DNS: Difference between revisions
No edit summary |
No edit summary |
||
Line 10: | Line 10: | ||
* [https://opensource.com/article/17/4/introduction-domain-name-system-dns Introduction to the Domain Name System (DNS)] | * [https://opensource.com/article/17/4/introduction-domain-name-system-dns Introduction to the Domain Name System (DNS)] | ||
* [https://opensource.com/article/17/4/build-your-own-name-server Build your own DNS name server on Linux] | * [https://opensource.com/article/17/4/build-your-own-name-server Build your own DNS name server on Linux] | ||
* [https://linuxconfig.org/protecting-your-privacy-with-firefox-on-linux Protecting Your Privacy With Firefox on Linux] | |||
== setup == | == setup == | ||
* https://support.rackspace.com/how-to/changing-dns-settings-on-linux/ | * https://support.rackspace.com/how-to/changing-dns-settings-on-linux/ | ||
* https://helix.nih.gov/user_guides/kerb5_config.html | * https://helix.nih.gov/user_guides/kerb5_config.html | ||
== What is my DNS server /etc/resolv.conf or /etc/network/interfaces == | |||
Even I can change my DNS setting using the Network Manager (IPv4 -> disable Automatic -> Enter 8.8.8.8 -> Apply -> Toggle On/Off), the name solving does not work. Testing https://129.43.254.99 works but not https://brb.nci.nih.gov | |||
Note: we are not supposed to edit /etc/resolv.conf file. See [https://askubuntu.com/a/130459 here] on how to add DNS servers. | |||
The real DNS servers IPs can be found by the network manager GUI or using the command line | |||
<syntaxhighlight lang='bash'> | |||
nmcli dev show | grep 'IP4.DNS' | |||
</syntaxhighlight> | |||
On my home computer, it just shows one line ''nameserver 127.0.1.1''. On work computer, it shows | |||
<pre> | |||
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) | |||
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN | |||
nameserver 127.0.1.1 | |||
search XXX.XXX.gov | |||
</pre> | |||
On the VM of my work computer, it shows | |||
<pre> | |||
nameserver 127.0.0.53 | |||
search XXX.XXX.gov | |||
</pre> | |||
It seems the /etc/resolv.conf file changes with the file on the host. | |||
After any change, we can restart the network by using '''sudo service networking restart'''. | |||
Note: | |||
* nameserver Name-server-IP-address: Point out to your your own nameserver or to ISP’s name server. Up to 3 name servers may be listed. | |||
* search domain.com: The search list is normally determined from the local domain name; by default, it contains only the local domain name. So when you type nslookup www, it will be matched to www.cyberciti.biz | |||
You can also use Public Name Servers | |||
<pre> | |||
nameserver 8.8.8.8 | |||
nameserver 8.8.4.4 | |||
</pre> | |||
On Ubuntu 18.04, it uses '''[https://netplan.io/ netplan]'''. See | |||
* [https://www.itzgeek.com/how-tos/linux/ubuntu-how-tos/netplan-how-to-configure-static-ip-address-in-ubuntu-18-04-using-netplan.html Netplan – How To Configure Static IP Address in Ubuntu 18.04 using Netplan] | |||
* [https://www.techrepublic.com/article/how-to-set-dns-nameservers-in-ubuntu-server-18-04/ How to set DNS nameservers in Ubuntu Server 18.04] | |||
== '''dig''' Command Examples == | |||
dig (domain information groper) is a DNS lookup utility. | |||
* https://www.cyberciti.biz/faq/linux-unix-dig-command-examples-usage-syntax/ | |||
* [https://www.rootusers.com/12-dig-command-examples-to-query-dns-in-linux/ 12 Dig Command Examples To Query DNS In Linux] | |||
: <syntaxhighlight lang='bash'> | |||
$ dig google.com ANY | |||
$ dig r-project.org ANY | |||
... | |||
;r-project.org. IN ANY | |||
;; ANSWER SECTION: | |||
r-project.org. 7199 IN NS ns2.urbanek.info. | |||
r-project.org. 7199 IN NS ns1.urbanek.info. | |||
r-project.org. 7199 IN NS ns2.wu-wien.ac.at. | |||
r-project.org. 7199 IN NS ns3.urbanek.info. | |||
