Difference between revisions of "DNS"

From Indie IT Wiki
 
(4 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 +
== SPF Flattening ==
 +
 +
If your SPF record in DNS fails because of 'too many lookups' then you can change the domain names to IP addresses to fix it.
 +
 +
v=spf1 include:spf.gob2b.com include:_spf.google.com include:spf.mail.xsellco.com ~all
 +
 +
... becomes ...
 +
 +
v=spf1 ip4:87.253.232.0/21 ip4:185.189.236.0/22 ip4:185.211.120.0/22 ip4:185.250.236.0/22 ip4:82.196.242.10 ip4:192.254.114.93/32 ip4:168.245.19.150/32 ~all
 +
 +
https://github.com/dafstone/spf-flattener
 +
 +
git clone <nowiki>https://github.com/dafstone/spf-flattener.git</nowiki>
 +
cd spf-flattener/
 +
python3 flatten.py
 +
 +
Enter the domain to fetch and flatten its SPF record: mydomain.com
 +
Original SPF: v=spf1 include:spf.gob2b.com include:_spf.google.com include:spf.mail.xsellco.com ~all
 +
Flattened SPF: v=spf1 ip4:87.253.232.0/21 ip4:185.189.236.0/22 ip4:185.211.120.0/22 ip4:185.250.236.0/22 ip4:82.196.242.10 ip4:192.254.114.93/32 ip4:168.245.19.150/32 ~all
 +
 +
Then, edit your SPF record in DNS and within 24 hours your problem is fixed.
 +
 
== Gandi LiveDNS and Domains API ==
 
== Gandi LiveDNS and Domains API ==
  
Line 28: Line 50:
  
 
https://api.gandi.net/docs/livedns/
 
https://api.gandi.net/docs/livedns/
 +
 +
=== Automated with Docker ===
 +
 +
https://github.com/jbbodart/gandi-livedns
 +
 +
=== Automated with Python ===
 +
 +
https://github.com/rmarchant/gandi-ddns
  
 
== DNS Propagation Checker ==
 
== DNS Propagation Checker ==
Line 278: Line 308:
  
 
https://wiki.archlinux.org/index.php/Resolv.conf#Alternative_DNS_servers
 
https://wiki.archlinux.org/index.php/Resolv.conf#Alternative_DNS_servers
 +
 +
== Quad9 Public DNS Server ==
 +
 +
nameserver 9.9.9.9
 +
nameserver 149.112.112.112
 +
 +
[https://www.quad9.com/ Quad9] is an open DNS recursive service for free security and high privacy.
 +
 +
https://www.dnsperf.com/dns-resolver/quad9
  
 
== Cloudflare Public DNS Server ==
 
== Cloudflare Public DNS Server ==
Line 313: Line 352:
 
== Plus Net DNS Servers ==
 
== Plus Net DNS Servers ==
  
  nameserver 212.159.6.9
+
To set standard DNS server addresses
  nameserver 212.159.6.10
+
  Primary nameserver 212.159.13.49
 +
Secondary nameserver 212.159.13.50
 +
 
 +
To set alternative DNS server addresses
 +
Primary nameserver 212.159.6.9
 +
  Secondary nameserver 212.159.6.10
 +
 
 +
To set Plusnet Safeguard DNS server addresses
 +
Primary nameserver 213.120.234.38
 +
Secondary nameserver 213.120.234.42
  
 
== Unlocator DNS Servers ==
 
== Unlocator DNS Servers ==

Latest revision as of 08:44, 16 August 2023

SPF Flattening

If your SPF record in DNS fails because of 'too many lookups' then you can change the domain names to IP addresses to fix it.

v=spf1 include:spf.gob2b.com include:_spf.google.com include:spf.mail.xsellco.com ~all

... becomes ...

v=spf1 ip4:87.253.232.0/21 ip4:185.189.236.0/22 ip4:185.211.120.0/22 ip4:185.250.236.0/22 ip4:82.196.242.10 ip4:192.254.114.93/32 ip4:168.245.19.150/32 ~all

https://github.com/dafstone/spf-flattener

git clone https://github.com/dafstone/spf-flattener.git
cd spf-flattener/
python3 flatten.py

