DNS: Difference between revisions

From 太極
Jump to navigation Jump to search
No edit summary
No edit summary
Line 10: Line 10:
* [https://opensource.com/article/17/4/introduction-domain-name-system-dns Introduction to the Domain Name System (DNS)]
* [https://opensource.com/article/17/4/introduction-domain-name-system-dns Introduction to the Domain Name System (DNS)]
* [https://opensource.com/article/17/4/build-your-own-name-server Build your own DNS name server on Linux]
* [https://opensource.com/article/17/4/build-your-own-name-server Build your own DNS name server on Linux]
* [https://linuxconfig.org/protecting-your-privacy-with-firefox-on-linux Protecting Your Privacy With Firefox on Linux]


== setup ==
== setup ==
* https://support.rackspace.com/how-to/changing-dns-settings-on-linux/
* https://support.rackspace.com/how-to/changing-dns-settings-on-linux/
* https://helix.nih.gov/user_guides/kerb5_config.html
* https://helix.nih.gov/user_guides/kerb5_config.html
== What is my DNS server /etc/resolv.conf or /etc/network/interfaces ==
Even I can change my DNS setting using the Network Manager (IPv4 -> disable Automatic -> Enter 8.8.8.8 -> Apply -> Toggle On/Off), the name solving does not work. Testing https://129.43.254.99 works but not https://brb.nci.nih.gov
Note: we are not supposed to edit /etc/resolv.conf file. See [https://askubuntu.com/a/130459 here] on how to add DNS servers.
The real DNS servers IPs can be found by the network manager GUI or using the command line
<syntaxhighlight lang='bash'>
nmcli dev show | grep 'IP4.DNS'
</syntaxhighlight>
On my home computer, it just shows one line ''nameserver 127.0.1.1''. On work computer, it shows
<pre>
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#    DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.1.1
search XXX.XXX.gov
</pre>
On the VM of my work computer, it shows
<pre>
nameserver 127.0.0.53
search XXX.XXX.gov
</pre>
It seems the /etc/resolv.conf file changes with the file on the host.
After any change, we can restart the network by using '''sudo service networking restart'''.
Note:
* nameserver Name-server-IP-address: Point out to your your own nameserver or to ISP’s name server. Up to 3 name servers may be listed.
* search domain.com: The search list is normally determined from the local domain name; by default, it contains only the local domain name. So when you type nslookup www, it will be matched to www.cyberciti.biz
You can also use Public Name Servers
<pre>
nameserver 8.8.8.8
nameserver 8.8.4.4
</pre>
On Ubuntu 18.04, it uses '''[https://netplan.io/ netplan]'''. See
* [https://www.itzgeek.com/how-tos/linux/ubuntu-how-tos/netplan-how-to-configure-static-ip-address-in-ubuntu-18-04-using-netplan.html Netplan – How To Configure Static IP Address in Ubuntu 18.04 using Netplan]
* [https://www.techrepublic.com/article/how-to-set-dns-nameservers-in-ubuntu-server-18-04/ How to set DNS nameservers in Ubuntu Server 18.04]
== '''dig''' Command Examples ==
dig (domain information groper) is a DNS lookup utility.
* https://www.cyberciti.biz/faq/linux-unix-dig-command-examples-usage-syntax/
* [https://www.rootusers.com/12-dig-command-examples-to-query-dns-in-linux/ 12 Dig Command Examples To Query DNS In Linux]
: <syntaxhighlight lang='bash'>
$ dig google.com ANY
$ dig r-project.org  ANY
...
;r-project.org.                IN      ANY
;; ANSWER SECTION:
r-project.org.          7199    IN      NS      ns2.urbanek.info.
r-project.org.          7199    IN      NS      ns1.urbanek.info.
r-project.org.          7199    IN      NS      ns2.wu-wien.ac.at.
r-project.org.          7199    IN      NS      ns3.urbanek.info.
r-project.org.          7199    IN      NS      ns4.urbanek.info.
r-project.org.          7199    IN      NS      ns1.wu-wien.ac.at.
r-project.org.          7199    IN      A      137.208.57.37
r-project.org.          7199    IN      MX      5 mc1.ethz.ch.
r-project.org.          7199    IN      MX      5 mc4.ethz.ch.
r-project.org.          7199    IN      MX      5 mc3.ethz.ch.
r-project.org.          7199    IN      MX      5 mc2.ethz.ch.
r-project.org.          7199    IN      TXT    "v=spf1 ip4:129.132.119.208/32 ~all"
r-project.org.          7199    IN      SOA    ns0.wu-wien.ac.at. postmaster.wu-wien.ac.at.
</syntaxhighlight>
* [https://rud.is/b/2019/06/28/quick-hit-dig-ging-into-dns-records-with-processx/ Quick hit: ‘dig’-ging Into r-project.org DNS Records with {processx}]