r-project.org. 7199 IN NS ns4.urbanek.info. | |||
r-project.org. 7199 IN NS ns1.wu-wien.ac.at. | |||
r-project.org. 7199 IN A 137.208.57.37 | |||
r-project.org. 7199 IN MX 5 mc1.ethz.ch. | |||
r-project.org. 7199 IN MX 5 mc4.ethz.ch. | |||
r-project.org. 7199 IN MX 5 mc3.ethz.ch. | |||
r-project.org. 7199 IN MX 5 mc2.ethz.ch. | |||
r-project.org. 7199 IN TXT "v=spf1 ip4:129.132.119.208/32 ~all" | |||
r-project.org. 7199 IN SOA ns0.wu-wien.ac.at. postmaster.wu-wien.ac.at. | |||
</syntaxhighlight> | |||
* [https://rud.is/b/2019/06/28/quick-hit-dig-ging-into-dns-records-with-processx/ Quick hit: ‘dig’-ging Into r-project.org DNS Records with {processx}] | |||
= DNSmasq (DNS + DHCP server) = | = DNSmasq (DNS + DHCP server) = | ||
Line 74: | Line 144: | ||
== 3 Ways to Check DNS Propagation Status == | == 3 Ways to Check DNS Propagation Status == | ||
https://www.makeuseof.com/tag/check-dns-propagation-status/ | https://www.makeuseof.com/tag/check-dns-propagation-status/ | ||
= DNS tricks = | |||
== 5 DNS Servers Guaranteed to Improve Your Online Safety == | |||
http://www.makeuseof.com/tag/best-dns-providers-security/ | |||
== 5 Nifty Ways to Use DNS to Your Advantage == | |||
http://www.makeuseof.com/tag/nifty-ways-use-dns-advantage/ | |||
= DNStracer = | |||
http://www.ubuntugeek.com/dnstracer-trace-dns-queries-to-the-source.html | |||
= Dyndns and [https://help.dyn.com/ddclient/ ddclient] = | |||
See | |||
* https://help.ubuntu.com/community/DynamicDNS#ddclient (works) | |||
* https://help.ubuntu.com/community/DynamicDNS#Namecheap_.26_Python (works) | |||
nano '''/etc/ddclient.conf''' | |||
<pre> | |||
protocol=namecheap | |||
ssl=yes | |||
use=web, web=dynamicdns.park-your-domain.com/getip | |||
server=dynamicdns.park-your-domain.com | |||
login=yourdomain.com | |||
password=a9438540ba8a449fb0ed09c3737b9e32 | |||
@ | |||
</pre> | |||
Note that the specification should depend on the domain name registrar (eg namecheap). For namecheap, the login/password is NOT your actual credential from your domain name registrar. The password should be obtained from the domain name registrar website. The last line is about the host. If I am setting it up for a subdomain, I should enter the subdomain name (and skip the domain name part). The '''ssl=yes''' is to ensure the [https://help.dyn.com/ddclient/ connection is made over https instead of http]. | |||
And run '''sudo ddclient -daemon=0 -debug -verbose -noquiet''' to verify ddclient is working. You shall get a long return with the last line looks like | |||
<pre> | |||
SUCCESS: updating YOURSUBDOMAIN: good: IP address set to XX.XXX.XXX.XXX | |||
</pre> | |||
No matter which method we use, we can go to our DNS account (in namecheap, go to Dashboard -> MANAGE button -> Domains -> Advanced DNS) and temporarily change the global IP address to another one, run the update script and then check if the global IP address has been updated to the correct one. | |||
== namecheap == | |||
* [https://www.namecheap.com/support/knowledgebase/article.aspx/583/11/how-do-i-configure-ddclient How do I configure DDClient?] | |||
* To create a subdomain, go to Dashboard -> Manage -> Advanced DNS tab. Click '''+ ADD NEW RECORD'''. In the 'HOST RECORDS' section, pick 'A + dynamic dns record' and enter the subdomain name (HOST) with the IPv4 address (Value). In the 'DYNAMIC DNS' section, we can download the client software too (scroll down to get the download link). See [https://www.namecheap.com/support/knowledgebase/article.aspx/319/78/how-can-i-setup-an-a-address-record-for-my-domain How can I set up an A (address) record for my domain?] | |||
* To understand different records (A record, AAAA record, CNAME record, NS record, SRV record, TXT record, URL redirect record) See [https://www.namecheap.com/support/knowledgebase/article.aspx/434/2237/how-do-i-set-up-host-records-for-a-domain How do I set up host records for a domain?] | |||
