DNS: Difference between revisions

From 太極
Jump to navigation Jump to search
(Created page with "[https://www.lynda.com/Server-tutorials/Managing-DNS-Essential-Training/453346-2.html Managing DNS Essential Training] from lynda.com")
 
 
(112 intermediate revisions by the same user not shown)
Line 1: Line 1:
[https://www.lynda.com/Server-tutorials/Managing-DNS-Essential-Training/453346-2.html Managing DNS Essential Training] from lynda.com
= Resource =
* Nice Diagram
** [https://amar-linux.blogspot.com/2012/05/how-dns-works.html How DNS Works]
** [https://www.deepanshugahlaut.com/blog/what-is-dns-and-how-it-works/ What is DNS and How it Works?]
* [https://www.lynda.com/Server-tutorials/Managing-DNS-Essential-Training/453346-2.html Managing DNS Essential Training] from lynda.com
* Use DNS to block or unblock websites. That is, you can effectively bypass geo-restrictions without using VPN.
 
== Block Ads ==
* [https://www.makeuseof.com/best-dns-servers-to-block-internet-ads/ The 7 Best DNS Servers to Block Internet Ads]
 
== TTL ==
[https://www.cyberciti.biz/faq/how-to-see-time-to-live-ttl-for-a-dns-record/ How to see Time-To-Live (TTL) for a DNS record]
 
== FQDN ==
* [https://www.lifewire.com/what-does-fqdn-mean-2625883 What Does FQDN Mean?]: '''hostname + domain name + top-level domain'''
* [https://www.hostinger.com/tutorials/fqdn FQDN (Fully Qualified Domain Name): What It Is, Examples, and More]
* [https://pve.proxmox.com/wiki/Quick_installation PVE quick installation]. '''cat /etc/hosts'''
* https://forum.proxmox.com/threads/hostname-fqdn-huh.63667/. [https://www.ietf.org/archive/id/draft-chapin-rfc2606bis-00.html IETF has reserved] the following top level domains for documentation or testing purposes:
** .example
** .invalid
** .test
** .localhost
 
== URL ==
* It seems we can append "?" and "#" after a valid URL.
* [https://www.quora.com/What-do-and-mean-in-a-URL What do "?" and "#" mean in a URL?]
** “?” in URL acts as separator
**  “#” was used as an anchor to jump to an element. However, nowadays it's usually used with AJAX-based pages since changing the hash can be detected using JavaScript and allows you to use the back/forward button without actually triggering a full page reload.
* Which characters make a URL invalid?
* Special character in URL ignored by browsers
 
= Records =
* [https://www.digitalocean.com/docs/networking/dns/how-to/manage-records/ How to Create, Edit, and Delete DNS Records]
* [https://www.namecheap.com/support/knowledgebase/article.aspx/319/2237/how-can-i-set-up-an-a-address-record-for-my-domain How can I set up an A (address) record for my domain (namecheap)?], [https://support.prontomarketing.com/hc/en-us/articles/217414266-How-to-edit-DNS-records-on-Namecheap- How to edit DNS records on Namecheap?]
* [https://www.howtogeek.com/devops/how-to-buy-a-domain-name-for-your-website/ How To Buy a Domain Name For Your Website]
 
== A record ==
* A records are used to map a domain name to an IP address and CNAME records are used to map one domain name to another domain name.
* For example, "domain.com" is an A record, and "www.domain.com" is CNAME record which maps it to "www.domain.com".
* [https://serverfault.com/a/1101393 What does '''@''' mean when setting up A Records in your DNS settings?]  '''Apex records''', '''naked domain'''
** When creating a new A record, using the host as ''' @''' means that the record is for the root domain itself. In other words, if your domain is “example.com”, an A record with '''@''' as the host would point “example.com” to the specified IP address. This is often used to direct traffic for the bare domain (i.e., example.com without any subdomains like www) to a particular server.
* [https://servebolt.com/help/how-to-set-up-subdomains-with-cloudflare/ How to set up subdomains with Cloudflare], [https://youtu.be/Y02t6hzaUBM?si=10HEB2Hk0fwWEzMP&t=560 免费开源论坛程序推荐!含搭建教程,手把手教你安装].
 
== CNAME ==
* A CNAME record is used to map one domain name to another domain name. For example, a CNAME record for "www.example.com" might map to "example.com". This is useful when you want to point multiple domain names to the same server.
*  A CNAME record is used '''in lieu of''' an A record when a domain or subdomain is an '''alias''' of another domain. '''All CNAME records must point to a domain, never to an IP address'''. See [https://www.cloudflare.com/learning/dns/dns-records/dns-cname-record/ What is a DNS CNAME record?] For example, www.example.com is an alias of example.com.
 
= DNSCrypt =
* https://en.wikipedia.org/wiki/DNSCrypt
* [https://github.com/jedisct1/dnscrypt-proxy dnscrypt-proxy 2 - A flexible DNS proxy, with support for encrypted DNS protocols]
* [https://www.linuxuprising.com/2018/10/install-and-enable-dnscrypt-proxy-2-in.html Install and Enable DNSCrypt Proxy 2 in Ubuntu 18.04 Or 18.10 / Debian Unstable Or Testing]
 
= Network commands =
* ping
* curl - [https://stackoverflow.com/a/15959628 ping alternative]. It is useful if the server blocks ping requests
* nc and telnet - [https://www.thegeekdiary.com/how-to-test-porttcp-udp-connectivity-from-a-linux-server/ How to Test Port TCP/UDP Connectivity from a Linux Server]
* [https://www.computerhope.com/unix/host.htm host] (two ways).
* nslookup (two ways). Eg nslookup XXX.XXX.XXX.XXX.
* dig  (dig -x XXX.XXX.XXX.XXX)
* whois
* Online version
** [https://ip-lookup.net/domain.php ip-lookup.net],
** [https://www.hcidata.info/host2ip.cgi hcidata.info],
** [https://url-decode.com/tool/hostname-to-ip url-decode.com] (very fast)
** [https://mxtoolbox.com/DnsLookup.aspx dns lookup], [https://mxtoolbox.com/MXLookup.aspx mx lookup] by mxtoolbox.com. See [https://www.bing.com/webmasters/help/how-to-verify-bingbot-3905dc26 bing.com Webmaster Tools]
 