= DNSmasq (DNS + DHCP server) =
= DNSmasq (DNS + DHCP server) =
Line 74: Line 144:
== 3 Ways to Check DNS Propagation Status ==
== 3 Ways to Check DNS Propagation Status ==
https://www.makeuseof.com/tag/check-dns-propagation-status/
https://www.makeuseof.com/tag/check-dns-propagation-status/
= DNS tricks =
== 5 DNS Servers Guaranteed to Improve Your Online Safety ==
http://www.makeuseof.com/tag/best-dns-providers-security/
== 5 Nifty Ways to Use DNS to Your Advantage ==
http://www.makeuseof.com/tag/nifty-ways-use-dns-advantage/
= DNStracer =
http://www.ubuntugeek.com/dnstracer-trace-dns-queries-to-the-source.html
= Dyndns and [https://help.dyn.com/ddclient/ ddclient] =
See
* https://help.ubuntu.com/community/DynamicDNS#ddclient (works)
* https://help.ubuntu.com/community/DynamicDNS#Namecheap_.26_Python (works)
nano '''/etc/ddclient.conf'''
<pre>
protocol=namecheap
ssl=yes
use=web, web=dynamicdns.park-your-domain.com/getip
server=dynamicdns.park-your-domain.com
login=yourdomain.com
password=a9438540ba8a449fb0ed09c3737b9e32
@
</pre>
Note that the specification should depend on the domain name registrar (eg namecheap). For namecheap, the login/password is NOT your actual credential from your domain name registrar. The password should be obtained from the domain name registrar website. The last line is about the host. If I am setting it up for a subdomain, I should enter the subdomain name (and skip the domain name part). The '''ssl=yes''' is to ensure the [https://help.dyn.com/ddclient/ connection is made over https instead of http].
And run '''sudo ddclient -daemon=0 -debug -verbose -noquiet''' to verify ddclient is working. You shall get a long return with the last line looks like
<pre>
SUCCESS:  updating YOURSUBDOMAIN: good: IP address set to XX.XXX.XXX.XXX
</pre>
No matter which method we use, we can go to our DNS account (in namecheap, go to Dashboard -> MANAGE button -> Domains -> Advanced DNS) and temporarily change the global IP address to another one, run the update script and then check if the global IP address has been updated to the correct one.
== namecheap ==
* [https://www.namecheap.com/support/knowledgebase/article.aspx/583/11/how-do-i-configure-ddclient How do I configure DDClient?]
* To create a subdomain, go to Dashboard -> Manage -> Advanced DNS tab. Click '''+ ADD NEW RECORD'''. In the 'HOST RECORDS' section, pick 'A + dynamic dns record' and enter the subdomain name (HOST) with the IPv4 address (Value). In the 'DYNAMIC DNS' section, we can download the client software too (scroll down to get the download link). See [https://www.namecheap.com/support/knowledgebase/article.aspx/319/78/how-can-i-setup-an-a-address-record-for-my-domain How can I set up an A (address) record for my domain?]
* To understand different records (A record, AAAA record, CNAME record, NS record, SRV record, TXT record, URL redirect record) See [https://www.namecheap.com/support/knowledgebase/article.aspx/434/2237/how-do-i-set-up-host-records-for-a-domain How do I set up host records for a domain?]
* If you've purchased an SSL certificate, you'll want to visit your Account Panel soon to enter your CSR and activate the certificate. [https://www.namecheap.com/support/knowledgebase/category.aspx/14/ Instructions on how to create a CSR and install the certificate on your server].
* CloudFlare
** [https://www.namecheap.com/support/knowledgebase/article.aspx/1191/2210/how-to-enable-cloudflare-for-your-domain-name How to enable CloudFlare for your domain name]
** [https://www.namecheap.com/support/knowledgebase/article.aspx/9607/2210/how-to-set-up-dns-records-for-your-domain-in-cloudflare-account How to set up DNS records for your domain in CloudFlare account]
** [http://davidensinger.com/2014/04/transferring-the-dns-from-namecheap-to-cloudflare-for-github-pages/ Transfering DNS from Namecheap to CloudFlare]
* Email forwarding
** [https://forwardemail.net/#/?id=how-it-works forwardemail.net]
* [https://medium.com/@goelanirudh/add-https-to-your-namecheap-domain-hosted-on-github-pages-d66fd96308b5 Add https to your Namecheap Domain hosted on Github Pages]
== Mail ==
* check the option of '''Mail Routing: I have mail server with another name and would like to add MX hostname...'''
* In 'MX hostname' entering '''aspmx.l.google.com'''
* In 'Primary' choose 'Yes, use it as my primary mail relay.'
* [https://www.makeuseof.com/tag/set-email-domain-free-zoho-mail/ How to Set Up Email at Your Domain for Free With Zoho Mail] July 2019
= no-ip =
Similar to Dyndns. It has its own client program. Needs to build it yourself.
Also see the [http://support.no-ip.com/customer/portal/articles/375955-basic-troubleshooting-guide troubleshooting guide].
See http://ducky-pond.com/posts/12 for instruction of setting autostart on Debian system.
See http://www.coulterfamily.org.uk/pages/PCs/Linux/FAQ-LINUX-NO-IP-CLIENT.php for another approach.
Note: If noip2 cannot start automatically or noip2 does not update even it can be seen from ps -ef command, use '''sudo crontab -e''' command. <span style="color: red"> For some reason, after I use sudo crontab, noip2 can update IP.</span> So the only problem right now is it cannot update every 30 minutes even '''sudo noip2 -S''' says so. The problems may be 1. ps -ef shows the command runs from nobody user 2. sudo noip2 -S says it updates every 30 minutes via /dev/eth0 with NAT enabled.
Update: An alternative is to use ddclient. However, ddclient never updates the IP.
== Mail ==
* Allow only one MX record for each host for free no-ip account.
* Click Host/Redirects > Manage Hosts > Modify.