* If you've purchased an SSL certificate, you'll want to visit your Account Panel soon to enter your CSR and activate the certificate. [https://www.namecheap.com/support/knowledgebase/category.aspx/14/ Instructions on how to create a CSR and install the certificate on your server]. | |||
* CloudFlare | |||
** [https://www.namecheap.com/support/knowledgebase/article.aspx/1191/2210/how-to-enable-cloudflare-for-your-domain-name How to enable CloudFlare for your domain name] | |||
** [https://www.namecheap.com/support/knowledgebase/article.aspx/9607/2210/how-to-set-up-dns-records-for-your-domain-in-cloudflare-account How to set up DNS records for your domain in CloudFlare account] | |||
** [http://davidensinger.com/2014/04/transferring-the-dns-from-namecheap-to-cloudflare-for-github-pages/ Transfering DNS from Namecheap to CloudFlare] | |||
* Email forwarding | |||
** [https://forwardemail.net/#/?id=how-it-works forwardemail.net] | |||
* [https://medium.com/@goelanirudh/add-https-to-your-namecheap-domain-hosted-on-github-pages-d66fd96308b5 Add https to your Namecheap Domain hosted on Github Pages] | |||
== Mail == | |||
* check the option of '''Mail Routing: I have mail server with another name and would like to add MX hostname...''' | |||
* In 'MX hostname' entering '''aspmx.l.google.com''' | |||
* In 'Primary' choose 'Yes, use it as my primary mail relay.' | |||
* [https://www.makeuseof.com/tag/set-email-domain-free-zoho-mail/ How to Set Up Email at Your Domain for Free With Zoho Mail] July 2019 | |||
= no-ip = | |||
Similar to Dyndns. It has its own client program. Needs to build it yourself. | |||
Also see the [http://support.no-ip.com/customer/portal/articles/375955-basic-troubleshooting-guide troubleshooting guide]. | |||
See http://ducky-pond.com/posts/12 for instruction of setting autostart on Debian system. | |||
See http://www.coulterfamily.org.uk/pages/PCs/Linux/FAQ-LINUX-NO-IP-CLIENT.php for another approach. | |||
Note: If noip2 cannot start automatically or noip2 does not update even it can be seen from ps -ef command, use '''sudo crontab -e''' command. <span style="color: red"> For some reason, after I use sudo crontab, noip2 can update IP.</span> So the only problem right now is it cannot update every 30 minutes even '''sudo noip2 -S''' says so. The problems may be 1. ps -ef shows the command runs from nobody user 2. sudo noip2 -S says it updates every 30 minutes via /dev/eth0 with NAT enabled. | |||
Update: An alternative is to use ddclient. However, ddclient never updates the IP. | |||
== Mail == | |||
* Allow only one MX record for each host for free no-ip account. | |||
* Click Host/Redirects > Manage Hosts > Modify. |
Revision as of 19:15, 31 August 2019
Resource
Managing DNS Essential Training from lynda.com
DNSCrypt
- https://en.wikipedia.org/wiki/DNSCrypt
- dnscrypt-proxy 2 - A flexible DNS proxy, with support for encrypted DNS protocols
- Install and Enable DNSCrypt Proxy 2 in Ubuntu 18.04 Or 18.10 / Debian Unstable Or Testing
DNS server
- Introduction to the Domain Name System (DNS)
- Build your own DNS name server on Linux
- Protecting Your Privacy With Firefox on Linux
setup
- https://support.rackspace.com/how-to/changing-dns-settings-on-linux/
- https://helix.nih.gov/user_guides/kerb5_config.html
What is my DNS server /etc/resolv.conf or /etc/network/interfaces
Even I can change my DNS setting using the Network Manager (IPv4 -> disable Automatic -> Enter 8.8.8.8 -> Apply -> Toggle On/Off), the name solving does not work. Testing https://129.43.254.99 works but not https://brb.nci.nih.gov
Note: we are not supposed to edit /etc/resolv.conf file. See here on how to add DNS servers.