= DNS server =
* [https://opensource.com/article/17/4/introduction-domain-name-system-dns Introduction to the Domain Name System (DNS)]
* [https://linuxconfig.org/protecting-your-privacy-with-firefox-on-linux Protecting Your Privacy With Firefox on Linux]
 
== Setup on Linux/Ubuntu ==
* https://support.rackspace.com/how-to/changing-dns-settings-on-linux/
* [https://www.cloudsavvyit.com/14816/how-to-run-your-own-dns-server-on-your-local-network/ How to Run Your Own DNS Server on Your Local Network]
* [https://opensource.com/article/17/4/build-your-own-name-server Build your own DNS name server on Linux]. General discussion, not specific to Ubuntu.
* [https://www.itzgeek.com/how-tos/linux/ubuntu-how-tos/how-to-configure-dns-server-on-ubuntu-18-04.html How To Configure DNS Server On Ubuntu 18.04 / Ubuntu 16.04], [https://www.webhostinghero.com/ubuntu-dns-server-tutorial/ How to install a DNS server on Ubuntu 19.04]
:<syntaxhighlight lang='bash'>
sudo apt install bind9
sudo nano /etc/bind/named.conf.options
  # update 'forwarders' key to use 1,1,1,1; 8.8.8.8;
  # add 'forward only;'
sudo systemctl restart bind9
# open port 53, or let ufw to allow bind9
</syntaxhighlight>
* [https://www.howtoforge.com/how-to-set-up-local-dns-with-dnsmasq-on-debian-12/ How to Set Up Local DNS with Dnsmasq on Debian 12]
* [https://www.howtoforge.com/how-to-setup-dns-server-with-bind-on-ubuntu-22-04/ How to Setup DNS Server with BIND on Ubuntu 22.04]
* [https://www.makeuseof.com/find-and-change-dns-server-on-linux/ How to Find and Change Your DNS Server on Linux]
 
== AdGuard Home ==
[https://opensource.com/article/23/3/open-source-dns-server How to set up your own open source DNS server]
 
== Pi-hole ==
* Will pihole slow internet speed: No
* Run a local pihole instance in a Docker container
** [https://jan-v.nl/post/2021/running-pihole-locally-using-docker/ Running Pi-hole locally using Docker]. After the container is booted, you can set up your DNS to 127.0.0.1.
* [[Raspberry#Pi-hole|Raspberry > Pi-hole]]
 
== Unbound ==
[https://www.howtoforge.com/how-to-set-up-local-dns-with-unbound-on-ubuntu-22-04/ How to Set Up Local DNS Resolver with Unbound on Ubuntu 22.04]
 
== Client part ==
* Windows/Mac/Linux
:<syntaxhighlight lang='bash'>
dig @192.168.1.2  linkedin.com  # Suppose the DNS server ips is 192.168.1.2
</syntaxhighlight>
:Pay attention to the '''Query time''' result. If we run the same command again, the query time will be reduced to 0 because of the cache in the DNS server.
* Wifi on Mobile
*# Go to wi-fi setting and select your connected network (so each wifi network has its own DNS setting).
*# Change Configure DNS from Automatic to Manual so that you can set your primary DNS server to Pi-hole. Then add the IP of your DNS server. You can add a backup server too (such as the IP address of your gateway router) so you can still visit websites when Pi-hole is offline.
* Mobile network
** [https://www.androidpolice.com/2020/03/26/make-android-use-dns-server-choice/ How to make Android use the DNS server of your choice]
** [https://www.xtremerain.com/change-dns-ios/ Change DNS on iPhone/iPad/iPod for WiFi and Cellular (3G/4G/5G)]
 
== Client part 2: what is my DNS server /etc/resolv.conf or /etc/network/interfaces. Static IP ==
Use one of the following commands
<pre>
systemd-resolve  --status
resolvectl status
nmcli dev show | grep 'IP4.DNS'
</pre>
 
PS. '''dig''' command can show my DNS server as part of its output.
 
On Ubuntu 18.04 and up, it uses '''[https://netplan.io/ netplan]'''. PS. use space character instead tab in yml file.
* [https://www.itzgeek.com/how-tos/linux/ubuntu-how-tos/netplan-how-to-configure-static-ip-address-in-ubuntu-18-04-using-netplan.html Netplan – How To Configure Static IP Address in Ubuntu 18.04 using Netplan]
* [https://www.techrepublic.com/article/how-to-set-dns-nameservers-in-ubuntu-server-18-04/ How to set DNS nameservers in Ubuntu Server 18.04]
* [https://youtu.be/rKmUScBLrEc Set custom DNS servers on Ubuntu 20.04 with Network Manager]
* [https://youtu.be/j67QD271wTY Set custom DNS servers using Netplan and networkd]
* [https://youtu.be/c-s_55T57oc Set custom DNS servers on Ubuntu 20.04 with Netplan, Network Manager & static IP]. The method works on Ubuntu desktop too.
* [https://youtu.be/UnO6Pb1WBfU Reset Ethernet or Wi-Fi connection to defaults on Ubuntu 20.04 or 18.04]
 
Even I can change my DNS setting using the Network Manager (IPv4 -> disable Automatic -> Enter 8.8.8.8 -> Apply -> Toggle On/Off), the name solving does not work. Testing https://129.43.254.99 works but not https://brb.nci.nih.gov
 
To use the '''/etc/resolv.conf''' method, check out [https://askubuntu.com/a/130459 how to add DNS servers] or [https://youtu.be/NEyXDdBrw2c Set permanent DNS nameservers on Ubuntu/Debian with resolv.conf] (video).
 
On my home computer, it just shows one line ''nameserver 127.0.1.1''. On work computer, it shows
<pre>
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#    DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.1.1
search XXX.XXX.gov
</pre>
 
On the VM of my work computer, it shows
<pre>
nameserver 127.0.0.53
search XXX.XXX.gov
</pre>
It seems the /etc/resolv.conf file changes with the file on the host.
 
After any change, we can restart the network by using '''sudo service networking restart'''.
 
