Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 10 months ago.
Improve this question
Need add corretly CNAME record to dnsmasq.
In sample from FAQ can make cname records in config
cname=blizzard.cache.lancache.net,cdn.blizzard.com
This format return A record for original domain name.
# nslookup cdn.blizzard.com
Server: 185.123.187.8
Address: 185.123.187.8#53
Non-authoritative answer:
Name: cdn.blizzard.com
Address: 137.221.64.2
Name: cdn.blizzard.com
Address: 137.221.64.5
It`s not correctly for my task. Need return CNAME record. (this answer maked on bind as sample)
# nslookup cdn.blizzard.com
Server: 185.123.187.8
Address: 185.123.187.8#53
Non-authoritative answer:
cdn.blizzard.com canonical name = blizzard.cache.lancache.net.
Name: blizzard.cache.lancache.net
Address: 172.16.0.200
This correctly answer. There we can see request to "cdn.blizzard.com", cname record for this domain "blizzard.cache.lancache.net" and ip for cname "172.16.0.200". How make so answer via dnsmasq?
please try:
cname=cdn.blizzard.com,blizzard.cache.lancache.net
Related
Closed. This question is not about programming or software development. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 6 months ago.
Improve this question
I know thats not the kind of question that are commonly asked in here, but I don't know where to ask instead.
I want to setup DynDNS with my FritzBox 6600 Cable, but i always got an 500 - notfqdn (not full qualified domain name) Error. (I know FritzBox is not the best solution avaiable... but this is what i have to work with).
According to this guide i set up the DynDNS config in the FritzBox and used the username and password from the configured DynDNS and the update url domains.google.com/nic/update with the dyndns domain. The config in the FritzBox looks like the following:
Update-URL: domains.google.com/nic/update
Domainname (Domain-Name): something.my-domain.de
Benutzername (Username): my_username
Kennwort (Password): my_password
I don't know what's the problem. Some testing with other configuration shows that a random user and password give the same 500 error.
Do anybody know how the request of the FritzBox looks like and how the parameters are parsed?
According to the FRITZ!Box help page you can use pre-defined placeholders inside the Update URL which will be filled with the corresponding information.
So in the case of Google Domains the API expects a request URL in the following form:
https://username:password#domains.google.com/nic/update?hostname=subdomain.yourdomain.com&myip=1.2.3.4
In your FRITZ!Box DynDNS configuration you have to replace the variables in the Google Domains API URL by the corresponding placeholders from the FRITZ!Box documentation, which will look something like this:
https://<username>:<pass>#domains.google.com/nic/update?hostname=<domain>&myip=<ipaddr>
Note that the URL might be different depending on your FRITZ!Box type.
For further information check out the Google Domains help page Learn about Dynamic DNS
(especially the section "Use the API to update your Dynamic DNS record") and the help page of your FRITZ!Box, which may be accessed using the question mark icon in the top right of the DynDNS configuration page. (Help page for FRITZ!Box 7590)
You need to change the URL into following syntax
https://username:password#domains.google.com/nic/update?hostname=subdomain.yourdomain.com
Use the userdefined DynDNS provider.
Update-URL: https://domains.google.com/nic/update?hostname=mydyndns.yourdomain.com
Domainname: mydyndns.yourdomain.com
Username: generated username from Google Domains
Password: generated password from Google Domains
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 12 months ago.
Improve this question
I read a document which says that a host with a complicated hostname can have one or more alias names. For example, relay1.west-coast.media.com is a canonical hostname whereas media.com is an alias. They both are related with each other by 'A' record and 'CNAME' record in DNS system follows:
media.com CNAME relay1.west-coast.media.com
relay1.west-coast.media.com A 210.23.25.32
What makes us use the complicated canonical hostname? Can't we simply associate alias with the ip address by adding record 'A' in the DNS system as follows:
media.com A 210.23.25.32
CNAME entries are useful when running multiple services on a single server. For example you could point www.media.com, ftp.media.com, and mud.media.com all to relay1.west-coast.media.com.
That way if the IP address of relay1... ever needed to change, it would be a single update to the A record instead of multiple.
Yes, you can.
First, as Lanexbg explained your specific example is wrong since you can not have a CNAME at apex (root) of the zone because by definition a CNAME record can not coexist with anything else (we will forget about the exceptons here) and at apex you need to have SOA and NS records for your zone to work correctly.
So let us just instead use the appropriate names for configuration/documentation needs and discuss about the difference between www.example.com A and www.example.com CNAME www.example.net + www.example.net A
The end result of the www.example.com A resolution would be the same for an end user, besides various points that can be neglected on a first approach (like performance issues).
If you are maintaining both the authoritative nameservers for example.com and example.net you are free to choose between the two cases. As Chris Meueur noted, the big difference is when you need to change the data (IPv4 address) of the A record. In the first case you will need to change it as many times as you have records for it where in the second case you will need to change it only once, and all other records having a CNAME pointing to www.example.net will get automatically updated.
CNAME have their drawbacks too: they can influence performance, you need to avoid chains of them and even more loops, they can not be used everywhere in the same way as a name in an A record, etc.
So it is a compromise.
But there is another case to take into account: if you are the administrator of example.com but not of example.net. ExampleNET Inc. could be a big hosting company, or a CDN. You want to use their services for your www.example.com website. If they give you an A record to put in your zone they have the problem that they will basically never be able to change it if they need because all their clients will have its current value hardcoded in all their zonefiles, so that is a big problem against agility, and sometimes you need to be able to renumerate in an hurry, like during a DDOS attack.
Instead if they advise you to do a CNAME, they would be free to change their A record without anything else having anything to do and with the results "immediately" applied to everyone.
This is a very common case, specifically for CDN.
Among many others see this live example when asking for www.microsoft.com:
;; ANSWER SECTION:
www.microsoft.com. 3600 IN CNAME www.microsoft.com-c-3.edgekey.net.
www.microsoft.com-c-3.edgekey.net. 20499 IN CNAME www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net.
www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net. 3600 IN CNAME e13678.dspb.akamaiedge.net.
e13678.dspb.akamaiedge.net. 3600 IN A 23.67.120.106
(of course advanced setups can also be enable for load-balancing and/or fail-over and/or varying the result based on the geography of the source).
This is not the only way to do it (for example, instead, they could have asked you to change the authoritative nameservers for your example.com zone so that they could control it), and it has limits too (the most important one being the one outlined at the beginning: you could not put a CNAME at apex so if you wanted also a website on http://example.com/ (note the lack of www) you would need other solutions).
I think media.com could have different sub-domains under the actual domain, for example - www.media.com, ftp.media.com, mud.media.com these are some of the sub-domains under media.com. Each and every sub-domain will have a different IP address also, so if we just point it to media.com A 210.23.25.32, it won't be able to resolve the full query that the user needs.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 9 years ago.
Improve this question
I have a server and every page has a redirect to use the SSL (https) using htacess. My question is what if someone types in the url http://www.domain.com/ and it redirects to https://www.domain.com was the information sent in the original request un-encrypted?
was the information sent in the original request un-encrypted?
Yes, the http://domain.com/ request is unencrypted, as is the response that contains the redirect. The SSL handshake happens before any data is sent, and until the browser knows to initiate an SSL handshake on the SSL port, everything is unencrypted.
Jon Lin's answer is correct. If this is a security concern, then it's best to ensure that the user only connects to your site by way of https, or redirecting from their first connection, before any sensitive information is sent. This can be done using the .htaccess file.
Yes the information passed via http protocol remains unencrypted. All the communication via http will be then unencrypted. Redirection occours after transmission of packet to the redirecting server so this communication can not be encrypted just by redirecting to https site.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 2 years ago.
Improve this question
I haven't found the answer to this question anywhere and I'm a bit confused.. I want to know if the root DNS servers are queried iteratively or recursively?
As far as my understanding of the subject goes, they can be queried recursively,as they are the 'last option' to resove a name, so they must answer with the IP address/error message. Am I correct? Please make this clear for me. Thanks.
Queries to any DNS server, regardless of whether they're the root server or not, get answered with information that the server is allowed to give out about names they know something about. What that means is that if you query a server for a name it doesn't know about, but it does know who owns part of it, it'll refer you to the next place to ask.
Lets say you need to find out where www.example.com is. If you use the dig utility from the bind package, you can query the root for the answer and see what it will tell you:
# dig #b.root-servers.net. www.example.com a
;; QUESTION SECTION:
;www.example.com. IN A
;; AUTHORITY SECTION:
com. 172800 IN NS h.gtld-servers.net.
com. 172800 IN NS d.gtld-servers.net.
; [...11 more authority servers for .com not shown...]
;; ADDITIONAL SECTION:
h.gtld-servers.net. 172800 IN A 192.54.112.30
d.gtld-servers.net. 172800 IN A 192.31.80.30
; [...11 more IP addresses for .com not shown...]
The effect of the above response is the root server telling you "I
don't know where www.exmaple.com is. You'll need to go ask .com next,
which is at the following list of addresses.
And so off you'd march to ask the .com server's the same question:
# dig #h.gtld-servers.net. www.example.com a
;; QUESTION SECTION:
;www.example.com. IN A
;; AUTHORITY SECTION:
example.com. 172800 IN NS a.iana-servers.net.
example.com. 172800 IN NS b.iana-servers.net.
;; ADDITIONAL SECTION:
a.iana-servers.net. 172800 IN A 199.43.132.53
a.iana-servers.net. 172800 IN AAAA 2001:500:8c::53
b.iana-servers.net. 172800 IN A 193.0.0.236
b.iana-servers.net. 172800 IN AAAA 2001:610:240:2::c100:ec
This answer helps you further by saying "I don't know either, but go
ask the owners of example.com". Asking them will finally get you a
real answer you were looking for:
# dig #a.iana-servers.net. www.example.com a
;; ANSWER SECTION:
www.example.com. 172800 IN A 192.0.32.10
And finally we have a server that is willing to give us the real
answer.
Note, however, we asked each server in turn, starting from the root
and going down. At each step someone either said "I have the answer"
or "I don't have the answer, but I know who you should talk to next".
Recursive servers (i.e. the ones serving end-user clients) perform iterative queries to authoritative servers.
In response to those iterative queries, each authoritative server in the chain down from the root will either return the answer if it's authoritative for that domain, or a referral to the next servers down the chain that might have the answer.
The root name servers do not offer fully recursive service, only referrals to the name servers run by each TLD.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 11 years ago.
Improve this question
We are hosting the page of many of our customers. We want to be able to provide our customers with a subdomain of our own domain like customerpages.ourdomain.com so they can create a CNAME to this subdomain.
www.customer1.com CNAME customerpages.ourdomain.com. {This will work just fine.}
But the situation is I don't know if all our customers will be able to place the following CNAME
customer1.com CNAME customerpages.ourdomain.com
This last CNAME looks like it's against the RFC of DNS.
Any thoughts will be appreciated.
No, you can't do that - CNAME records can only exist as single records and not combined with any other resource record (DNSSEC records excepted).
There are explicit SOA and NS records always present at the top of each domain, so that prevents the use of the CNAME at the same part of the hierarchy.
It's true, given a domain example.com, some DNS servers (tinydns for one) won't complain if you set up CNAME records for both example.com and www.example.com. But still I'd avoid it as it would break e-mail for example.com (see RFC 2821 "Address Resolution and Mail Handling").