The real DNS servers IPs can be found by the network manager GUI or using the command line
nmcli dev show | grep 'IP4.DNS'
On my home computer, it just shows one line nameserver 127.0.1.1. On work computer, it shows
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN nameserver 127.0.1.1 search XXX.XXX.gov
On the VM of my work computer, it shows
nameserver 127.0.0.53 search XXX.XXX.gov
It seems the /etc/resolv.conf file changes with the file on the host.
After any change, we can restart the network by using sudo service networking restart.
Note:
- nameserver Name-server-IP-address: Point out to your your own nameserver or to ISP’s name server. Up to 3 name servers may be listed.
- search domain.com: The search list is normally determined from the local domain name; by default, it contains only the local domain name. So when you type nslookup www, it will be matched to www.cyberciti.biz
You can also use Public Name Servers
nameserver 8.8.8.8 nameserver 8.8.4.4
On Ubuntu 18.04, it uses netplan. See
- Netplan – How To Configure Static IP Address in Ubuntu 18.04 using Netplan
- How to set DNS nameservers in Ubuntu Server 18.04
dig Command Examples
dig (domain information groper) is a DNS lookup utility.
- https://www.cyberciti.biz/faq/linux-unix-dig-command-examples-usage-syntax/
- 12 Dig Command Examples To Query DNS In Linux
$ dig google.com ANY $ dig r-project.org ANY ... ;r-project.org. IN ANY ;; ANSWER SECTION: r-project.org. 7199 IN NS ns2.urbanek.info. r-project.org. 7199 IN NS ns1.urbanek.info. r-project.org. 7199 IN NS ns2.wu-wien.ac.at. r-project.org. 7199 IN NS ns3.urbanek.info. r-project.org. 7199 IN NS ns4.urbanek.info. r-project.org. 7199 IN NS ns1.wu-wien.ac.at. r-project.org. 7199 IN A 137.208.57.37 r-project.org. 7199 IN MX 5 mc1.ethz.ch. r-project.org. 7199 IN MX 5 mc4.ethz.ch. r-project.org. 7199 IN MX 5 mc3.ethz.ch. r-project.org. 7199 IN MX 5 mc2.ethz.ch. r-project.org. 7199 IN TXT "v=spf1 ip4:129.132.119.208/32 ~all" r-project.org. 7199 IN SOA ns0.wu-wien.ac.at. postmaster.wu-wien.ac.at.
DNSmasq (DNS + DHCP server)
- Man page and Setup
- Dnsmasq For Easy LAN Name Services
- https://wiki.archlinux.org/index.php/dnsmasq
- https://wiki.debian.org/HowTo/dnsmasq
- http://www.linuxjournal.com/content/dnsmasq-pint-sized-super-d%C3%A6mon
- https://blogging.dragon.org.uk/howto-setup-dnsmasq-as-dns-dhcp/
Local forwarding server
dnsmasq program is running on my Ubuntu and Linux/Mint machines.
See nameserver 127.0.1.1 in resolv.conf won't go away!
$ ps -ef | grep -i dnsmasq $ sudo netstat -anp | grep -i dnsmasq
Change DNS setting
- Why Changing DNS Settings Increases Your Internet Speed, 5 DNS Servers Guaranteed to Improve Your Online Safety
- https://1.1.1.1/, 隱私優先、速度最快,公共DNS服務1.1.1.1上線了
- Google: 8.8.8.8 and 8.8.4.4
- OpenDNS: 208.67.220.220 and 208.67.222.222
- DNS Watch: 84.200.69.80 and 84.200.70.40
- OpenNIC: 206.125.173.29 and 45.32.230.225
- UncensoredDNS: 91.239.100.100 and 89.233.43.71
- Change DNS Settings on Windows / Mac / Android / IOS / Linux
- Setup CloudFlare DNS On Ubuntu 16.04 / 17.10 / 18.04 Desktop
- Open Ubuntu Network Manager (System settings > Network > Settings > Wired or Wireless or both)
- Select both IPv4 and IPv6 and turn off automatic DNS IP settings… then type the custom Cloudflare DNS IP addresses you want to use…
- You Can Now Use Cloudflare’s 1.1.1.1 DNS on Mobile
Flush DNS cache
Test if you are using OpenDNS
Query DNS server
To list the current DNS servers used by my system,
Method 1:
# Ubuntu >= 15 $ nmcli dev show | grep 'IP4.DNS' $ nmcli device show <interfacename> | grep IP4.DNS # Ubuntu <= 14 $ nmcli dev list iface <interfacename> | grep IP4
Method 2:
$ cat /etc/resolv.conf
Another way is to use the R packages: gdns and dnsflare. More Options For Querying DNS From R with 1.1.1.1.