Note:
* nameserver Name-server-IP-address: Point out to your your own nameserver or to ISP’s name server. Up to 3 name servers may be listed.
* search domain.com: The search list is normally determined from the local domain name; by default, it contains only the local domain name. So when you type nslookup www, it will be matched to www.cyberciti.biz
 
You can also use Public Name Servers
<pre>
nameserver 8.8.8.8
nameserver 8.8.4.4
</pre>
 
== '''dig''' Command Examples - check DNS server ==
dig (domain information groper) is a DNS lookup utility.
 
* https://www.cyberciti.biz/faq/linux-unix-dig-command-examples-usage-syntax/
* [https://www.rootusers.com/12-dig-command-examples-to-query-dns-in-linux/ 12 Dig Command Examples To Query DNS In Linux]
: <syntaxhighlight lang='bash'>
$ sudo apt install dnsutils
 
$ dig techmint.com
...
;; Query time: 220 msec
;; SERVER: 100.100.100.100#53(100.100.100.100)
;; WHEN: Fri Aug 16 08:44:30 EDT 2024
;; MSG SIZE  rcvd: 57
 
$ dig @1.1.1.1 techmint.com
...
;; Query time: 68 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Fri Aug 16 08:47:02 EDT 2024
;; MSG SIZE  rcvd: 57
 
# List All DNS Records Using dig
$ dig google.com ANY 
</syntaxhighlight>
* 100.100.100.100 is from '''tailscale'''. [https://tailscale.com/kb/1381/what-is-quad100 What is 100.100.100.100?]
* [https://rud.is/b/2019/06/28/quick-hit-dig-ging-into-dns-records-with-processx/ Quick hit: ‘dig’-ging Into r-project.org DNS Records with {processx}]
* [https://www.linuxuprising.com/2021/04/doggo-is-dns-lookup-utility-with.html Doggo Is A DNS Lookup Utility With Colorful Output, DNS-over-TLS and DNS-over-HTTPS Support]
 
== host command ==
[https://www.cyberciti.biz/faq/linux-unix-host-command-examples-usage-syntax/ Linux and Unix host Command Examples]
 
= DNSmasq (DNS + DHCP server) =
* [http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html Man page] and [http://www.thekelleys.org.uk/dnsmasq/docs/setup.html Setup]
* [https://www.linux.com/learn/dnsmasq-easy-lan-name-services Dnsmasq For Easy LAN Name Services]
* https://wiki.archlinux.org/index.php/dnsmasq
* https://wiki.debian.org/HowTo/dnsmasq
* http://www.linuxjournal.com/content/dnsmasq-pint-sized-super-d%C3%A6mon
* https://blogging.dragon.org.uk/howto-setup-dnsmasq-as-dns-dhcp/
* [https://www.cloudsavvyit.com/14924/how-to-run-a-local-network-dhcp-server-with-dnsmasq/ How to Run a Local Network DHCP Server with Dnsmasq]
* [https://www.howtoforge.com/how-to-set-up-local-dns-with-dnsmasq-on-rocky-linux/ How to Install a Local DNS Resolver with Dnsmasq on Rocky Linux]
 
== Local forwarding server ==
dnsmasq program is running on my Ubuntu and Linux/Mint machines.
 
See [https://askubuntu.com/questions/627899/nameserver-127-0-1-1-in-resolv-conf-wont-go-away nameserver 127.0.1.1 in resolv.conf won't go away!]
<syntaxhighlight lang='bash'>
$ ps -ef | grep -i dnsmasq
 
$ sudo netstat -anp | grep -i dnsmasq
</syntaxhighlight>
 
== DHCP server ==
<ul>
<li>[[Raspberry#Turn_Raspi_into_a_wireless_hotspot_/_access_point|Turn Raspi into a wireless hotspot / access point]]
<li>ChatGPT. Remember to replace eth0 with the interface name connected to your home router and adjust IP ranges and settings according to your needs.
* Install the DHCP Server
<pre>
sudo apt install isc-dhcp-server
sudo nano /etc/default/isc-dhcp-server
INTERFACES="eth0 eth1"
</pre>
* Configure the DHCP Server
<pre>
subnet 10.50.50.0 netmask 255.255.255.0 {
  range 10.50.50.10 10.50.50.100;
  option routers 10.50.50.1;
  option subnet-mask 255.255.255.0;
  option broadcast-address 10.50.50.255;
  option domain-name-servers 8.8.8.8, 8.8.4.4;
  default-lease-time 600;
  max-lease-time 7200;
}
</pre>
* Assign Static IP to the Second NIC
* Enable IP Forwarding: Enable IP forwarding to allow internet access to the devices on the new network.
<pre>
echo "net.ipv4.ip_forward=1" | sudo tee -a /etc/sysctl.conf
sudo sysctl -p
</pre>
* Set Up NAT: Use iptables to set up NAT (Network Address Translation) so that devices on the new network can access the internet.
<pre>
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
sudo iptables-save > /etc/iptables.rules
</pre>
</ul>
 
= DNS providers =
* [https://medium.com/@nykolas.z/dns-resolvers-performance-compared-cloudflare-x-google-x-quad9-x-opendns-149e803734e5 DNS Resolvers Performance compared: CloudFlare x Google x Quad9 x OpenDNS]
* [https://www.techradar.com/news/best-dns-server Best free and public DNS servers of 2020]
* [https://www.makeuseof.com/tag/5-best-dynamic-dns-providers-can-lookup-free-today The 6 Best Free Dynamic DNS Providers] 2021
* [https://nextdns.io/ NextDNS]: click 'Try it now for free' button and it will show the current DNS Server IP.
 
