#ItsAlwaysDNS

1 post1 participant0 posts today

Yann Büchau :nixos:Somehow, my plan of making my own <a href="https://fosstodon.org/tags/DynDNS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DynDNS</a> by regularly updating my <a href="https://fosstodon.org/tags/netcup" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#netcup</a> domain with my home IP doesn't really work, it's super unreliable. I guess this DNS caching really is a b*tch. 😩I wonder what <a href="https://fosstodon.org/tags/FreeDNS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#FreeDNS</a> et al. do differently. Maybe they have some mechanics to force everyone to update more quickly, idk...<a href="https://fosstodon.org/tags/ItsAlwaysDNS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ItsAlwaysDNS</a>

udo m. rader ☕ 🇪🇺 🇺🇦 🐧A reminder for myself, nicely packaged in the form of a Haiku...No matter how "experienced" and "senior" you may be, this strikes mercilessly from behind when you least expect it...⚠️ It's always the <a href="https://sigmoid.social/tags/DNS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DNS</a> ⚠️<a href="https://sigmoid.social/tags/ItsAlwaysDNS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ItsAlwaysDNS</a> <a href="https://sigmoid.social/tags/networking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#networking</a> <a href="https://sigmoid.social/tags/noc" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#noc</a> image credits go to reddit, see ALT

Jonathan B ✈️🪄👨🏻‍💻<a href="https://mastodon.me.uk/tags/itsAlwaysDNS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#itsAlwaysDNS</a>

Solarbird :flag_cascadia:ETA: Okay the below is fixed, but why would db.root not update when everything else does?(it's on Debian)-----okay this is weirdthe root hints file I have diffs identically to the one I just pulled down from the internic as a sanity check (other than the last updated date which is also weird)but I'm getting this regardless:named[1252171]: checkhints: b.root-servers.net/A (170.247.170.2) missing from hints named[1252171]: checkhints: b.root-servers.net/A (199.9.14.201) extra record in hints(and similar for the IP6, elided for space)why<a href="https://mastodon.murkworks.net/tags/bind" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#bind</a> <a href="https://mastodon.murkworks.net/tags/named" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#named</a> <a href="https://mastodon.murkworks.net/tags/sysadmin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#sysadmin</a> <a href="https://mastodon.murkworks.net/tags/ItsAlwaysDNS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ItsAlwaysDNS</a> <a href="https://mastodon.murkworks.net/tags/why" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#why</a>

Erik van Straten<a href="https://hachyderm.io/@rmondello" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@rmondello</a> : your website works fine from NL."It's always DNS", but this appears to be an exception, from <a href="https://isc.sans.edu/tools/dnslookup.html" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://isc.sans.edu/tools/dnslookup.html</a>:<a href="https://infosec.exchange/tags/DNS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DNS</a> <a href="https://infosec.exchange/tags/ItsAlwaysDNS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ItsAlwaysDNS</a> <a href="https://infosec.exchange/tags/OrSomethingElse" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OrSomethingElse</a>

Mythic Beasts<a href="https://mas.to/@bcwrkittens" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@bcwrkittens</a> <a href="https://social.mythic-beasts.com/tags/itsalwaysdns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#itsalwaysdns</a> 🙂

Stefan :veritrek:Actually it looks like one of my VPS IPv6 changed which I used for Monitoring the IPv6 WAN Gateway in <a href="https://social.stefanberger.net/tags/OPNsense" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OPNsense</a>.. additionally python used nearly 100% CPU.. which was the Netflow. Don’t know why I had this on. So I‘m not monitoring the Gateway anymore for now to keep is just running. CPU is down again to max 30%. And having DNS on that same host is really bad, because my whole HomeLab including HomeAssistant dies even for reaching local systems. <a href="https://social.stefanberger.net/tags/ItsAlwaysDNS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ItsAlwaysDNS</a> <a href="https://social.stefanberger.net/tags/HomeLab" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#HomeLab</a> <a href="https://social.stefanberger.net/tags/UnboundDNS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#UnboundDNS</a>

Stefan :veritrek:Sometimes it’s just…. DNS. <a href="https://social.stefanberger.net/tags/ItsAlwaysDNS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ItsAlwaysDNS</a>Connections have being really slow today and some of my scripts reaching local <a href="https://social.stefanberger.net/tags/HomeLab" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#HomeLab</a> service have been also slow.It was <a href="https://social.stefanberger.net/tags/UnboundDNS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#UnboundDNS</a>. A restart of <a href="https://social.stefanberger.net/tags/OPNsense" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OPNsense</a> after the latest hotfix update solved the issue.