3 Ways to Check DNS Propagation Status
https://www.makeuseof.com/tag/check-dns-propagation-status/
DNS tricks
5 DNS Servers Guaranteed to Improve Your Online Safety
http://www.makeuseof.com/tag/best-dns-providers-security/
5 Nifty Ways to Use DNS to Your Advantage
http://www.makeuseof.com/tag/nifty-ways-use-dns-advantage/
DNStracer
http://www.ubuntugeek.com/dnstracer-trace-dns-queries-to-the-source.html
Dyndns and ddclient
See
- https://help.ubuntu.com/community/DynamicDNS#ddclient (works)
- https://help.ubuntu.com/community/DynamicDNS#Namecheap_.26_Python (works)
nano /etc/ddclient.conf
protocol=namecheap ssl=yes use=web, web=dynamicdns.park-your-domain.com/getip server=dynamicdns.park-your-domain.com login=yourdomain.com password=a9438540ba8a449fb0ed09c3737b9e32 @
Note that the specification should depend on the domain name registrar (eg namecheap). For namecheap, the login/password is NOT your actual credential from your domain name registrar. The password should be obtained from the domain name registrar website. The last line is about the host. If I am setting it up for a subdomain, I should enter the subdomain name (and skip the domain name part). The ssl=yes is to ensure the connection is made over https instead of http.
And run sudo ddclient -daemon=0 -debug -verbose -noquiet to verify ddclient is working. You shall get a long return with the last line looks like
SUCCESS: updating YOURSUBDOMAIN: good: IP address set to XX.XXX.XXX.XXX
No matter which method we use, we can go to our DNS account (in namecheap, go to Dashboard -> MANAGE button -> Domains -> Advanced DNS) and temporarily change the global IP address to another one, run the update script and then check if the global IP address has been updated to the correct one.
namecheap
- How do I configure DDClient?
- To create a subdomain, go to Dashboard -> Manage -> Advanced DNS tab. Click + ADD NEW RECORD. In the 'HOST RECORDS' section, pick 'A + dynamic dns record' and enter the subdomain name (HOST) with the IPv4 address (Value). In the 'DYNAMIC DNS' section, we can download the client software too (scroll down to get the download link). See How can I set up an A (address) record for my domain?
- To understand different records (A record, AAAA record, CNAME record, NS record, SRV record, TXT record, URL redirect record) See How do I set up host records for a domain?
- If you've purchased an SSL certificate, you'll want to visit your Account Panel soon to enter your CSR and activate the certificate. Instructions on how to create a CSR and install the certificate on your server.
- CloudFlare
- Email forwarding
- Add https to your Namecheap Domain hosted on Github Pages
- check the option of Mail Routing: I have mail server with another name and would like to add MX hostname...
- In 'MX hostname' entering aspmx.l.google.com
- In 'Primary' choose 'Yes, use it as my primary mail relay.'
- How to Set Up Email at Your Domain for Free With Zoho Mail July 2019
no-ip
Similar to Dyndns. It has its own client program. Needs to build it yourself.
Also see the troubleshooting guide.
See http://ducky-pond.com/posts/12 for instruction of setting autostart on Debian system.
See http://www.coulterfamily.org.uk/pages/PCs/Linux/FAQ-LINUX-NO-IP-CLIENT.php for another approach.
Note: If noip2 cannot start automatically or noip2 does not update even it can be seen from ps -ef command, use sudo crontab -e command. For some reason, after I use sudo crontab, noip2 can update IP. So the only problem right now is it cannot update every 30 minutes even sudo noip2 -S says so. The problems may be 1. ps -ef shows the command runs from nobody user 2. sudo noip2 -S says it updates every 30 minutes via /dev/eth0 with NAT enabled.
Update: An alternative is to use ddclient. However, ddclient never updates the IP.
- Allow only one MX record for each host for free no-ip account.
- Click Host/Redirects > Manage Hosts > Modify.