== Benchmark, bottleneck ==
How to determine bottleneck in page load time? Use a plugin or if you have Chrome, use its built-in inspector. Google Chrome: Right-click on anything and click "Inspect element" and click "Network" tab on the new box that appears. Navigate to your site, you will now see in real-time how the browser is receiving the information
 
= Change DNS setting =
* [https://www.makeuseof.com/tag/change-dns-increase-internet-speed/ Why Changing DNS Settings Increases Your Internet Speed], [https://www.makeuseof.com/tag/best-dns-providers-security/ 5 DNS Servers Guaranteed to Improve Your Online Safety]
** https://1.1.1.1/, [https://www.ithome.com.tw/news/122215 隱私優先、速度最快,公共DNS服務1.1.1.1上線了]
** Google: 8.8.8.8 and 8.8.4.4
** OpenDNS: 208.67.220.220 and 208.67.222.222
** DNS Watch:  84.200.69.80 and 84.200.70.40
** OpenNIC: 206.125.173.29 and 45.32.230.225
** UncensoredDNS: 91.239.100.100 and 89.233.43.71
* [https://www.safervpn.com/support/articles/115000327609-Change-DNS-Settings-on-Windows-Mac-Android-IOS-Linux Change DNS Settings on Windows / Mac / Android / IOS / Linux]
* [https://websiteforstudents.com/setup-cloudflare-dns-on-ubuntu-16-04-17-10-18-04-desktop/ Setup CloudFlare DNS On Ubuntu 16.04 / 17.10 / 18.04 Desktop]
*# Open Ubuntu Network Manager (System settings > Network > Settings > Wired or Wireless or both)
*# Select both IPv4 and IPv6 and turn off automatic DNS IP settings… then type the custom Cloudflare DNS IP addresses you want to use…
* [https://www.makeuseof.com/tag/cloudflare-1111-dns-mobile/ You Can Now Use Cloudflare’s 1.1.1.1 DNS on Mobile]
 
== Command line ==
[https://www.makeuseof.com/find-and-change-dns-server-on-linux/ How to Find and Change Your DNS Server on Linux].
<pre>
resolvectl status
 
resolvectl dns <interface> <dns address 1> <dns address2>
</pre>
 
== Domain Setup & SSL Certificates, HTTPS - NGINX & Docker Compose ==
[https://business-science.github.io/shiny-production-with-aws-book/domain-setup-ssl-certificates.html Shiny Production with AWS Book]
 
== Flush DNS cache ==
* [https://www.howtogeek.com/844964/how-to-flush-dns-in-linux/ How to Flush DNS in Linux]
* [https://support.opendns.com/hc/en-us/articles/227988627-How-to-clear-the-DNS-Cache- How to clear the DNS Cache?]
 
== How To Set Permanent DNS Nameservers ==
[https://www.tecmint.com/set-permanent-dns-nameservers-in-ubuntu-debian/ How To Set Permanent DNS Nameservers in Ubuntu and Debian]
 
== Test if you are using OpenDNS ==
https://welcome.opendns.com/
 
I try to change the DNS ip using either Network Connection GUI or modifying /etc/resolv.conf (& calling sudo /etc/init.d/networking restart). But it does not change anything??
 
==  DNS-over-HTTPS (DoH) in Firefox ==
* [https://www.bleepingcomputer.com/news/software/mozilla-firefox-expands-dns-over-https-doh-test-to-release-channel/ Mozilla Firefox Expands DNS-over-HTTPS (DoH) Test to Release Channel].
* This does not affect the result of [https://www.dnsleaktest.com/ DNS leak test] and [http://dnsleak.com/ another test].
* [https://stealthbits.com/blog/dns-over-https/ What is DNS over HTTPS (DoH) & How to Enable in Windows 10]
* [https://www.howtogeek.com/660088/how-to-enable-dns-over-https-in-google-chrome/ How to Enable DNS Over HTTPS in Google Chrome], [https://www.howtogeek.com/660157/how-to-enable-dns-over-https-in-microsoft-edge/ How to Enable DNS Over HTTPS in Microsoft Edge]
 
== Query DNS server ==
[https://www.dnsleaktest.com/ DNS leak test]
 
To [https://askubuntu.com/questions/152593/command-line-to-list-dns-servers-used-by-my-system list the current DNS servers used by my system],
 
Method 1:
<syntaxhighlight lang='bash'>
# Ubuntu >= 15
$ nmcli dev show | grep 'IP4.DNS'
$ nmcli device show <interfacename> | grep IP4.DNS
# Ubuntu <= 14
$ nmcli dev list iface <interfacename> | grep IP4
</syntaxhighlight>
 
Method 2:
<syntaxhighlight lang='bash'>
$ cat /etc/resolv.conf
</syntaxhighlight>
 
Method 3 ([https://superuser.com/a/258154 macOS]):
<pre>
scutil --dns | grep nameserver
# cat /etc/resolv.conf
</pre>
 
Another way is to use the R packages: [https://cran.r-project.org/web/packages/gdns/index.html gdns] and [https://github.com/hrbrmstr/dnsflare dnsflare]. [https://rud.is/b/2018/04/01/more-options-for-querying-dns-from-r-with-1-1-1-1/ More Options For Querying DNS From R with 1.1.1.1].
 
== 3 Ways to Check DNS Propagation Status ==
https://www.makeuseof.com/tag/check-dns-propagation-status/
 
= DNS tricks =
== 5 DNS Servers Guaranteed to Improve Your Online Safety ==
http://www.makeuseof.com/tag/best-dns-providers-security/
 
== 5 Nifty Ways to Use DNS to Your Advantage ==
http://www.makeuseof.com/tag/nifty-ways-use-dns-advantage/
 
== Discover subdomains ==
[https://www.makeuseof.com/linux-tools-to-discover-subdomains-ethical-hacker/ 5 Powerful Linux Tools to Discover Subdomains as an Ethical Hacker]
 
= DNStracer =
http://www.ubuntugeek.com/dnstracer-trace-dns-queries-to-the-source.html
 
= Reverse DNS =
Reverse DNS (rDNS) is a process that resolves an IP address back to a domain name, the opposite of a forward DNS query. [https://phoenixnap.com/kb/reverse-dns-lookup What Is Reverse DNS and How Does It Work?]
 
= Dyndns and [https://help.dyn.com/ddclient/ ddclient] =
 
According to a comment in [https://www.youtube.com/watch?v=Nf7m3h11y-s this video], Cloudflare tunnel completely replaces the need for reverse proxy like Traefik/Nginx Proxy Manager.
 
== Resources ==
* https://help.ubuntu.com/community/DynamicDNS#ddclient (works)
* https://help.ubuntu.com/community/DynamicDNS#Namecheap_.26_Python (works)
* [https://dotmycom.com/using-ddclient-with-cloudflare/ Using ddclient with Cloudflare] ddclient version 3.9.0 for Ubuntu 18.04.1
* [https://hub.docker.com/r/linuxserver/ddclient/ *ddclient container]
 
nano '''/etc/ddclient.conf''' on Debian 12. Use '''ddclient --help | grep version''' to find the installed version. See my 'ddclient' google doc.
 
