These are public posts tagged with #dns. You can interact with them if you have an account anywhere in the fediverse.
Just a quickie from one of our @DomainTools researchers today that I know @cR0w will enjoy.
Malware in DNS - specifically, malware seen being assembled from DNS TXT records.
Not a "zomg new thing!" so much as a neat example in the wild.
Because it's always DNS, we wanted to share this fun…
DomainTools Investigations | DTIDon't forget there are plenty of #EU hosted #DNS alternatives for #Cloudflare 1.1.1.1
We provide some with transparent stats https://stats.ffmuc.net/d/tlvoghcZk/doh-dot :
IPv4: 185.150.99.255 / 5.1.66.255
IPv6: 2001:678:e68:f000:: / 2001:678:ed0:f000::
Have a look here for others:
https://www.kuketz-blog.de/empfehlungsecke/#dns
#BGP #routage Hier, Cloudflare a cessé d'annoncer son préfixe 1.1.1.0/24 (pour une raison inconnue). Les nombreuses annonces « pirates » de ce préfixe ont alors été davantage visibles, amenant certains, apparemment à tort, à croire qu'elles étaient la cause de la panne du résolveur #DNS 1.1.1.1.
https://mastodon.gougere.fr/@bgp/114856050719978352
Car, oui, il y a encore des réseaux (Tata, par exemple) qui annoncent ce préfixe, qui ne leur appartient pourtant pas.
@bortzmeyer 1.1.1.0/24 13335 Details: On prefix: https://stat.ripe.net/ui2013/1.1.1.0/24…
Mastodon - Gougère NetworkDown per Cloudflare: il DNS 1.1.1.1 è andato giù e ha generato una interruzione globale diffusa
Link all'articolo : https://www.redhotcyber.com/post/down-per-cloudflare-il-dns-1-1-1-1-e-andato-giu-e-ha-generato-una-interruzione-globale-diffusa/
Cloudflare ha segnalato problemi temporanei con il suo risolutore #DNS pubblico 1.1.1.1 , segnalati da #utenti in tutto il mondo. L’incidente sarebbe iniziato la sera del 14 luglio 2025, intorno alle 22:13 UTC.
L’azienda ha confermato di star indagando e risolvendo il problema. Durante l’interruzione, gli #utenti dei #forum e di Reddit hanno osservato che numerosi siti #web non si aprivano o presentavano errori di caricamento.
A cura di Redazione RHC
#redhotcyber #hacking #cti #ai #online #it #cybercrime #cybersecurity #technology #news #cyberthreatintelligence #innovation #privacy
Cloudflare's DNS is down for me. Drove me crazy. One computer, which didn't have Cloudflare because it was connected to VPN, was working fine and another one, nada. Changed DNS and all is good.
Anyone else? #Cloudflare #DNS
I love the @rdns #RethinkDNS project. The best android firewall.
https://github.com/celzero/rethink-app
#android #firewall #dns
DNS over HTTPS / DNS over Tor / DNSCrypt client, WireGuard…
GitHubHaben die #DoT #DNS Server von #FFMUC gerade bzw. seit einigen Tagen Probleme?
// @freifunkMUC
@namedbird @drscriptt personally, I think #CPE / #Router manufacturers should've standardized upon *.router.local
(i.e. fritzbox.router.local
) since .local
has been reserved for such purposeS... per #IETF via #IANA & #ICANN...
Espechally since the average "#normie #consoomer" isn't gonna own their own domain or even setup an internal #DNS resolver to manage their #LAN at home under *.local.domain.example
to make it work.
In fact most corporate users don't even enroll #FQDN|s on their network (#Universities do based off my observation!)…
@drscriptt granted, we all want 203.0.113.1
¹ to have #SSL / #TLS (even if it's just @letsencrypt ) work than not work or have no #encryption.
That is not up for debate!