Enter the domain to fetch and flatten its SPF record: mydomain.com
Original SPF: v=spf1 include:spf.gob2b.com include:_spf.google.com include:spf.mail.xsellco.com ~all
Flattened SPF: v=spf1 ip4:87.253.232.0/21 ip4:185.189.236.0/22 ip4:185.211.120.0/22 ip4:185.250.236.0/22 ip4:82.196.242.10 ip4:192.254.114.93/32 ip4:168.245.19.150/32 ~all

Then, edit your SPF record in DNS and within 24 hours your problem is fixed.

Gandi LiveDNS and Domains API

This will be useful to use instead of a DynamicDNS service (like Duck DNS etc), so you can find your current Public IP Address then use that as a variable to update your domain records using curl.

e.g.

MYIP=$( curl -s https://ifconfig.io ); echo "${MYIP}"; curl -s -X PUT -H 'Authorization: Apikey xxxxxxxxxxxxxxxxxxxxxxx' -H 'Content-Type: application/json' -d '{"rrset_values":["${MYIP}"]}' https://api.gandi.net/v5/livedns/domains/mydomain.uk.com/records/whatever/A

Create an API key in your Gandi Dashboard Control Panel...

https://docs.gandi.net/en/domain_names/advanced_users/api.html

List domains...

curl -s -X GET -H 'Authorization: Apikey xxxxxxxxxxxxxxxxxxxxxxx' https://api.gandi.net/v5/livedns/domains | jq

List records...

curl -s -X GET -H 'Authorization: Apikey xxxxxxxxxxxxxxxxxxxxxxx' https://api.gandi.net/v5/livedns/domains/mydomain.uk.com/records | jq

Update record...

curl -s -X PUT -H 'Authorization: Apikey xxxxxxxxxxxxxxxxxxxxxxx' -H 'Content-Type: application/json' -d '{"rrset_values":["123.456.78.90"]}' https://api.gandi.net/v5/livedns/domains/mydomain.uk.com/records/whatever/A

Update root (no sub domain) record...

curl -s -X PUT -H 'Authorization: Apikey xxxxxxxxxxxxxxxxxxxxxxx' -H 'Content-Type: application/json' -d '{"rrset_values":["123.456.78.90"]}' https://api.gandi.net/v5/livedns/domains/mydomain.uk.com/records/%40/A

https://api.gandi.net/docs/livedns/

Automated with Docker

https://github.com/jbbodart/gandi-livedns

Automated with Python

https://github.com/rmarchant/gandi-ddns

DNS Propagation Checker

https://dnschecker.org

DNS Performance Charts

https://www.dnsperf.com/#dns-resolvers

Add MX Records For Subdomain On DynDNS

Dyn Standard DNS Service > Preferences > Enable Expert Web-Interface > Add DNS Record > sub.domain.com + MX + Value > Create Record

https://account.dyn.com/dns/prefs.html

MX Test

https://toolbox.googleapps.com/apps/checkmx/

DNS Testing Web Sites

https://www.solvedns.com

https://www.intodns.com

https://www.zonemaster.net

HOWTO: Use nslookup Tool

nslookup -type=type domain.name dnsserver

e.g.

nslookup -type=A www.google.com google-public-dns-a.google.com

HOWTO: DynDNS Dynamic DNS Client Configurator

https://account.dyn.com/tools/clientconfig.html

DynDNS Alternatives

No-IP

Update UFW For Dynamic IP Address Change

Script...