Note that the specification should depend on the domain name registrar (eg namecheap). For namecheap, the login/password is NOT your actual credential from your domain name registrar. The password should be obtained from the domain name registrar website. The last line is about the host. If I am setting it up for a subdomain, I should enter the subdomain name (and skip the domain name part). The '''ssl=yes''' is to ensure the [https://help.dyn.com/ddclient/ connection is made over https instead of http].
 
And run '''sudo ddclient -daemon=0 -debug -verbose -noquiet''' to verify ddclient is working. You shall get a long return with the last line looks like
<pre>
SUCCESS:  updating YOURSUBDOMAIN: good: IP address set to XX.XXX.XXX.XXX
</pre>
 
No matter which method we use, we can go to our DNS account (in namecheap, go to Dashboard -> MANAGE button -> Domains -> Advanced DNS) and temporarily change the global IP address to another one, run the update script and then check if the global IP address has been updated to the correct one.
 
<pre>
sudo systemctl restart ddclient.service
# sudo /etc/init.d/ddclient restart
 
sudo service ddclient status
</pre>
 
== namecheap ==
* It requires to set up 2-factor authentification.
* [https://www.namecheap.com/support/knowledgebase/article.aspx/583/11/how-do-i-configure-ddclient How do I configure DDClient?]
* To create a '''subdomain''', go to Dashboard -> Manage -> Advanced DNS tab. Click '''+ ADD NEW RECORD'''. In the 'HOST RECORDS' section, pick 'A + dynamic dns record' and enter the subdomain name (HOST) with the IPv4 address (Value). In the 'DYNAMIC DNS' section, we can download the client software too (scroll down to get the download link). See [https://www.namecheap.com/support/knowledgebase/article.aspx/319/78/how-can-i-setup-an-a-address-record-for-my-domain How can I set up an A (address) record for my domain?]
* [https://kinsta.com/knowledgebase/namecheap-add-a-record/ How to Add A Record with Namecheap], [https://www.namecheap.com/support/knowledgebase/article.aspx/319/2237/how-can-i-set-up-an-a-address-record-for-my-domain/ How can I set up an A (address) record for my domain?]
** To understand different '''host records''' (A record, AAAA record, CNAME record, NS record, SRV record, TXT record, URL redirect record) See [https://www.namecheap.com/support/knowledgebase/article.aspx/434/2237/how-do-i-set-up-host-records-for-a-domain How do I set up host records for a domain?]
* CNAME (related to subdomain IP update)
** [https://youtu.be/b83S_N1kkJM?t=265 How to Install and Setup Traefik with CloudFlare Using Your Own Domain]
** [[Apache#Cloudflare|Raspberry Pi home server]] (Wordpress)
** [https://shiny.rstudio.com/articles/custom-domains.html Setting up custom domains on shinyapps.io]
* If you've purchased an SSL certificate, you'll want to visit your Account Panel soon to enter your CSR and activate the certificate. [https://www.namecheap.com/support/knowledgebase/category.aspx/14/ Instructions on how to create a CSR and install the certificate on your server].
* CloudFlare
** In namecheap, change '''NAMESERVERS''' to Custom DNS and enter ''hugh.ns.cloudflare.com'' & ''jill.ns.cloudflare.com''. After this change, I won't be able to add new records.
** [https://www.namecheap.com/support/knowledgebase/article.aspx/1191/2210/how-to-enable-cloudflare-for-your-domain-name How to enable CloudFlare for your domain name]
** [https://www.namecheap.com/support/knowledgebase/article.aspx/9607/2210/how-to-set-up-dns-records-for-your-domain-in-cloudflare-account How to set up DNS records for your domain in CloudFlare account]
** [http://davidensinger.com/2014/04/transferring-the-dns-from-namecheap-to-cloudflare-for-github-pages/ Transfering DNS from Namecheap to CloudFlare].
* Email forwarding
** [https://forwardemail.net/#/?id=how-it-works forwardemail.net]
* [https://medium.com/@goelanirudh/add-https-to-your-namecheap-domain-hosted-on-github-pages-d66fd96308b5 Add https to your Namecheap Domain hosted on Github Pages]
 
== Cloudflare ==
* [https://developers.cloudflare.com/registrar/get-started/transfer-domain-to-cloudflare Transfer your domain to Cloudflare]
* [https://youtu.be/2HhNFSsxFfM How To Transfer Domain From Namecheap To CloudFlare Instantly] (video)
* [https://mirrormirage0.medium.com/configuring-dynamic-ip-auto-update-for-custom-domain-name-alternative-to-dyndns-noip-etc-57a1e100efd5 Configuring Dynamic IP auto-update for custom domain name(Alternative to dyndns, noip etc… )]
* Use a Dynamic DNS IP updater bash script for Cloudflare API. [https://claudiu.psychlab.eu/post/homelab-2-tld-subdomains-ddns-cloudflare/ HomeLab 2: Web domain, subdomains and Dynamic DNS with Cloudflare API]. cron was used to check the update every 10 minutes. The bash script is from https://github.com/K0p1-Git/cloudflare-ddns-updater.
<ul>
<li>Cloudflare -> [https://developers.cloudflare.com/dns/manage-dns-records/how-to/managing-dynamic-ip-addresses Use dynamic IP addresses]
* Cloudflare API. [https://bytefreaks.net/gnulinux/bash/cloudflare-api-dns-update Cloudflare API DNS Update], [https://iotechonline.com/cloudflare-dns-dynamic-ip-updater-script/ Cloudflare dns dynamic ip updater script], [https://github.com/TheGnarlyGonzo/cloudflare-ddns-script cloudflare-ddns-script].
* [https://youtu.be/CS72kN2c6hU?t=680 Cloudflare API + Docker] from oznu. A docker container that allows you to use CloudFlare as a DDNS / DynDNS Provider. [https://youtu.be/Nf7m3h11y-s A video] by DB Tech.
* ddclient
: <syntaxhighlight lang='bash'>
daemon=3600 # check every 300 seconds
syslog=yes # log update msgs to syslog
mail=root # mail all msgs to root
mail-failure=root # mail failed update msgs to root
pid=/var/run/ddclient.pid # record PID in file.
ssl=yes # use ssl-support.
use=web
protocol=cloudflare,        \
zone=YourDomain.com,        \
ttl=1,                      \
login=Cloudflare_Email_Addr \
password=Cloudflare_API_Key \
Subdomain1.YourDomain.com,Subdomain2.YourDomain.com
</syntaxhighlight>
: Test run
: <syntaxhighlight lang='bash'>
/usr/bin/ddclient -daemon=0 -debug -verbose -noquiet
</syntaxhighlight>
* [https://hub.docker.com/r/linuxserver/ddclient ddclient + Docker] from linuxserver. [https://www.null-byte.org/homelab/cloudflare-and-dynamic-dns-with-ddclient-and-docker/ Cloudflare and Dynamic DNS with ddclient and docker]. Use '''docker logs <container id>''' to [https://docs.docker.com/engine/reference/commandline/container_logs/ check the log].
* DNS-O-Matic
</ul>
 
