So, I'm on day 3...
I am running an Ubuntu.64-based distribution on a VirtualBox. I have the need to access both external ISP DNS servers, as well as "internal" DNS servers through an OpenVPN connection. At times I need to query the external DNS(#host example.com) through the eth0 interface; sometimes I need to query the VPN "internal" DNS (#host internal.local) through the tap0 interface.
My question is: how do I configure my system to query the correct nameserver-- the ISP DNS or the VPN DNS (for attempting zone transfers, for example)?
I've tried editing resolv.conf to include both external and internal nameservers/domains, with no luck (obviously). I've also tried mitigating the situation with dnsmasq. That got me close (I think).
I realize I can use dig to set the [#server] based on individual queries, but I would appreciate a systemic resolution.
Any help would be appreciated.
I've used the PowerDNS recursor for exactly this situation before; it is in the package pdns-recursor, if you wish to try it. You'll want to set your /etc/resolv.conf to query only 127.0.0.1 should you choose to try this approach.
The forward-zones directive lets you specify which servers to contact for which zones:
forward-zones= ds9a.nl=213.244.168.210, powerdns.com=127.0.0.1
It does look a little strange, since it is one configuration setting that takes multiple values, but you do get to specify exactly which servers are going to provide answers for which domains.
Related
I would like to know how to point mydomain.it to my dedicated server.
I explain my situation:
I have a Dedicated server on SingleHop.
I have the domain "mydomain.it" on Siteground.
I created on my Dedicated server the nameserver:
ns1.mydomain.it with IP 1.2.3.4 and
ns2.mydomain.it. with IP 1.2.3.5
Now, I wish to control all DNS settings on my dedicated server because of SPF record and DKIM record and SSL Certification, but I can't tell Siteground to point the IP 1.2.3.4 and 1.2.3.5 on my nameservers, because there is only space for the nameservers text (ns1.mydomain.it and ns2.mydomain.it) and there is not space for the IP field.
Without the IP, the domain's nameservers can't point to my dedicated server, and I can't manage DNS settings. So I ask myself what I could do for make sense to this story.
There is a way to do this?
Please help me,
Thank you.
Michele
When the DNS system was first conceived there were two addressing mechanisms that were used. The 32 bit IP Address, and the 16 bit octal Chaos Address. To make these systems easier to administer the NS record is specified as being a name rather than an address. (otherwise you would need different names for each protocol)
As it turned out, that wasn't needed as Chaos quickly died out (at least as an addressing scheme) but the original idea of having a name that then needs to be resolved to an address remains.
For this reason you can only specify a fully qualified domain name in the NS record. There are mechanisms that you can use if the domain name is on the domain you wish to create the record for (glue records) but that is quite a complicated aspect of DNS.
Aside from that though, I would say that it is very rarely a good idea to run your own name server. It is an extremely complicated - and expensive - thing to do correctly.
Weighing that against the simplicity and negligible cost of using a service to host your domain name. Who will invariably provide a global DNS infrastructure to ensure that your domain is constantly available.
Finally the majority of DNS Services all offer easy configuration of DKIM and SPF (SSL isn't something that is provided at the DNS level, it is merely part of the lookup to validate it)
I'm trying to get all the domains linked to a record like here
http://viewdns.info/reverseip/?host=23.227.38.68&t=1 but I'm getting no luck with dig 23.227.38.68 or nslookup 23.227.38.68. Any idea what I'm doing wrong?
The design of DNS does not support discovering every domain associated with a certain IP address. You may be able to retrieve one or more DNS names associated with the IP address through reverse IP lookup (PTR records), but does not necessarily give you all domains. In fact, it rarely will.
This is because the information you seek is scattered throughout the global DNS network and there is no single authoritative node in the network that has this information. If you think about it, you can point the DNS A record of your own domain to the IP of stackoverflow.com and that's perfectly valid, but anyone seeking to know this would have to find your DNS servers to figure this out. DNS does not provide any pointers for this, though.
Yet, certain "passive DNS" services (probably including viewdns.info) seem to overcome this limitation. These services all work by aggregating DNS data seen in the wild one way or another. At least one of these services works by monitoring DNS traffic passing through major DNS resolvers, building a database from DNS queries. For instance, if someone looks up yourdomain.com that points to 1.2.3.4 and the DNS query happens to pass through the monitored resolver, they take note of that. If a query for anotherdomain.com is seen later and it also resolves to 1.2.3.4, now they have two domains associated with 1.2.3.4, and so on. Note that due to the above, none of the passive DNS services are complete or real-time (they can get pretty close to either, though).
I am struggling to understand the FQDN for servers.
At the moment mine is just localhost if i type hostname in to my server terminal it just says localhost.
