Forgive the poor title... I'll do my best to explain
Working with Google DNS or OpenDNS (as they're both anycast) - is there a command in Windows or Linux where I can do a lookup and have the IP address or hostname of the actual server that resolved the lookup returned?
The reason I ask is I'm trying to find where my queries to 8.8.8.8 are actually resolved. While Google list my country as having DNS infrastructure, I have a feeling it's only a cache and the queries are being resolved in Europe
Thx
No, you can't find that.
Actually, if the server already has those info you want in its database/cache,it will reply you directly. Otherwise, it would query other domain name servers (may through Root domain name servers and/or other authoritative) to get DNS records, then update its database/cache and also reply you.
Related
I need to access my Digitalocean server by typing sendy.ambee.app in the URL. If I type the IP address 157.230.9.219, it works.
But as long as I type sendy.ambee.app, it does NOT work.
When I ping sendy.ambee.app in terminal, it pings the correct IP address (157.230.9.219). Same thing when I try it here https://asm.saas.broadcom.com/en/ping.php
This is my Google domain's Name Space settings:
Shall I change Name servers? Just note here, on my ambee.app domain I use Google Workspace (so I do want to keep google servers for the main domain)
What else shall I have set up in there (in Google Domains DNS settings)? This is what I got so far:
I'm confused about many options there
shall I add A record in Custom resource records
or shall I forward sendy.ambee.app → 157.230.9.219 in Synthetic records
or shall I set sendy.ambee.app → 157.230.9.219 in Registered hosts
?
Is there anything specific I need to set in Digitalocean settings?
------------ ↓ UPDATE (Dec 15, 2020) ↓ --------------------
It seems that the problem is with Google Domains provider since I tried to test it out a different provider that I have and I created an A record for sendy.ambeeapp.com ->157.230.9.219 and it works without any issue (try http://sendy.tomasbaran.com to see for yourself).
Another thing is that I can't change the default Google NS servers, since I'm hosting Google Workspace on my main domain ambee.app.
To answer, succinctly, you want to add a custom Address mapping (A) record from the host name (sendy) to the IPv4 address (157.230.9.219) for your domain (ambee.app).
You should leave the name servers as they are; this configuration is necessary so that Google can manage your domain and resolve your records.
It's good to leave the defaults TTL but you can reduce these. Alternatively, once you've updated your DNS records through Google, you can check the resolver on Linux using either of the following:
nslookup sendy.ambee.app 8.8.8.8
nslookup sendy.ambee.app 8.8.4.4
NOTE 8.8.*.* are the IPs for Google's DNS service and will resolve quicky
It may (!) take some time (but usually not very long) for these updates to be shipped to other DNS resolves on the Internet.
It's unclear how you're able to resolve sendy.ambee.app to the IPv4 address (157.230.9.219) without changing your DNS records.
It's unlikely Google Domain's (i.e. Google's) DNS is at issue.
I'm trying to get all the domains linked to a record like here
http://viewdns.info/reverseip/?host=23.227.38.68&t=1 but I'm getting no luck with dig 23.227.38.68 or nslookup 23.227.38.68. Any idea what I'm doing wrong?
The design of DNS does not support discovering every domain associated with a certain IP address. You may be able to retrieve one or more DNS names associated with the IP address through reverse IP lookup (PTR records), but does not necessarily give you all domains. In fact, it rarely will.
This is because the information you seek is scattered throughout the global DNS network and there is no single authoritative node in the network that has this information. If you think about it, you can point the DNS A record of your own domain to the IP of stackoverflow.com and that's perfectly valid, but anyone seeking to know this would have to find your DNS servers to figure this out. DNS does not provide any pointers for this, though.
Yet, certain "passive DNS" services (probably including viewdns.info) seem to overcome this limitation. These services all work by aggregating DNS data seen in the wild one way or another. At least one of these services works by monitoring DNS traffic passing through major DNS resolvers, building a database from DNS queries. For instance, if someone looks up yourdomain.com that points to 1.2.3.4 and the DNS query happens to pass through the monitored resolver, they take note of that. If a query for anotherdomain.com is seen later and it also resolves to 1.2.3.4, now they have two domains associated with 1.2.3.4, and so on. Note that due to the above, none of the passive DNS services are complete or real-time (they can get pretty close to either, though).
I understand the forward DNS lookup process. Essentially each domain has one or more authoritative name servers, and these authoritative name servers are ultimately responsible for answering the question what the ip address is for the domain name looked up.
However, I don't understand how the reverse DNS lookup works. Essentially I don't understand who is the authoritative rDNS name server? Normally whoever provided the ip address? When I dig -x a.b.c.d, how does the dig program know where to look for the authoritative rDNS server to get the domain name for the ip address a.b.c.d?
Thanks,
Elgs
The owner of the a.b.c.d netblock is also the owner of c.b.a.in-addr.arpa. The reverse DNS query looks up a PTR record for d.c.b.a.in-addr.arpa. internally. (Still not too many years ago, you had to perform this manipulation yourself; it wasn't built into dig and friends.)
There are semi-obvious problems with this when the delegated netblock is smaller than a /24; then the upstream will have to handle rDNS somehow. It's not too uncommon that they will provide approximate or outright incorrect information in this scenario. (https://www.rfc-editor.org/rfc/rfc2317 proposes a solution, but it is nowhere near ubiquitous in practice.)
http://en.wikipedia.org/wiki/Reverse_DNS_lookup has a much more detailed treatment if you require details.
So, I'm on day 3...
I am running an Ubuntu.64-based distribution on a VirtualBox. I have the need to access both external ISP DNS servers, as well as "internal" DNS servers through an OpenVPN connection. At times I need to query the external DNS(#host example.com) through the eth0 interface; sometimes I need to query the VPN "internal" DNS (#host internal.local) through the tap0 interface.
My question is: how do I configure my system to query the correct nameserver-- the ISP DNS or the VPN DNS (for attempting zone transfers, for example)?
I've tried editing resolv.conf to include both external and internal nameservers/domains, with no luck (obviously). I've also tried mitigating the situation with dnsmasq. That got me close (I think).
I realize I can use dig to set the [#server] based on individual queries, but I would appreciate a systemic resolution.
Any help would be appreciated.
I've used the PowerDNS recursor for exactly this situation before; it is in the package pdns-recursor, if you wish to try it. You'll want to set your /etc/resolv.conf to query only 127.0.0.1 should you choose to try this approach.
The forward-zones directive lets you specify which servers to contact for which zones:
forward-zones= ds9a.nl=213.244.168.210, powerdns.com=127.0.0.1
It does look a little strange, since it is one configuration setting that takes multiple values, but you do get to specify exactly which servers are going to provide answers for which domains.
This is not a C# question. This has to do more with our servers. Basically we've been noticing that another DNS address is resolving to our server's address, example.
Our DNS: www.bob.com
The other mysterious DNS that resolves to our IP: thing.blah8.com
This is actually a rather serious issue because some how this random DNS is being picked up by google and people are reaching our website through this address. So anyone have any ideas where this second DNS address is coming from? Anyone seen this strange behavior before? I'm guessing it might be the name of the box of our webhost.
Any hints or tips of where to look would be great. As a note, we've already checked our DNS server and there is no obvious clue as to where that address is coming from.
You can try contacting their technical domain contact (get it through a WHOIS request) and let them know their DNS is wrong. There's nothing you could forcefully do to stop them, outside of catching this hostname request with your web server and serving those visitors a different page. Some might say traffic is traffic, but I assume you don't agree. :)
It doesn't have anything to do with your servers, it's the remote sites DNS zone that is configured with your IP address. You couldn't make that happen.