== Mail ==
* check the option of '''Mail Routing: I have mail server with another name and would like to add MX hostname...'''
* In 'MX hostname' entering '''aspmx.l.google.com'''
* In 'Primary' choose 'Yes, use it as my primary mail relay.'
* [https://www.makeuseof.com/tag/set-email-domain-free-zoho-mail/ How to Set Up Email at Your Domain for Free With Zoho Mail] July 2019
* [https://www.makeuseof.com/custom-email-address-with-gmail/ How to Use a Custom Email Address With Gmail for Professional Emails]
* [https://www.makeuseof.com/create-custom-email-address/ 4 Ways to Use Custom Email Addresses]
 
= CDN =
[https://www.makeuseof.com/use-cdn-website/ Why You Should Use a CDN to Improve Your Website’s User Experience]
 
= DuckDNS =
* [https://youtu.be/CS72kN2c6hU Tracking your Dynamic ISP IP Address for use with your Home Server with Cloudflare DDNS & Duck DNS]
** https://hub.docker.com/r/linuxserver/duckdns/
** It teaches how to create an API token from cloudflare (my profile). Create custom tokens.
** oznu/cloudflare-ddns docker container that allows you to use CloudFlare as a DDNS / DynDNS Provider.
 
= no-ip =
* Similar to Dyndns. It has its own client program. Needs to build it yourself.
* See the [http://support.no-ip.com/customer/portal/articles/375955-basic-troubleshooting-guide troubleshooting guide].
* http://ducky-pond.com/posts/12 for instruction of setting autostart on Debian system.
* http://www.coulterfamily.org.uk/pages/PCs/Linux/FAQ-LINUX-NO-IP-CLIENT.php for another approach.
* Note: If noip2 cannot start automatically or noip2 does not update even it can be seen from ps -ef command, use '''sudo crontab -e''' command. <span style="color: red"> For some reason, after I use sudo crontab, noip2 can update IP.</span> So the only problem right now is it cannot update every 30 minutes even '''sudo noip2 -S''' says so. The problems may be 1. ps -ef shows the command runs from nobody user 2. sudo noip2 -S says it updates every 30 minutes via /dev/eth0 with NAT enabled.
* [https://github.com/loblab/noip-renew Auto renew (confirm) noip.com free hosts]
 
== Mail ==
* Allow only one MX record for each host for free no-ip account.
* Click Host/Redirects > Manage Hosts > Modify.
 
= DNS attack =
[https://www.makeuseof.com/what-are-dns-attacks-and-how-do-you-prevent-them/ What Are DNS Attacks and How Do You Prevent Them?]
 
= Proxy server =
* [https://vpnoverview.com/privacy/anonymous-browsing/free-proxy-servers/ A List of Free Proxy Servers in 2022 (Individual Proxies)]. As we can see the port number varies by each server.
* [https://www.howtogeek.com/683971/how-to-use-a-raspberry-pi-as-a-proxy-server-with-privoxy/ How to Use a Raspberry Pi as a Proxy Server (with Privoxy)]
* [https://digitalvarys.com/install-and-configure-a-proxy-server/ How to Install and Configure a Proxy Server?] '''Docker'''
* [https://www.simplecto.com/self-host-socks5-proxy-server-with-docker/ Self-host your own SOCKS5 Proxy Server with Docker] including how to use FoxyProxy addon on your FF browser. It seems '''IP''' is the only way to check whether proxy is working.
* [https://hide-ip-proxy.com/configure-proxy-server-android/ How to Set up a Proxy Server on Android (Wi-Fi and Mobile)]. '''https://www.xmyip.com/''' can check the proxy server from your browser. Two types of proxy: HTTP and SOCKS.
* [https://twitgoo.com/check-if-proxy-is-working/ How to Check if Your Proxy is Working] '''http://showmyip.com/'''.
 
= Zero trust network access =
[https://www.paloaltonetworks.com/cyberpedia/what-is-zero-trust-network-access-ztna What Is Zero Trust Network Access (ZTNA)]
 
== Cloudflare Tunnel ==
* Advantages:
** No port forward
** No static IP or DDNS service
* [https://www.cloudflare.com/products/tunnel/ Cloudflare Tunnel]
* [https://www.makeuseof.com/how-to-securely-remote-access-wifi-router/ How to Securely Access Your Wi-Fi Router From Anywhere]
* [https://bobcares.com/blog/cloudflare-tunneling-with-docker/ Cloudflare Tunneling with Docker | How-to Guide]
* [https://www.makeuseof.com/build-personal-cloud-storage-with-remote-access/ How to Build a Personal DIY Cloud Storage With Remote Access]
* [https://www.makeuseof.com/use-cloudflare-tunnel-expose-local-servers-internet/ Set Up a Cloudflare Tunnel to Expose Local Servers to the Internet] using a lightweight tunneling daemon ('''cloudflared''') which is available on Windows macOS & Linux & Raspberry Pi. Free domain is fine.
* By using these new free CloudFlare Tunnels you don’t need ANY of that including the open ports on your local firewalls. [https://chriscolotti.us/technology/how-to-setup-and-use-cloudflare-tunnels/ How To Setup And Use CloudFlare Tunnels]
* (video)
** [https://youtu.be/Q5dG8g4-Sx0?si=EQVqgYtM2V1u6cx4&t=797 Cloudflare Tunnels: Getting Started with Domains, DNS, and Tunnels] (part 1) & [https://youtu.be/wdmbAo02ktQ Cloudflare Tunnels: Restrict Access with Google and Github] (part 2).
*** It works. We can pick the free plan for Cloudflare Zero Trust. Then '''Tunnels''' option is now under '''Networks''' instead of '''Access'''.
*** Note in creating a policy, I choose Github authentication. In the '''Configure rules''', I choose '''Emails''' & my email associated with Github account.
** [https://youtu.be/ZvIdFs3M5ic You Need to Learn This! Cloudflare Tunnel Easy Tutorial]
* SSH
** [https://youtu.be/Z6b3l1z0N7w?t=834 HOW TO: Remote access a Raspberry Pi using a Cloudflare tunnel (node-red and ssh)]. Easy to follow!
** [https://orth.uk/ssh-over-cloudflare/ SSH into your private machines from anywhere, for free, using Cloudflare Tunnel] Feb 2022
** [https://danishshakeel.me/creating-an-ssh-tunnel-using-cloudflare-argo-and-access/ Creating An SSH Tunnel Using Cloudflare Argo And Access]
** [https://dev.to/tylerlwsmith/ssh-into-a-server-behind-cloudflare-using-an-ssh-config-file-355j SSH into a server behind Cloudflare using an SSH config file]
** [https://youtu.be/xRlM71fCdbY Raspberry Pi remote access - SSH Remotely from your browser using Cloudflare tunnel for FREE !]
 