I understand you need a different one from this if you want to set up cpanel, or postfix or anything really.
As i know its comprised of two parts:
hostname.domainname
can domain name be made up, or does it have to be one of your domains that is set up for use on your server?
and host name can be anything, or it has to be the servername? and does it have to be set up as a sub domain of the domain?
I hope you understand my issues.
Thanks
Try typing
hostname --fqdn
FQDN means Fully Qualified Domain Name, composed mainly of two parts:
Your hostname
The domain name where your hostname is located.
It can be as easy as mycomputername.myfamilydomainname.tld, or as complex as cor-th3-1.par.fr.eu.mynetwork.net.
All of this can technically be made up, though, if you use for example, google.com as local domain, your local resolver may use this info and believe you're in the google.com DNS zone, you may then have problems resolving entries that are in the google.com DNS zone.
More info at: http://en.wikipedia.org/wiki/Hostname
I have a couple EC2 instances behind an Elastic Load Balancer. These instances serve HTTP requests for a single web site. I recently started looking at the HOST header of the traffic, because I am planning to split my app into virtual hosts.
With some regularity (dozens of times a day), I log a request for a host name that is totally unrelated to my servers. As a couple examples, today I saw requests with the host names ad.adserverplus.com and r1---sn-upfn-hp5e.c.youtube.com. I looked these up and the IP addresses are not the same as any of my servers, nor of the ELB, so I am trying to develop a theory as to how this happens.
I realize that someone could be spoofing the host header, but it happens often enough that I am pretty sure this is not what is going on. My other idea is that somehow there is stale DNS data that just happens to resolve one of those hosts to my IP address, but again this seems like it could happen once in a great while but not regularly. What are some other possibilities, and how might I verify / discredit them?
EDIT
I looked at some of the unexpected host names today, and it seems that they actually do resolve to an IP that is one of the possible IPs that my domain apex resolves to. I use Route 53 for DNS, and I have the zone apex pointed to the ELB, so when I query the IP address for my domain, I get different answers depending on when I ask. So this makes me very curious, how do these IP addresses get assigned to me and how does EC2 make sure they are not co-opting an IP address that someone else is already using.
There are any number of reasons for this. First you should understand that the public host name for your EC2 instances and load balancers have likely been used before. If you have an elastic IP associated with your load balancer, it has also probably been used before.
As such you can get traffic to your servers that is intended for a previous tenant of that hostname of IP address that you are currently using.
One thing you can do is to configure your web servers to reject traffic (respond with 403) to traffic that is not arriving with the proper hostname specified or that comes from a specific external host.
Your IP or your ELBs IP may have at one point in time been an open proxy. meaning that someone is hoping that you would forward the requests on to their intended destination.
but in general open port 80 to the internet and all kinds of bots and zombies will visit you with a pretty constant flow of dodgy requests. I would imagine though that the \ec2 IP ranges would be a particularly juicy range to search for poorly patched websites to exploit.
If I just want to know if a domain name is reserved; is it sufficient to use this command and see if any domain name servers turn up, in which case it's reserved?
host -t NS example.com
It's a lot faster than visiting http://www.internic.net/whois.html and typing example.com to get much more detailed results, which I'm not interested in anyway.
Absolutely not.
A past employer registered theirname.biz solely for use on the internal network: it had DNS entries on the inward-facing network DNS server, but nowhere on the internet.
I'm not sure the trick was particularly essential, but "imap.theirname.biz" has the advantage over just "imap" that it's unambiguous if you're connected simultaneously to multiple networks (in the absence of deliberate foul play, of course), so you can just use all their internal DNS resolvers. Also the advantage over "imap.theirname.com" that once you know the convention, it's immediately obvious that it's a private server, and hence the reason you can't connect to it is that you forgot to connect VPN. There may have been other benefits to which I was not privy: I'm a coder, not an IT tech...
Various TLDs have differing requirements for whether name servers are provisioned or not. For example ".de" does require that name servers are up and running and correctly configured before they'll allow the domain registration to proceed.
The technical standards for DNS don't require it though, in fact there's nothing in the core DNS specifications to link together the registration of a name with its subsequent operation in the DNS.
Therefore, using whois is probably the most reliable method, with the caveat that you'll need a whois client that's clever enough to figure out which server to talk to for the domain in question.
That said, checking for the appropriate NS record is a very good shortcut to check that a domain is registered, you just can't use the absence of such a record to prove that it isn't!
NS records are not necessarily required for registered domains. The whois service is your most reliable option.
Note that most Unix systems and Mac OS X have a "whois" command line program that is really quick to use:
whois stackoverflow.com
I don't believe that you have to have a DNS pointing to your domain. Even if you had to have a DNS set up, there is no assurance that the box acting as the DNS server isn't down.