#!/bin/bash
HOSTNAME=myname.hopto.org
LOGFILE=$HOME/ufw.log
PORT=25
Current_IP=$(host $HOSTNAME | head -n1 | cut -f4 -d ' ')
if [ ! -f $LOGFILE ]; then
    /usr/sbin/ufw allow from $Current_IP to any port $PORT proto tcp
    echo $Current_IP > $LOGFILE
else
    Old_IP=$(cat $LOGFILE)
    if [ "$Current_IP" = "$Old_IP" ] ; then
        echo IP address has not changed
    else
        /usr/sbin/ufw delete allow from $Old_IP to any port $PORT proto tcp
        /usr/sbin/ufw allow from $Current_IP to any port $PORT proto tcp
        echo $Current_IP > $LOGFILE
        echo iptables have been updated
    fi
fi

Crontab every 15 mins (adjust as required)...

# ufw update no-ip dynamic address
*/15 * * * * /root/bin/ufw_update.sh &>/dev/null

HOWTO: List Of Adservers Ad Servers Advert Servers

http://pgl.yoyo.org/adservers/serverlist.php?hostformat=nohtml&showintro=0&mimetype=plaintext

HOWTO: Add MX Or CNAME Records To DNSMasq

http://mohan43u.wordpress.com/2012/08/06/dnsmasq-for-home-user/

HOWTO: Block Web Sites Using DNSMasq

sudo nano /etc/dnsmasq.d/blocklist
     address=/facebook.com/127.0.0.1
sudo nano /etc/dnsmasq.conf
     conf-file=/etc/dnsmasq.d/blocklist
sudo service dnsmasq restart

Thanks - http://home.swkls.org/dnsmasq-on-centos-6-for-filtering

HOWTO: Turn On DNS Query Logging Using DNSMasq

sudo nano /etc/dnsmasq.conf
     log-facility=/var/log/dnsmasq.log
     log-queries
sudo service dnsmasq restart

HOWTO: Local Network Fast Caching Name Server + DHCP Server Using DNSMasq

Laptop > Local Server + DNSmasq + /etc/hosts > OpenDNS + Google DNS

Disable your modem's DHCP Server.

Edit your local server static network configuration

sudo nano /etc/network/interfaces

dns-nameservers 127.0.0.1
sudo nano /etc/NetworkManager/NetworkManager.conf

[main]
plugins=ifupdown,keyfile
dns=dnsmasq
[ifupdown]
managed=false

Install DNSmasq...

sudo aptitude install dnsmasq

Configure...

sudo nano /etc/default/dnsmasq

IGNORE_RESOLVCONF=yes
sudo nano /etc/dnsmasq.conf

resolv-file=/etc/dnsmasqresolv.conf
domain=domain.uk.com
dhcp-range=192.168.0.100,192.168.0.200,12h
dhcp-host=e8:03:9a:ed:65:56,paul-laptop,192.168.0.103,12h
dhcp-option=3,192.168.0.1

Add the alternative DNS servers which DNSmasq will use...

sudo nano /etc/dnsmasqresolv.conf

nameserver 208.67.222.222
nameserver 208.67.222.220
nameserver 8.8.8.8
nameserver 8.8.4.4

Add machines to your server's /etc/hosts file...

sudo nano /etc/hosts

127.0.0.1 localhost.localdomain localhost
192.168.0.1 modem.domain.uk.com modem
192.168.0.2 mythbuntu-server3.domain.uk.com www.domain.uk.com domain.uk.com mythbuntu-server3
192.168.0.3 playstation.domain.uk.com playstation
192.168.0.103 samsung-laptop.domain.uk.com samsung-laptop
192.168.0.104 printer.domain.uk.com printer

Start DNSmasq...

sudo service dnsmasq restart

Test that domains resolve to your local server when in your local network...

dig domain.uk.com

; <<>> DiG 9.9.2-P1 <<>> domain.uk.com.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46945
;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;domain.uk.com.		IN	A 

;; ANSWER SECTION:
domain.uk.com.	0	IN	A	192.168.0.2

;; Query time: 0 msec
;; SERVER: 192.168.0.2#53(192.168.0.2)
;; WHEN: Thu Apr 10 15:28:45 2014
;; MSG SIZE  rcvd: 52

Job, done!