== tailscale ==
* Tailscale is an alternative to cloudflare tunnel
* https://tailscale.com/kb/use-cases/. Some of the most common ones include deploying internal apps anywhere without changing firewall settings, replacing site-to-site VPNs with WireGuard, transparently interconnecting microservices between data centers and pods, and VPN from the couch to the office and HQ. Tailscale also allows remote access to computer resources and applications from any location.
* [https://tailscale.com/blog/how-nat-traversal-works/ How NAT traversal works] by tailscale
* [https://stanislas.blog/2021/08/tailscale/ How I use tailscale]
 
== Wireguard tunnel ==
[https://youtu.be/VCH8-XOikQc SelfHosted Gateway - WireGuard Tunnel for secure external access to all of your Self Hosted Apps] & [https://wiki.opensourceisawesome.com/books/selfhosted-gateway-reverse-proxy/page/selfhosted-gateway Notes]
 
== twingate ==
 
= IP spoofing =
[https://www.makeuseof.com/what-is-ip-spoofing/ What Is IP Spoofing and What Is It Used For?]

Latest revision as of 14:09, 9 November 2024

Resource

Block Ads

TTL

How to see Time-To-Live (TTL) for a DNS record

FQDN

URL

  • It seems we can append "?" and "#" after a valid URL.
  • What do "?" and "#" mean in a URL?
    • “?” in URL acts as separator
    • “#” was used as an anchor to jump to an element. However, nowadays it's usually used with AJAX-based pages since changing the hash can be detected using JavaScript and allows you to use the back/forward button without actually triggering a full page reload.
  • Which characters make a URL invalid?
  • Special character in URL ignored by browsers

Records

A record

CNAME

  • A CNAME record is used to map one domain name to another domain name. For example, a CNAME record for "www.example.com" might map to "example.com". This is useful when you want to point multiple domain names to the same server.
  • A CNAME record is used in lieu of an A record when a domain or subdomain is an alias of another domain. All CNAME records must point to a domain, never to an IP address. See What is a DNS CNAME record? For example, www.example.com is an alias of example.com.

DNSCrypt

Network commands

DNS server

Setup on Linux/Ubuntu

sudo apt install bind9
sudo nano /etc/bind/named.conf.options
  # update 'forwarders' key to use 1,1,1,1; 8.8.8.8;
  # add 'forward only;'
sudo systemctl restart bind9
# open port 53, or let ufw to allow bind9

AdGuard Home

How to set up your own open source DNS server

Pi-hole

Unbound

How to Set Up Local DNS Resolver with Unbound on Ubuntu 22.04

Client part

  • Windows/Mac/Linux
dig @192.168.1.2  linkedin.com  # Suppose the DNS server ips is 192.168.1.2
Pay attention to the Query time result. If we run the same command again, the query time will be reduced to 0 because of the cache in the DNS server.

Client part 2: what is my DNS server /etc/resolv.conf or /etc/network/interfaces. Static IP

Use one of the following commands

systemd-resolve  --status
resolvectl status
nmcli dev show | grep 'IP4.DNS'

PS. dig command can show my DNS server as part of its output.

On Ubuntu 18.04 and up, it uses netplan. PS. use space character instead tab in yml file.

Even I can change my DNS setting using the Network Manager (IPv4 -> disable Automatic -> Enter 8.8.8.8 -> Apply -> Toggle On/Off), the name solving does not work. Testing https://129.43.254.99 works but not https://brb.nci.nih.gov

To use the /etc/resolv.conf method, check out how to add DNS servers or Set permanent DNS nameservers on Ubuntu/Debian with resolv.conf (video).

On my home computer, it just shows one line nameserver 127.0.1.1. On work computer, it shows

# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.1.1
search XXX.XXX.gov

On the VM of my work computer, it shows

nameserver 127.0.0.53
search XXX.XXX.gov

It seems the /etc/resolv.conf file changes with the file on the host.

After any change, we can restart the network by using sudo service networking restart.

Note:

  • nameserver Name-server-IP-address: Point out to your your own nameserver or to ISP’s name server. Up to 3 name servers may be listed.
  • search domain.com: The search list is normally determined from the local domain name; by default, it contains only the local domain name. So when you type nslookup www, it will be matched to www.cyberciti.biz

You can also use Public Name Servers

nameserver 8.8.8.8
nameserver 8.8.4.4

dig Command Examples - check DNS server

dig (domain information groper) is a DNS lookup utility.

$ sudo apt install dnsutils

$ dig techmint.com
...
;; Query time: 220 msec
;; SERVER: 100.100.100.100#53(100.100.100.100)
;; WHEN: Fri Aug 16 08:44:30 EDT 2024
;; MSG SIZE  rcvd: 57

$ dig @1.1.1.1 techmint.com
...
;; Query time: 68 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Fri Aug 16 08:47:02 EDT 2024
;; MSG SIZE  rcvd: 57

# List All DNS Records Using dig
$ dig google.com ANY

host command

Linux and Unix host Command Examples

DNSmasq (DNS + DHCP server)

Local forwarding server

dnsmasq program is running on my Ubuntu and Linux/Mint machines.

