Difference between revisions of "DNS"
Plittlefield (talk | contribs) |
|||
| Line 1: | Line 1: | ||
| + | == SPF Flattening == | ||
| + | |||
| + | If your SPF record in DNS fails because of 'too many lookups' then you can change the domain names to IP addresses to fix it. | ||
| + | |||
| + | v=spf1 include:spf.gob2b.com include:_spf.google.com include:spf.mail.xsellco.com ~all | ||
| + | |||
| + | ... becomes ... | ||
| + | |||
| + | v=spf1 ip4:87.253.232.0/21 ip4:185.189.236.0/22 ip4:185.211.120.0/22 ip4:185.250.236.0/22 ip4:82.196.242.10 ip4:192.254.114.93/32 ip4:168.245.19.150/32 ~all | ||
| + | |||
| + | https://github.com/dafstone/spf-flattener | ||
| + | |||
| + | git clone <nowiki>https://github.com/dafstone/spf-flattener.git</nowiki> | ||
| + | cd spf-flattener/ | ||
| + | python3 flatten.py | ||
| + | |||
| + | Enter the domain to fetch and flatten its SPF record: mydomain.com | ||
| + | Original SPF: v=spf1 include:spf.gob2b.com include:_spf.google.com include:spf.mail.xsellco.com ~all | ||
| + | Flattened SPF: v=spf1 ip4:87.253.232.0/21 ip4:185.189.236.0/22 ip4:185.211.120.0/22 ip4:185.250.236.0/22 ip4:82.196.242.10 ip4:192.254.114.93/32 ip4:168.245.19.150/32 ~all | ||
| + | |||
| + | Then, edit your SPF record in DNS and within 24 hours your problem is fixed. | ||
| + | |||
== Gandi LiveDNS and Domains API == | == Gandi LiveDNS and Domains API == | ||
Latest revision as of 08:44, 16 August 2023
SPF Flattening
If your SPF record in DNS fails because of 'too many lookups' then you can change the domain names to IP addresses to fix it.
v=spf1 include:spf.gob2b.com include:_spf.google.com include:spf.mail.xsellco.com ~all
... becomes ...
v=spf1 ip4:87.253.232.0/21 ip4:185.189.236.0/22 ip4:185.211.120.0/22 ip4:185.250.236.0/22 ip4:82.196.242.10 ip4:192.254.114.93/32 ip4:168.245.19.150/32 ~all
https://github.com/dafstone/spf-flattener
git clone https://github.com/dafstone/spf-flattener.git cd spf-flattener/ python3 flatten.py Enter the domain to fetch and flatten its SPF record: mydomain.com Original SPF: v=spf1 include:spf.gob2b.com include:_spf.google.com include:spf.mail.xsellco.com ~all Flattened SPF: v=spf1 ip4:87.253.232.0/21 ip4:185.189.236.0/22 ip4:185.211.120.0/22 ip4:185.250.236.0/22 ip4:82.196.242.10 ip4:192.254.114.93/32 ip4:168.245.19.150/32 ~all
Then, edit your SPF record in DNS and within 24 hours your problem is fixed.
Gandi LiveDNS and Domains API
This will be useful to use instead of a DynamicDNS service (like Duck DNS etc), so you can find your current Public IP Address then use that as a variable to update your domain records using curl.
e.g.
MYIP=$( curl -s https://ifconfig.io ); echo "${MYIP}"; curl -s -X PUT -H 'Authorization: Apikey xxxxxxxxxxxxxxxxxxxxxxx' -H 'Content-Type: application/json' -d '{"rrset_values":["${MYIP}"]}' https://api.gandi.net/v5/livedns/domains/mydomain.uk.com/records/whatever/A
Create an API key in your Gandi Dashboard Control Panel...
https://docs.gandi.net/en/domain_names/advanced_users/api.html
List domains...
curl -s -X GET -H 'Authorization: Apikey xxxxxxxxxxxxxxxxxxxxxxx' https://api.gandi.net/v5/livedns/domains | jq
List records...
curl -s -X GET -H 'Authorization: Apikey xxxxxxxxxxxxxxxxxxxxxxx' https://api.gandi.net/v5/livedns/domains/mydomain.uk.com/records | jq
Update record...
curl -s -X PUT -H 'Authorization: Apikey xxxxxxxxxxxxxxxxxxxxxxx' -H 'Content-Type: application/json' -d '{"rrset_values":["123.456.78.90"]}' https://api.gandi.net/v5/livedns/domains/mydomain.uk.com/records/whatever/A
Update root (no sub domain) record...