Garrett Wollman<a href="https://mastodon.social/@onlmaps" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@onlmaps</a> So what happens to the .io ccTLD? <a href="https://mastodon.social/tags/itsAlwaysDNS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#itsAlwaysDNS</a>

Matt W1CDNAnyone know if a TP-Link Archer C59 wireless router *should* have hairpinning/loopback?<a href="https://mastodon.radio/tags/itsAlwaysDNS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#itsAlwaysDNS</a>

Martin PughAway from home at the moment and just remembered I packed my little GL-MT3000 travel router. Fired it up, connected it to the guest WiFi where we are and as planned it "phones home" to connect to a self hosted Wireguard peer, in the process giving my filtered DNS thanks to pihole and tunnels all my traffic through the Wireguard tunnel so it's hidden from prying eyes. I had my phone connecting back home anyway, this just means a little less battery drain and I get to test it properly instead of on my phone hotspot. So far, so good, except for home server DNS. Wth.... Ahhhh, that's because I started updating all the local DNS records for my home servers but never finished and obviously I picked a server I hadn't updated yet.<a href="https://bsd.network/tags/Wireguard" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Wireguard</a> <a href="https://bsd.network/tags/ItsAlwaysDNS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ItsAlwaysDNS</a> <a href="https://bsd.network/tags/selfhost" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#selfhost</a>

Paco Hope #resistLe sigh. It appears <a href="https://infosec.exchange/tags/mozilla" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#mozilla</a> is too distracted with <a href="https://infosec.exchange/tags/AI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AI</a> and <a href="https://infosec.exchange/tags/LLMs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#LLMs</a> to run their good old <a href="https://infosec.exchange/tags/email" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#email</a> correctly. Maybe they should buy <a href="https://io.mwl.io/@mwl" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@mwl</a> 's <a href="https://infosec.exchange/tags/RYOMS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RYOMS</a> and learn a thing or two.I signed up for their community forums so I could comment on <a href="https://connect.mozilla.org/t5/discussions/share-your-feedback-on-the-ai-services-experiment-in-nightly/m-p/60519" rel="nofollow noopener noreferrer" target="_blank">the AI experiment in Nightly</a>. This, as you can imagine, is getting A LOT of noise and I think mozilla is trying to email me and tell me that things have happened on that thread. I'm not getting the emails. My upstream mail receiver is showing 775 messages queued up for me, that my email server keeps rejecting. Let's look at why.<ol><li>The host <code>community.mozilla.ORG</code> is a CNAME to <code>bnzry48543.lithium.com.</code></li><li><code>bnzry48543.lithium.com.</code> is a CNAME for <code>d3rxjeenbqqyxw.cloudfront.net.</code>, which is AWS's CloudFront CDN service.</li><li>There are no MX records for <code>community.mozilla.ORG</code> because there cannot be any others. If you're a CNAME, you can't have any other records. God only knows why there is this extra <code>lithium.com</code> CNAME in there. Probably so they can have an Alias record in a hosted AWS zone. (Hint: this is the dumb way to do it. The right way is to create <code>community.mozilla.org</code> as a Route53 zone, so you can get the Alias records for CloudFront, then in your <code>mozilla.org</code> zone you create NS records for the Route53 zone. Look at how I do <code>blog.paco.to</code> at AWS, when <code>paco.to</code> DNS is not hosted at AWS for an example).</li><li>The Mozilla community software is sending emails out with a from address of <code>community@connect.mozilla.COM</code>.</li><li>If you run <code>dig connect.mozilla.com any</code> you will find (assuming you find the same as me), a single, solitary TXT record: <code>"v=spf1 include:%{i}._ip.%{h}._ehlo.%{d}._spf.vali.email ~all"</code>. I'm not up enough on fancy-ass SPF records, but what I can tell you is that there is NO MX record for <code>connect.mozilla.com</code>. That makes it a pretty illegitimate domain to be on the righthand side of an <code>@</code> in email. If I would like to send email to <code>community@connect.mozilla.com</code>, where should I direct that mail? Undefined. Ergo, illegitimate.</li></ol>So, at the moment, my SMTP upstream and I are stuck in a bit of an argument. They've accepted the email from <code>connect.mozilla.com</code> and when they present it to my mail server, I say 'illegal domain, man. fuck off.' Well, they're a little stuck. They can't send that rejection back to the originator, because that's not possible (No MX record). So they pause, consider their life choices, and try again. I'm currently fielding 1800 attempts per hour and I have no idea how many of those are the umpteenth retry of something sent 5 days ago, and how many are a first email that was sent this morning. (It's no big deal. I mentioned it to my support folks, they'll get it fixed soon)Maybe someone at Mozilla can ask <a href="https://infosec.exchange/tags/ChatGPT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ChatGPT</a> "How do I configure DNS records for email?" and get a halfway competent reply. I wish they'd just work on <a href="https://infosec.exchange/tags/firefox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#firefox</a> features that I want, instead.<a href="https://infosec.exchange/tags/dns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dns</a> <a href="https://infosec.exchange/tags/smtp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#smtp</a> <a href="https://infosec.exchange/tags/itsalwaysdns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#itsalwaysdns</a>