https://help.ubuntu.com/community/Dnsmasq

http://www.thekelleys.org.uk/dnsmasq

HOWTO: Supersede DNS In DHCP Client

Here, you can configure your local DHCP client not to use DNS server addresses provided by the DHCP server, but only local server instead, or any other servers you want to use, or give more than the 3 maximum set by resolvconf. To do so I add in my /etc/dhcp/dhclient.conf file the following line

supersede domain-name-servers 127.0.0.1;

or

supersede domain-name-servers 208.67.222.222 208.67.222.220 8.8.8.8 8.8.4.4;

DNS Leak Test

https://dnsleaktest.com/

Trace DNS Route

dig +trace domain.name

Global DNS Propagation Checker - What's My DNS?

http://www.whatsmydns.net is an online service that allows you to instantly perform a DNS lookup to check a hostnames current IP Address and other DNS information against a selection of random name servers around the world. This is especially useful to check the current state of DNS propagation after making changes to your domains zones.

All Good DNS Servers In One

Install the resolvconf package...

sudo aptitude install resolvconf

Remove your existing resolv file...

sudo rm -rfv /etc/resolv.conf

Edit your networking interfaces file...

sudo nano /etc/network/interfaces

Add the line in bold, then save and exit...

auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 192.168.0.2
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
gateway 192.168.0.1
dns-nameservers 208.67.222.222 208.67.222.220 8.8.8.8 8.8.4.4

Configure the resolv file...

sudo dpkg-reconfigure resolvconf

Answer <yes> and reboot the server...

sudo reboot

Thanks - http://ubuntuforums.org/showthread.php?t=1836144

List of Public DNS Servers

https://duckduckgo.com/?q=dns+server

https://wiki.archlinux.org/index.php/Resolv.conf#Alternative_DNS_servers

Quad9 Public DNS Server

nameserver 9.9.9.9
nameserver 149.112.112.112

Quad9 is an open DNS recursive service for free security and high privacy.

https://www.dnsperf.com/dns-resolver/quad9

Cloudflare Public DNS Server

nameserver 1.1.1.1
nameserver 1.0.0.1

https://www.dnsperf.com/dns-provider/cloudflare

https://www.dnsperf.com/dns-resolver/1-1-1-1

Verisign Public DNS Servers

nameserver 64.6.64.6
nameserver 64.6.65.6

https://www.dnsperf.com/dns-provider/verisign

OpenDNS Public DNS Servers

nameserver 208.67.222.222
nameserver 208.67.220.220

Status - http://208.69.38.170

Test - http://welcome.opendns.com

https://www.dnsperf.com/dns-resolver/opendns-umbrella

Google Public DNS Servers

nameserver 8.8.8.8
nameserver 8.8.4.4

Plus Net DNS Servers

To set standard DNS server addresses

Primary nameserver 212.159.13.49
Secondary nameserver 212.159.13.50

To set alternative DNS server addresses

Primary nameserver 212.159.6.9
Secondary nameserver 212.159.6.10

To set Plusnet Safeguard DNS server addresses

Primary nameserver 213.120.234.38
Secondary nameserver 213.120.234.42

Unlocator DNS Servers

nameserver 185.37.37.37
nameserver 185.37.37.185

https://support.unlocator.com/customer/portal/articles/1385627-how-to-set-up-ubuntu

Portaller DNS Servers (for use with Pandora)

Change DNS to these IPs and listen to Pandora and Spotify outside USA...

nameserver 107.170.15.247
nameserver 77.88.8.8

http://portaller.com

Tunlr DNS Servers

nameserver 45.33.81.76
nameserver 45.33.12.13

Tor Network DNS Proxy Anonymous Private Browser

Debian / Ubuntu Repository...

sudo add-apt-repository ppa:webupd8team/tor-browser
sudo apt-get update
sudo apt-get install tor-browser

Or download the Tor browser for Linux 64 bit directly...

https://www.torproject.org/projects/torbrowser.html.en#linux

Dig

dig @nameserver hostname type

e.g.

dig @8.8.8.8 indie-it.com A

DNS Look Up

Linux Terminal $:

host www.indie-it.com
Windows Command Prompt $:

nslookup www.indie-it.com