curl -s -X PUT -H 'Authorization: Apikey xxxxxxxxxxxxxxxxxxxxxxx' -H 'Content-Type: application/json' -d '{"rrset_values":["123.456.78.90"]}' https://api.gandi.net/v5/livedns/domains/mydomain.uk.com/records/%40/A
https://api.gandi.net/docs/livedns/
Automated with Docker
https://github.com/jbbodart/gandi-livedns
Automated with Python
https://github.com/rmarchant/gandi-ddns
DNS Propagation Checker
DNS Performance Charts
https://www.dnsperf.com/#dns-resolvers
Add MX Records For Subdomain On DynDNS
Dyn Standard DNS Service > Preferences > Enable Expert Web-Interface > Add DNS Record > sub.domain.com + MX + Value > Create Record
https://account.dyn.com/dns/prefs.html
MX Test
https://toolbox.googleapps.com/apps/checkmx/
DNS Testing Web Sites
HOWTO: Use nslookup Tool
nslookup -type=type domain.name dnsserver
e.g.
nslookup -type=A www.google.com google-public-dns-a.google.com
HOWTO: DynDNS Dynamic DNS Client Configurator
https://account.dyn.com/tools/clientconfig.html
DynDNS Alternatives
Update UFW For Dynamic IP Address Change
Script...
#!/bin/bash
HOSTNAME=myname.hopto.org
LOGFILE=$HOME/ufw.log
PORT=25
Current_IP=$(host $HOSTNAME | head -n1 | cut -f4 -d ' ')
if [ ! -f $LOGFILE ]; then
/usr/sbin/ufw allow from $Current_IP to any port $PORT proto tcp
echo $Current_IP > $LOGFILE
else
Old_IP=$(cat $LOGFILE)
if [ "$Current_IP" = "$Old_IP" ] ; then
echo IP address has not changed
else
/usr/sbin/ufw delete allow from $Old_IP to any port $PORT proto tcp
/usr/sbin/ufw allow from $Current_IP to any port $PORT proto tcp
echo $Current_IP > $LOGFILE
echo iptables have been updated
fi
fi
Crontab every 15 mins (adjust as required)...
# ufw update no-ip dynamic address */15 * * * * /root/bin/ufw_update.sh &>/dev/null
HOWTO: List Of Adservers Ad Servers Advert Servers
http://pgl.yoyo.org/adservers/serverlist.php?hostformat=nohtml&showintro=0&mimetype=plaintext
HOWTO: Add MX Or CNAME Records To DNSMasq
http://mohan43u.wordpress.com/2012/08/06/dnsmasq-for-home-user/
HOWTO: Block Web Sites Using DNSMasq
sudo nano /etc/dnsmasq.d/blocklist
address=/facebook.com/127.0.0.1
sudo nano /etc/dnsmasq.conf
conf-file=/etc/dnsmasq.d/blocklist
sudo service dnsmasq restart
Thanks - http://home.swkls.org/dnsmasq-on-centos-6-for-filtering
HOWTO: Turn On DNS Query Logging Using DNSMasq
sudo nano /etc/dnsmasq.conf
log-facility=/var/log/dnsmasq.log
log-queries
sudo service dnsmasq restart
HOWTO: Local Network Fast Caching Name Server + DHCP Server Using DNSMasq
Laptop > Local Server + DNSmasq + /etc/hosts > OpenDNS + Google DNS
Disable your modem's DHCP Server.
Edit your local server static network configuration
sudo nano /etc/network/interfaces dns-nameservers 127.0.0.1
sudo nano /etc/NetworkManager/NetworkManager.conf [main] plugins=ifupdown,keyfile dns=dnsmasq [ifupdown] managed=false
Install DNSmasq...
sudo aptitude install dnsmasq
Configure...
sudo nano /etc/default/dnsmasq IGNORE_RESOLVCONF=yes
sudo nano /etc/dnsmasq.conf resolv-file=/etc/dnsmasqresolv.conf domain=domain.uk.com dhcp-range=192.168.0.100,192.168.0.200,12h dhcp-host=e8:03:9a:ed:65:56,paul-laptop,192.168.0.103,12h dhcp-option=3,192.168.0.1
Add the alternative DNS servers which DNSmasq will use...
sudo nano /etc/dnsmasqresolv.conf nameserver 208.67.222.222 nameserver 208.67.222.220 nameserver 8.8.8.8 nameserver 8.8.4.4
Add machines to your server's /etc/hosts file...
sudo nano /etc/hosts 127.0.0.1 localhost.localdomain localhost 192.168.0.1 modem.domain.uk.com modem 192.168.0.2 mythbuntu-server3.domain.uk.com www.domain.uk.com domain.uk.com mythbuntu-server3 192.168.0.3 playstation.domain.uk.com playstation 192.168.0.103 samsung-laptop.domain.uk.com samsung-laptop 192.168.0.104 printer.domain.uk.com printer
Start DNSmasq...
sudo service dnsmasq restart
Test that domains resolve to your local server when in your local network...