See nameserver 127.0.1.1 in resolv.conf won't go away!

$ ps -ef | grep -i dnsmasq

$ sudo netstat -anp | grep -i dnsmasq

DHCP server

  • Turn Raspi into a wireless hotspot / access point
  • ChatGPT. Remember to replace eth0 with the interface name connected to your home router and adjust IP ranges and settings according to your needs.
    • Install the DHCP Server
    sudo apt install isc-dhcp-server
    sudo nano /etc/default/isc-dhcp-server
    INTERFACES="eth0 eth1"
    
    • Configure the DHCP Server
    subnet 10.50.50.0 netmask 255.255.255.0 {
      range 10.50.50.10 10.50.50.100;
      option routers 10.50.50.1;
      option subnet-mask 255.255.255.0;
      option broadcast-address 10.50.50.255;
      option domain-name-servers 8.8.8.8, 8.8.4.4;
      default-lease-time 600;
      max-lease-time 7200;
    }
    
    • Assign Static IP to the Second NIC
    • Enable IP Forwarding: Enable IP forwarding to allow internet access to the devices on the new network.
    echo "net.ipv4.ip_forward=1" | sudo tee -a /etc/sysctl.conf
    sudo sysctl -p
    
    • Set Up NAT: Use iptables to set up NAT (Network Address Translation) so that devices on the new network can access the internet.
    sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
    sudo iptables-save > /etc/iptables.rules
    

DNS providers

Benchmark, bottleneck

How to determine bottleneck in page load time? Use a plugin or if you have Chrome, use its built-in inspector. Google Chrome: Right-click on anything and click "Inspect element" and click "Network" tab on the new box that appears. Navigate to your site, you will now see in real-time how the browser is receiving the information

Change DNS setting

Command line

How to Find and Change Your DNS Server on Linux.

resolvectl status

resolvectl dns <interface> <dns address 1> <dns address2>

Domain Setup & SSL Certificates, HTTPS - NGINX & Docker Compose

Shiny Production with AWS Book

Flush DNS cache

How To Set Permanent DNS Nameservers

How To Set Permanent DNS Nameservers in Ubuntu and Debian

Test if you are using OpenDNS

https://welcome.opendns.com/

I try to change the DNS ip using either Network Connection GUI or modifying /etc/resolv.conf (& calling sudo /etc/init.d/networking restart). But it does not change anything??

DNS-over-HTTPS (DoH) in Firefox

Query DNS server

DNS leak test

To list the current DNS servers used by my system,

Method 1:

# Ubuntu >= 15
$ nmcli dev show | grep 'IP4.DNS'
$ nmcli device show <interfacename> | grep IP4.DNS
# Ubuntu <= 14
$ nmcli dev list iface <interfacename> | grep IP4

Method 2:

$ cat /etc/resolv.conf

Method 3 (macOS):

scutil --dns | grep nameserver
# cat /etc/resolv.conf

Another way is to use the R packages: gdns and dnsflare. More Options For Querying DNS From R with 1.1.1.1.

3 Ways to Check DNS Propagation Status

https://www.makeuseof.com/tag/check-dns-propagation-status/

DNS tricks

5 DNS Servers Guaranteed to Improve Your Online Safety

http://www.makeuseof.com/tag/best-dns-providers-security/

5 Nifty Ways to Use DNS to Your Advantage

http://www.makeuseof.com/tag/nifty-ways-use-dns-advantage/

Discover subdomains

5 Powerful Linux Tools to Discover Subdomains as an Ethical Hacker

DNStracer

http://www.ubuntugeek.com/dnstracer-trace-dns-queries-to-the-source.html

Reverse DNS

Reverse DNS (rDNS) is a process that resolves an IP address back to a domain name, the opposite of a forward DNS query. What Is Reverse DNS and How Does It Work?

Dyndns and ddclient

According to a comment in this video, Cloudflare tunnel completely replaces the need for reverse proxy like Traefik/Nginx Proxy Manager.

Resources

nano /etc/ddclient.conf on Debian 12. Use ddclient --help | grep version to find the installed version. See my 'ddclient' google doc.

Note that the specification should depend on the domain name registrar (eg namecheap). For namecheap, the login/password is NOT your actual credential from your domain name registrar. The password should be obtained from the domain name registrar website. The last line is about the host. If I am setting it up for a subdomain, I should enter the subdomain name (and skip the domain name part). The ssl=yes is to ensure the connection is made over https instead of http.

And run sudo ddclient -daemon=0 -debug -verbose -noquiet to verify ddclient is working. You shall get a long return with the last line looks like

SUCCESS:  updating YOURSUBDOMAIN: good: IP address set to XX.XXX.XXX.XXX

No matter which method we use, we can go to our DNS account (in namecheap, go to Dashboard -> MANAGE button -> Domains -> Advanced DNS) and temporarily change the global IP address to another one, run the update script and then check if the global IP address has been updated to the correct one.

sudo systemctl restart ddclient.service
# sudo /etc/init.d/ddclient restart

sudo service ddclient status

namecheap

Cloudflare

Mail

CDN

Why You Should Use a CDN to Improve Your Website’s User Experience

DuckDNS

no-ip

Mail

  • Allow only one MX record for each host for free no-ip account.
  • Click Host/Redirects > Manage Hosts > Modify.

DNS attack

What Are DNS Attacks and How Do You Prevent Them?

Proxy server

Zero trust network access

What Is Zero Trust Network Access (ZTNA)

Cloudflare Tunnel

tailscale

  • Tailscale is an alternative to cloudflare tunnel
  • https://tailscale.com/kb/use-cases/. Some of the most common ones include deploying internal apps anywhere without changing firewall settings, replacing site-to-site VPNs with WireGuard, transparently interconnecting microservices between data centers and pods, and VPN from the couch to the office and HQ. Tailscale also allows remote access to computer resources and applications from any location.
  • How NAT traversal works by tailscale
  • How I use tailscale

Wireguard tunnel

SelfHosted Gateway - WireGuard Tunnel for secure external access to all of your Self Hosted Apps & Notes

twingate

IP spoofing

What Is IP Spoofing and What Is It Used For?