compatibility with traditional Linux programs. This file may be symlinked from /etc/resolv.conf.
  • systemd-resolve — Resolve domain names, IPV4 and IPv6 addresses, DNS resource records, and services

Other

See also #DNSCrypt

  • https://github.com/kvz/nsfailover - Every minute (or whatever), nsfailover.sh checks to see if the primary configured nameserver can resolve google.com. If it cannot, it writes the secondary, or even tertary server to function as the primary server in /etc/resolv.conf

Servers, proxy, cache

BIND

YADIFA

  • http://www.yadifa.eu/ YADIFA® is designed specifically for the efficient management of large Internet zones and uses dynamic updates to instantly change domain name records. It is equally optimised to handle multiple Internet zones. Our benchmark tests show how we measure up to the competition.

Knot DNS

PowerDNS

Unbound

  • Unbound is a validating, recursive, and caching DNS resolver.

Dnsmasq

  • Dnsmasq provides network infrastructure for small networks: DNS, DHCP, router advertisement and network boot. It is designed to be lightweight and have a small footprint, suitable for resource constrained routers and firewalls. It has also been widely used for tethering on smartphones and portable hotspots, and to support virtual networking in virtualisation frameworks. Supported platforms include Linux (with glibc and uclibc), Android, *BSD, and Mac OS X. Dnsmasq is included in most Linux distributions and the ports systems of FreeBSD, OpenBSD and NetBSD. Dnsmasq provides full IPv6 support.

pdnsd

nscd

  • nscd - name service cache daemon

Tools

whois domain.name
  • DNSYO is a little tool I built to help me keep track of DNS propagation. In short, it's nslookup, if nslookup queried over 1500 servers and collated their results.




dig

dig any domain.name
  show all records for domain

dog

  • https://github.com/ogham/dog - a command-line DNS client, like dig. It has colourful output, understands normal command-line argument syntax, supports the DNS-over-TLS and DNS-over-HTTPS protocols, and can emit JSON.

dnc

Services

Tunnelling

  • iodine - lets you tunnel IPv4 data through a DNS server. This can be usable in different situations where internet access is firewalled, but DNS queries are allowed. It runs on Linux, Mac OS X, FreeBSD, NetBSD, OpenBSD and Windows and needs a TUN/TAP device. The bandwidth is asymmetrical with limited upstream and up to 1 Mbit/s downstream. [12]


Security

TSIG

  • https://en.wikipedia.org/wiki/TSIG - Transaction SIGnature, protocol defined in RFC 2845. It is used primarily by the Domain Name System (DNS) to provide a means of authenticating updates to a DNS database. It is most commonly used to update Dynamic DNS or a secondary/slave DNS server. TSIG uses shared secret keys and one-way hashing to provide a cryptographically secure means of authenticating each endpoint of a connection as being allowed to make or respond to a DNS update.

DNSBL

DNSSEC

still CAs, registrars and TLDs


DNSCurve

DNSCrypt

Client

sudo dnscrypt-proxy -R dnscrypt.eu-dk --local-address=127.0.0.1:40

Using dnsmasq listening on port 40 to cache requests. Also, edit dnsmasq.service to load after After=dnscrypt-proxy.service.

or 

systemctl edit dnscrypt-proxy.socket

Note: The ListenStream and ListenDatagram options need to be cleared with empty assignment before overriding, otherwise the new address would be added to the list of sockets. 

[Socket]
ListenStream=
ListenDatagram=
ListenStream=127.0.0.1:40
ListenDatagram=127.0.0.1:40

Server

Resolvers

  • DNSCrypt.eu does not censor or change DNS lookups, nor log your traffic through the DNSCrypt service in a way that can identify you.
    • 176.56.237.171 and 77.66.84.233

Testing

DANE

Convergence

DNSNMC

DNS-over-HTTPS

Free

Dynamic

Software

Self-hosted




Subdomain

DNS over HTTP




  • https://github.com/bambenek/block-doh - This is a list of hostnames, IP addresses, and appropriate RPZ zone files to either block usage of DNS-over-HTTPS in an environment or to redirect it to a local DNS-over-HTTPS (DoH) server.


Alternate


GNU Name System


KadNode

  • https://github.com/mwarning/KadNode - a small and decentralized DNS resolver that can use existing public key infrastructures. It utilizes the BitTorrent P2P network and mbedtls for TLS/crypto support. KadNode can intercept .p2p domain queries on the systems level and resolve them using a decentralized DHT network. TLS authentication can be used to make sure the correct IP address was found. If successful, the IP address is passed to the application making the request.
Retrieved from "https://wiki.thingsandstuff.org/index.php?title=DNS&oldid=57436"