dig domain.uk.com ; <<>> DiG 9.9.2-P1 <<>> domain.uk.com. ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46945 ;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;domain.uk.com. IN A ;; ANSWER SECTION: domain.uk.com. 0 IN A 192.168.0.2 ;; Query time: 0 msec ;; SERVER: 192.168.0.2#53(192.168.0.2) ;; WHEN: Thu Apr 10 15:28:45 2014 ;; MSG SIZE rcvd: 52
Job, done!
https://help.ubuntu.com/community/Dnsmasq
http://www.thekelleys.org.uk/dnsmasq
HOWTO: Supersede DNS In DHCP Client
Here, you can configure your local DHCP client not to use DNS server addresses provided by the DHCP server, but only local server instead, or any other servers you want to use, or give more than the 3 maximum set by resolvconf. To do so I add in my /etc/dhcp/dhclient.conf file the following line
supersede domain-name-servers 127.0.0.1;
or
supersede domain-name-servers 208.67.222.222 208.67.222.220 8.8.8.8 8.8.4.4;
DNS Leak Test
Trace DNS Route
dig +trace domain.name
Global DNS Propagation Checker - What's My DNS?
http://www.whatsmydns.net is an online service that allows you to instantly perform a DNS lookup to check a hostnames current IP Address and other DNS information against a selection of random name servers around the world. This is especially useful to check the current state of DNS propagation after making changes to your domains zones.
All Good DNS Servers In One
Install the resolvconf package...
sudo aptitude install resolvconf
Remove your existing resolv file...
sudo rm -rfv /etc/resolv.conf
Edit your networking interfaces file...
sudo nano /etc/network/interfaces
Add the line in bold, then save and exit...
auto lo iface lo inet loopback auto eth0 iface eth0 inet static address 192.168.0.2 netmask 255.255.255.0 network 192.168.0.0 broadcast 192.168.0.255 gateway 192.168.0.1 dns-nameservers 208.67.222.222 208.67.222.220 8.8.8.8 8.8.4.4
Configure the resolv file...
sudo dpkg-reconfigure resolvconf
Answer <yes> and reboot the server...
sudo reboot
Thanks - http://ubuntuforums.org/showthread.php?t=1836144
List of Public DNS Servers
https://duckduckgo.com/?q=dns+server
https://wiki.archlinux.org/index.php/Resolv.conf#Alternative_DNS_servers
Quad9 Public DNS Server
nameserver 9.9.9.9 nameserver 149.112.112.112
Quad9 is an open DNS recursive service for free security and high privacy.
https://www.dnsperf.com/dns-resolver/quad9
Cloudflare Public DNS Server
nameserver 1.1.1.1 nameserver 1.0.0.1
https://www.dnsperf.com/dns-provider/cloudflare
https://www.dnsperf.com/dns-resolver/1-1-1-1
Verisign Public DNS Servers
nameserver 64.6.64.6 nameserver 64.6.65.6
https://www.dnsperf.com/dns-provider/verisign
OpenDNS Public DNS Servers
nameserver 208.67.222.222 nameserver 208.67.220.220
Status - http://208.69.38.170
Test - http://welcome.opendns.com
https://www.dnsperf.com/dns-resolver/opendns-umbrella
Google Public DNS Servers
nameserver 8.8.8.8 nameserver 8.8.4.4
Plus Net DNS Servers
To set standard DNS server addresses
Primary nameserver 212.159.13.49 Secondary nameserver 212.159.13.50
To set alternative DNS server addresses
Primary nameserver 212.159.6.9 Secondary nameserver 212.159.6.10
To set Plusnet Safeguard DNS server addresses
Primary nameserver 213.120.234.38 Secondary nameserver 213.120.234.42
Unlocator DNS Servers
nameserver 185.37.37.37 nameserver 185.37.37.185
https://support.unlocator.com/customer/portal/articles/1385627-how-to-set-up-ubuntu
Portaller DNS Servers (for use with Pandora)
Change DNS to these IPs and listen to Pandora and Spotify outside USA...
nameserver 107.170.15.247 nameserver 77.88.8.8
Tunlr DNS Servers
nameserver 45.33.81.76 nameserver 45.33.12.13
Tor Network DNS Proxy Anonymous Private Browser
Debian / Ubuntu Repository...
sudo add-apt-repository ppa:webupd8team/tor-browser sudo apt-get update sudo apt-get install tor-browser
Or download the Tor browser for Linux 64 bit directly...
https://www.torproject.org/projects/torbrowser.html.en#linux
Dig
dig @nameserver hostname type
e.g.
dig @8.8.8.8 indie-it.com A
DNS Look Up
Linux Terminal $: host www.indie-it.com
Windows Command Prompt $: nslookup www.indie-it.com