I just think that this will reward previously standards-violating behaviours when i.e. Xavier Sample Solutions
don't get nudged to use i.e. api.solutions.example
² but can just use their IP addresses.
Feels like companies take pride in copying #ClownFlare's #EgoTrip who put their #DNS & #domain on https://1.1.1.1 …
Three IPv4 unicast address blocks are reserved for…
IETF Datatracker@drscriptt Naive question: WHEN does the average #Internet #user ever open up a webpage with an #IP address instead of a #domain or even #FQDN?
Seriously, the only cases I saw were either some old, non-public - facing server in some B2B/API setting or a test that #httpd / #ngnix / #ssh / … function properly on like a #VPS and that the #DNS hasn't been updated (yet!) to include said host / FQDN in the records, and even then it's bad cuz you'd rather want to use it's FQDN instead because with #IPv4 shortages on one hand and tools like #Portainer on the other, one should not use an #IPaddress as addressing method because #WAF / #Proxies used to "#MUX" / "#NAT" services under one IP address or #IPv6 block may need that distinction by being queried for a specific FQDN...
The Idea if !SSL / #TLD for #IPaddresses makes me feel like Jeff Goldblum!
Enjoy the videos and music you love, upload original…
www.youtube.comDNS Esoterica - Why you can't dig Switzerland
https://shkspr.mobi/blog/2022/07/dns-esoterica-why-you-cant-dig-switzerland/
As part of my new job, I'm learning a lot more about the mysteries of the Domain Name System than any mortal should know I thought possible.
The humble unix dig
command allows you to query all sort of DNS information. For example, to see name server records for the BBC website, you can run:
dig bbc.co.uk NS
Which will get you:
;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35614;; flags: qr rd ra; QUERY: 1, ANSWER: 8, AUTHORITY: 0, ADDITIONAL: 17;; OPT PSEUDOSECTION:; EDNS: version: 0, flags:; udp: 1232; COOKIE: 097db2ee4c92b84982083ecf62b5b5f2007906e616035113 (good);; QUESTION SECTION:;bbc.co.uk. IN NS;; ANSWER SECTION:bbc.co.uk. 900 IN NS ddns1.bbc.com.bbc.co.uk. 900 IN NS dns0.bbc.co.uk.bbc.co.uk. 900 IN NS ddns1.bbc.co.uk....
And a whole lot more. But you can go further down the DNS tree. What are the nameservers for .co.uk
?
dig co.uk NS
And you'll get your answer. You can go one further and see the nameservers for the Top Level Domain:
dig uk NS
Which replies with:
;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54061;; flags: qr rd ra ad; QUERY: 1, ANSWER: 8, AUTHORITY: 0, ADDITIONAL: 17;; OPT PSEUDOSECTION:; EDNS: version: 0, flags:; udp: 1232; COOKIE: 880427eda8ff71de2ab4f43862b5b65f95e317d29cc10a8e (good);; QUESTION SECTION:;uk. IN NS;; ANSWER SECTION:uk. 159692 IN NS nsc.nic.uk.uk. 159692 IN NS dns1.nic.uk.uk. 159692 IN NS nsd.nic.uk....
And that works with every TLD. Countries like de
, generic names like museum
, and internationalised domains like 在线
. All of them work!
Except Switzerland.
Switzerland's country code is ch
- after the name Confoederatio Helvetica. Let's run the dig
on it: dig ch NS
;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 31910;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1;; WARNING: recursion requested but not available
We have been refused and warned. But why does this only happen with Switzerland?
The blame - as with most modern ills - lies in the mid-1970s. The Bee Gees were storming the charts with "Jive Talkin'", the Rocky Horror Picture Show was gathering a cult following, and MIT scientists were causing chaos. Literally.
Chaosnet was an early network protocol designed for local networks. It was technically very clever but, sadly, never really took off.
However, it found its way into DNS records. Let's go back to the answer to dig bbc.co.uk NS
:
;; ANSWER SECTION:bbc.co.uk. 900 IN NS ddns1.bbc.com.
