Search results for tag #dns
So... I finally took the leap and replaced my internal #dns from #pihole to #Technitium and still do network level ad block and stuff like that.
Alt...
The image shows the Technitium DNS Server dashboard for dns01.intern.plux.wtf. At the top, there’s a dark-themed interface with navigation tabs (Dashboard, Zones, Cache, Allowed, Blocked, Apps, DNS Client, Settings, DHCP, Administration, Logs, About).
In the main stats bar:
• 81 total queries in the last hour.
• 61 (75.31%) resolved with no error.
• 15 (18.52%) server failures.
• 5 (6.17%) NX Domain.
• 64 (79.01%) recursive responses.
• 14 (17.28%) cached responses.
• 3 (3.70%) blocked.
• No refused, authoritative, or dropped queries.
• 9 clients are connected.
Below that, a line graph shows a flat baseline of zero queries across time until a sharp spike near the end.
At the bottom left, there’s a donut chart showing proportions of authoritative, recursive, cached, blocked, and dropped queries. Bottom right lists system stats:
• 5 zones
• 570 cache entries
• 0 allowed/blocked/allow list entries
• Over 1.19 million entries in the block list
If you don't have a scrollbar on your #dns are you even #selfhosting properly?
Alt...
Cloudflare DNS pagination "1 to 50 of 56 records added"
ok, this morning, properly support cnames.. LOLWAT
"If so, the name server includes the CNAME
record in the response and restarts the query at the domain name
specified in the data field of the CNAME record. The one exception to
this rule is that queries which match the CNAME type are not restarted."
I can safely say the file plugin in coredns isn't up to the RFC spec
The domain calivpn[.]com* is available if you wanted random Fedi business idea.
https://therecord.media/california-legislature-passes-bill-data-sharing-opt-out
- Remember to defang DNS jokes. What if your joke becomes malware in the future?
So, while working on some #botnet research, I discovered a domain for which a #nameserver was configured with the name ns1.nulled-ns.com and ns2.nulled-ns.com. As more I figure out about this unknown authoritative nameserver, as more I am convinced that the entire purpose of the nameserver is to provide name services for malicious domain names, such as #c2 or #phishing domain names.
Happy about anyone commenting, or reaching out to me with more insights.
Cheers!
The MagicDNS feature, combined with automatic let's encrypt certificates and tsdproxy has let me remove port forwarding from my firewall and selfhosting my services only on the tailnet.
Also nebula https://nebula.defined.net/docs/
Wow... That's my #luck. That's 100% me.
Registered the first domain in 23 years. Wantd to host my own #deltachat #chatmail relay. Coosing exactly the one company to register it from which has a bug in its DNS records system that prevents me from correctly setting the CAA record.
The value should be:
"letsencrypt.org;accounturi=..."
But the record editor errors out if there's no space after the ;
So the record I was forced to set is now
"letsencrypt; accounturi=..."
Contacted the support, after waiting some hours for answer they told me that's actually a bug and they reported it to the dev team... Which will hopefully solve it somewhere in the future.
Great... This not only gives a warning when doing
scripts/cmdeploy dns
I don't even know if the CAA record does work the way it should.
But the worst thing... my nightmare... is this one warning from "cmdeploy dns". The one and only warning left... it triggers my inner Monk the hard way. Sigh.
Erm, fellow Fediverse hackers: did I miss something?
I was just told that I should use SHA256 hashes, rather than SHA512 for MTA DANE (meaning: eg 3 1 1 rather than 3 1 2).
Is this correct? I fail miserably at finding the corresponding RFCs.
Весь мой вчерашний и позавчерашний день, в борьбе с Unbound , DNS-over-TLS , #letsencrypt, AppArmor и, естественно , Linux.
Alt...
#unbound опять не запускается
Alt...
#AppArmor мешает #unbound читать сертификаты #letsencrypt