Revision as of 19:15, 31 August 2019

Resource

Managing DNS Essential Training from lynda.com

DNSCrypt

DNS server

setup

What is my DNS server /etc/resolv.conf or /etc/network/interfaces

Even I can change my DNS setting using the Network Manager (IPv4 -> disable Automatic -> Enter 8.8.8.8 -> Apply -> Toggle On/Off), the name solving does not work. Testing https://129.43.254.99 works but not https://brb.nci.nih.gov

Note: we are not supposed to edit /etc/resolv.conf file. See here on how to add DNS servers.

The real DNS servers IPs can be found by the network manager GUI or using the command line

nmcli dev show | grep 'IP4.DNS'

On my home computer, it just shows one line nameserver 127.0.1.1. On work computer, it shows

# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.1.1
search XXX.XXX.gov

On the VM of my work computer, it shows

nameserver 127.0.0.53
search XXX.XXX.gov

It seems the /etc/resolv.conf file changes with the file on the host.

After any change, we can restart the network by using sudo service networking restart.

Note:

  • nameserver Name-server-IP-address: Point out to your your own nameserver or to ISP’s name server. Up to 3 name servers may be listed.
  • search domain.com: The search list is normally determined from the local domain name; by default, it contains only the local domain name. So when you type nslookup www, it will be matched to www.cyberciti.biz

You can also use Public Name Servers

nameserver 8.8.8.8
nameserver 8.8.4.4

On Ubuntu 18.04, it uses netplan. See

dig Command Examples

dig (domain information groper) is a DNS lookup utility.