Neil CraigNot saying it was DNS but...<a href="https://mastodon.social/tags/ItsAlwaysDNS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ItsAlwaysDNS</a> <a href="https://mastodon.social/tags/GoogleCloud" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#GoogleCloud</a> <a href="https://mastodon.social/tags/DNS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DNS</a> <a href="https://mastodon.social/tags/SysAdmin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SysAdmin</a>

OblomovAh, no, <a href="https://sociale.network/tags/itsAlwaysDNS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#itsAlwaysDNS</a> For some reason my WiFi had connected to my sister's network but was still trying to access as DNS my home server (which I use as cache).

Stéphane Bortzmeyer<a href="https://mastodon.social/@jpmens" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@jpmens</a> I'm sure this new RR type is the cause of the current cybercatastrophe.<a href="https://mastodon.gougere.fr/tags/itsAlwaysDNS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#itsAlwaysDNS</a>

Status UpdatesThe problem where unresolvable DNS records were still resolving has been resolved. Unresolvable records now remain unresolved so this is now solved.<a href="https://hachyderm.io/tags/dns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dns</a> <a href="https://hachyderm.io/tags/itsalwaysdns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#itsalwaysdns</a>

Aaron LongchampsToday’s janky desk setup is brought to you by my pi-hole DNS server not liking power outages. It doesn’t seem to want to talk in the network, which is kind of a problem.I also really need to move my home DNS to something else. I’m thinking of running two containers in docker and I do have an unused Mac Mini that would probably work for it.<a href="https://infosec.exchange/tags/homelab" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#homelab</a> <a href="https://infosec.exchange/tags/dns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dns</a> <a href="https://infosec.exchange/tags/itsalwaysdns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#itsalwaysdns</a> <a href="https://infosec.exchange/tags/containers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#containers</a>

R. L. Dane :debian: :openbsd:<a href="https://dmv.community/@jcrabapple" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@jcrabapple</a> <a href="https://fosstodon.org/tags/ItsAlwaysDNS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ItsAlwaysDNS</a> ;)cc: <a href="https://alpha.polymaths.social/@amin" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@amin</a>

Gert van DijkDomain of the National Police in The Netherlands (politie\.nl) went unreachable for those who validate responses using DNSSEC; they were sending bogus responses. <a href="https://mastodon.social/tags/dns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dns</a> <a href="https://mastodon.social/tags/dnssec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dnssec</a> <a href="https://mastodon.social/tags/itsalwaysdns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#itsalwaysdns</a><a href="https://dnsviz.net/d/politie.nl/ZbdeBQ/dnssec/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://dnsviz.net/d/politie.nl/ZbdeBQ/dnssec/</a>(appears to be resolved later today around 11:27 CEST)via <a href="https://mastodon.social/@marcodavids" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@marcodavids</a> on X <a href="https://twitter.com/marcodavids/status/1751881537929302045" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://twitter.com/marcodavids/status/1751881537929302045</a>

Marcos Dione<a href="https://en.osm.town/tags/til" class="mention hashtag" rel="tag">#til</a>* It's really hard to find solutions for `resolved` issues because many forums add "[RESOLVED]" to the title of threads with a working solution. * Many of the features listed in yesterday's link (see <a href="https://en.osm.town/@mdione/111770755555959789" target="_blank" rel="nofollow noopener noreferrer" translate="no">https://en.osm.town/@mdione/111770755555959789</a>) only work in 'modern' `resolved`s. Check whether you're not running an old version. * if you get `SERVFAIL` from <a href="https://en.osm.town/tags/resolved" class="mention hashtag" rel="tag">#resolved</a>, check the system's logs. I was getting `Got packet on unexpected IP range, refusing`. There was a stray <a href="https://en.osm.town/tags/iptables" class="mention hashtag" rel="tag">#iptables</a> rule.<a href="https://en.osm.town/tags/ItsAlwaysDNS" class="mention hashtag" rel="tag">#ItsAlwaysDNS</a>

Recent searches

Search options

Administered by:

Server stats: