Using bind (9.11) i can do a dig with client subnet and make my DNS resolver choose A record based on client subnet (ecs), but i want to put a recursive DNS in between the authoritative server and client , where the Recursive DNS should forward the client subnet to the Authoritative server and receive relevant A record.
dig # sample.com +subnet=10.0.0.0.24
Where the recursive-dns should forward this request to the Authoritative server along with client subnet.
Is there a way to configure my recursive dns to do that.
thanks,
Passing ECS (EDNS Client Subnet) is currently only available on the 'Subscriber Edition' of BIND.
BIND does have support for using ECS as an Authoritative nameserver. But not for passing the option through the resolver.
See here for reference :
https://www.isc.org/docs/BIND-9-S-Edition.pdf
This can be implemented, but only in the bundle PowerDNS Recursor + PowerDNS Authoritative.
"View" bind9 can be replaced with a similar "LUA view" function in PowerDNS Authoritative.
Related
So I'm deploying this app called WSO2 API Manager to AKS and at the end of the tutorial it asks me to do this :
If the defined hostnames (in the previous step) are backed by a DNS
service, add a DNS record mapping the hostnames and the external IP
(EXTERNAL-IP) in the relevant DNS service.
So I don't know where to go from here, because if I map the DNS to the IP in the hosts file, the app works no problemo.
But I'm on AKS, if someone could guide me through doing the equivalent over there, I would be grateful.
For a DNS to work through the internet you need to properly configure it. If your DNS name is abc.com, first you need to purchase "abc.com" domain through a domain registrar. Then it should be mapped to the public IP of your Ingress. You can use Azure DNS for this. Refer to the following.
https://learn.microsoft.com/en-us/azure/dns/
https://learn.microsoft.com/en-us/azure/dns/dns-getstarted-portal
I wanted to create an Alias record that simply points my naked domain name (zone apex) to a simple elastic IP address associated with a single EC2 instance. But that type of target isn't valid. It looks like the Alias Record targets are only limited to
Elastic Load Balancers (ELB's)
S3-Endpoints
Cloudfront Distributions
Other DNS Record Sets.
Can anybody shed some theoretical light as to why I am unable to use the A-record to point the domain to a simple EC2 with an ip address? Thanks.
Basic DNS 101
Yes. Create an A record containing the IP address of your instance. It isn't an alias, and it shouldn't be an alias.
Your issue is that your web server itself or Wordpress is misconfigured and is actively issuing redirects to what it wrongly believes to be the correct/desired name, which has nothing to do with how this A record is provisioned. Review your response headers and you will find a 30x HTTP response coming from your web server.
I am developping a chat application using Ejabberd server. I would like to implement audio and video calling. In order to do so, I want to use Jingle.
However, jingle requires a stun server, so I'm trying to configure Ejabberd as one.
In the documentation (https://docs.ejabberd.im/admin/configuration/#stun-and-turn), it is said that you have to add DNS records as follows :
_stun._udp IN SRV 0 0 3478 stun.example.com.
_stun._tcp IN SRV 0 0 3478 stun.example.com.
_stuns._tcp IN SRV 0 0 5349 stun.example.com.
However, I don't know where to make this configuration (I am working on a windows machine).
Can someone help me please ?
Thank you
DNS records are typically configured with the registrar for your domain. In addition to registering domains, most registrars also provide DNS services and have some sort of web page for configuring DNS to map host names to IP addresses. So if you own yourdomain.com (for example), and your stun server is at IP address 1.2.3.4, then you could just simply register stun.yourdomain.com to point to 1.2.3.4 using the standard "A" record type as you would for a web server or any other service.
SRV records are another type of DNS entry. Instead of mapping hostname to IP address, it maps a service name to a hostname and port. The idea being that a domain could have a default "sip", "stun", or "turn" that a client application could infer from an email address instead of having the user or other service provide it. The SRV record essentially just points to a standard "A" record for a hostname (and provides the port as well). STUN is one of a handful of standard SRV records that can be specified for a domain.
However, I do not know of a single client or service that require an SRV record for STUN. Most client software that attempts to do P2P or VOIP needs that needs a STUN (or TURN) server can be configured with a hostname or with an IP address address. Perhaps Jabber has a different requirement, but I suspect you can skip the DNS registration step and use the server's IP address for subsequent configuration steps.
I have a dedicated server in my office and it has a static IP on internet, now i want to connect this server to a domain and setup mail server on it.
my only problem is how to connect IP and domain?
I have some questions about this but can't find answer by searching, please help me:
If i had to create my own dns server to handle it? if so how to run dns server
to create mail server that reliable by gmail and other mail-servers i had to provide RDNS to my server, how?
Thanks in advanced
Assuming that you have registered a domain already, you add an A record, which specifies hostname and ip address of your server. You don't need to install your own nameservers, if you use services of a DNS hoster. Many registrars, where you can register a domain, also offer such DNS hosting services. However, regardless of who runs the nameservers which are authoritative for your domain, you will still need to add that A record to your zone on the master nameserver. Depending on used service, you may then have to update SOA serial, and issue an update notification to slave nameservers, so they know that they must ask master nameserver for the updated zone - but most DNS hosters do this step automatically.
For reverse DNS, you add a PTR record to reverse zone. The netblock owner is in control of the reverse zone.
The nameservers authoritative for reverse zone are generally different servers than those you put hostname and ip address of your server on, and you will have to use facilities or cooperation offered by netblock owner.
What I understand about how DNS works is like this: first let's assume mydomain.com has the IP address 12.34.56.78. Now when I put the url mydomain.com in the browser, the browser sends a dns lookup to its local dns server, asking, hey, do you know the ip address for mydomain.com. If the local dns server does not know about it, it will ask the parent dns servers, if the parent also does not know, then it keeps asking all the way up until the root dns server. The root dns server will ask some server in charge of the .com tld. The dns server in charge of the .com will have knowledge about mydomain.com because mydomain.com is the .com family. Then the answer will be returned back to the initial asker. Also the answer quite likely will be cached in the dns servers involved in the asking process. Would anyone correct my understanding if it is wrong.
So my real question is about how reverse dns lookup works. Let's say if I want to find out what domain name is for the ip 12.34.56.78. I run the command dig -x 12.34.56.78. If my local dns server does not know the answer, which server does it further ask? Is it 12.in-addr.arpa., or 34.12.in-addr.arpa.? If this is the case, are these names like 12.in-addr.arpa. valid domain names? And where should they be deployed so that the reverse lookup requests will know whom to ask?
How a reverse DNS lookup is accomplished:
The DNS resolver reverses the IP, and adds it to ".in-addr.arpa" (or ".ip6.arpa" for IPv6 lookups), turning 192.0.2.25 into 25.2.0.192.in-addr.arpa.
The DNS resolver then looks up the PTR record for 25.2.0.192.in-addr.arpa.
The DNS resolver asks the root servers for the PTR record for 25.2.0.192.in-addr.arpa.
The root servers refer the DNS resolver to the DNS servers in charge of the Class A range (192.in-addr.arpa, which covers all IPs that begin with 192).
In almost all cases, the root servers will refer the DNS resolver to a "RIR" ("Regional Internet Registry"). These are the organizations that allocate IPs. In general, ARIN handles North American IPs, APNIC handles Asian-Pacific IPs, and RIPE handles European IPs.
The DNS resolver will ask the ARIN DNS servers for the PTR record for 25.2.0.192.in-addr.arpa.
The ARIN DNS servers will refer the DNS resolver to the DNS servers of the organization that was originally given the IP range. These are usually the DNS servers of your ISP, or their bandwidth provider.
The DNS resolver will ask the ISP's DNS servers for the PTR record for 25.2.0.192.in-addr.arpa.
The ISP's DNS servers will refer the DNS resolver to the organization's DNS servers.
The DNS resolver will ask the organization's DNS servers for the PTR record for 25.2.0.192.in-addr.arpa.
The organization's DNS servers will respond with "host.example.com".
Source here.