OK, the first part is the domain name. The number is the TTL. The IN
is the class. The NS says this is a nameserver record. And, finally, we get the domain of the nameserver.
But, in the class, what does IN
stand for?
"Internet", obviously. Wait... Isn't the DNS on the Internet? Why do we need to specify that these DNS records are for Internet?
Well, isn't it obvious? Because you might want records of a different network. Like, for example, Chaosnet.
And if Internet is abbreviated to IN
, what is Chaosnet shortened to? That's right! CH
.
So, dig
sees you enter ch
for Switzerland, but thinks you're asking about CH
for Chaosnet. And so it fails.
In order to query the records for ch
we need to provide an absolutely fully-qualified domain name. It's as simple as sticking a dot at the end of the domain name:
dig ch. NS
;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64932;; flags: qr rd ra ad; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 11;; OPT PSEUDOSECTION:; EDNS: version: 0, flags:; udp: 1232; COOKIE: e19b9c23cdfa0f7bcf82750462b5c16b47744386c7974ffb (good);; QUESTION SECTION:;ch. IN NS;; ANSWER SECTION:ch. 164894 IN NS e.nic.ch.ch. 164894 IN NS a.nic.ch.ch. 164894 IN NS f.nic.ch.
And there we go. A failed 1970s experiment like bell-bottoms and Betamax videos - but with much longer lasting consequences.
You can see some CH
records by running like:
dig ch txt @f.root-servers.net version.bind
That will get you something like:
;; ANSWER SECTION:version.bind. 86400 CH TXT "cloudflare-f-root-20190930"
Of course, DNS doesn't only have IN
and CH
class records.
There's also Hesiod - HS
. But you already knew that, right...?
As part of my new job, I'm learning a lot more about…
Terence Eden’s BlogDer #Windows 10 PC von meiner Mutter hat das #Problem nur ca. 50% aller #DNS Auflösungen hinzubekommen.
Dabei ist es egal welche Anwendung die Anfrage stellt.
Egal ob Windows selbst, ein Browser oder "nslookup" in der cmd.
Egal welchen DNS Server ich einstelle, die FritzBox per DHCP, per Hand oder ein alternativer interner oder externer DNS Server.
Der Systemcheck via dism.exe findet keine Fehler.
Was ist da los?!
Ich bin komplett ratlos.
Ideen?
Upgrade auf Win11 ist eine Option?
Are you interested in building a (personal) website? Maybe you thought about it but you are not sure where to start?
Check out my post about „how to build a website“ and find yourself hosting a static site built by Hugo and hosted on GitHub for free within an afternoon!
https://rawomb.at/posts/build_a_website/
(Some programming experience is recommended)
P.S. Thank you for mentioning Hugo in your podcasts, @mkennedy
The Internet Last Week
* Cairo telecom building fire
https://noc.social/@cloudflareradar/114812834265048251
https://mastodon.social/@IODA/114817830857702130
https://mastodon.social/@netblocks/114813291615533273
https://pulse.internetsociety.org/blog/egypt-internet-outage-another-example-of-the-need-to-spread-your-risk
https://www.nytimes.com/2025/07/11/world/middleeast/egypt-fire-cairo-telecom.html
* OVH RBX dedicated servers outage
https://bare-metal-servers.status-ovhcloud.com/incidents/j3xcv287w1wn
* St Petersburg Internet disruption
https://therecord.media/russia-saint-petersburg-outage-drones
* Quad9 top500 domains
https://github.com/Quad9DNS/quad9-domains-top500
Attached: 4 images A fire at the historic #Ramses…
Noc.Socialcalico isn't establishing connection between nodes correctly #networking #dns #kubernetes
I'm configuring a Kubernetes cluster with 1 master…
Ask Ubuntu@tuxicoman un serveur #dns qui fait des trucs rigolos :)
https://www.bortzmeyer.org/drink.html