$ dig google.com ANY
$ dig r-project.org  ANY
...
;r-project.org.                 IN      ANY

;; ANSWER SECTION:
r-project.org.          7199    IN      NS      ns2.urbanek.info.
r-project.org.          7199    IN      NS      ns1.urbanek.info.
r-project.org.          7199    IN      NS      ns2.wu-wien.ac.at.
r-project.org.          7199    IN      NS      ns3.urbanek.info.
r-project.org.          7199    IN      NS      ns4.urbanek.info.
r-project.org.          7199    IN      NS      ns1.wu-wien.ac.at.
r-project.org.          7199    IN      A       137.208.57.37
r-project.org.          7199    IN      MX      5 mc1.ethz.ch.
r-project.org.          7199    IN      MX      5 mc4.ethz.ch.
r-project.org.          7199    IN      MX      5 mc3.ethz.ch.
r-project.org.          7199    IN      MX      5 mc2.ethz.ch.
r-project.org.          7199    IN      TXT     "v=spf1 ip4:129.132.119.208/32 ~all"
r-project.org.          7199    IN      SOA     ns0.wu-wien.ac.at. postmaster.wu-wien.ac.at.

DNSmasq (DNS + DHCP server)

Local forwarding server

dnsmasq program is running on my Ubuntu and Linux/Mint machines.

See nameserver 127.0.1.1 in resolv.conf won't go away!

$ ps -ef | grep -i dnsmasq

$ sudo netstat -anp | grep -i dnsmasq

Change DNS setting

Flush DNS cache

How to clear the DNS Cache?

Test if you are using OpenDNS

https://welcome.opendns.com/

Query DNS server

To list the current DNS servers used by my system,

Method 1:

# Ubuntu >= 15
$ nmcli dev show | grep 'IP4.DNS'
$ nmcli device show <interfacename> | grep IP4.DNS
# Ubuntu <= 14
$ nmcli dev list iface <interfacename> | grep IP4

Method 2:

$ cat /etc/resolv.conf

Another way is to use the R packages: gdns and dnsflare. More Options For Querying DNS From R with 1.1.1.1.

3 Ways to Check DNS Propagation Status

https://www.makeuseof.com/tag/check-dns-propagation-status/

DNS tricks

5 DNS Servers Guaranteed to Improve Your Online Safety

http://www.makeuseof.com/tag/best-dns-providers-security/

5 Nifty Ways to Use DNS to Your Advantage

http://www.makeuseof.com/tag/nifty-ways-use-dns-advantage/


DNStracer

http://www.ubuntugeek.com/dnstracer-trace-dns-queries-to-the-source.html

Dyndns and ddclient

See

nano /etc/ddclient.conf

protocol=namecheap
ssl=yes
use=web, web=dynamicdns.park-your-domain.com/getip
server=dynamicdns.park-your-domain.com
login=yourdomain.com
password=a9438540ba8a449fb0ed09c3737b9e32
@

Note that the specification should depend on the domain name registrar (eg namecheap). For namecheap, the login/password is NOT your actual credential from your domain name registrar. The password should be obtained from the domain name registrar website. The last line is about the host. If I am setting it up for a subdomain, I should enter the subdomain name (and skip the domain name part). The ssl=yes is to ensure the connection is made over https instead of http.

And run sudo ddclient -daemon=0 -debug -verbose -noquiet to verify ddclient is working. You shall get a long return with the last line looks like

SUCCESS:  updating YOURSUBDOMAIN: good: IP address set to XX.XXX.XXX.XXX

No matter which method we use, we can go to our DNS account (in namecheap, go to Dashboard -> MANAGE button -> Domains -> Advanced DNS) and temporarily change the global IP address to another one, run the update script and then check if the global IP address has been updated to the correct one.

namecheap

Mail

no-ip

Similar to Dyndns. It has its own client program. Needs to build it yourself.

Also see the troubleshooting guide.

See http://ducky-pond.com/posts/12 for instruction of setting autostart on Debian system.

See http://www.coulterfamily.org.uk/pages/PCs/Linux/FAQ-LINUX-NO-IP-CLIENT.php for another approach.

Note: If noip2 cannot start automatically or noip2 does not update even it can be seen from ps -ef command, use sudo crontab -e command. For some reason, after I use sudo crontab, noip2 can update IP. So the only problem right now is it cannot update every 30 minutes even sudo noip2 -S says so. The problems may be 1. ps -ef shows the command runs from nobody user 2. sudo noip2 -S says it updates every 30 minutes via /dev/eth0 with NAT enabled.

Update: An alternative is to use ddclient. However, ddclient never updates the IP.

Mail

  • Allow only one MX record for each host for free no-ip account.
  • Click Host/Redirects > Manage Hosts > Modify.