From 太極
Revision as of 21:56, 9 April 2024 by Brb (talk | contribs) (→‎Local forwarding server)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search


Block Ads


How to see Time-To-Live (TTL) for a DNS record



  • It seems we can append "?" and "#" after a valid URL.
  • What do "?" and "#" mean in a URL?
    • “?” in URL acts as separator
    • “#” was used as an anchor to jump to an element. However, nowadays it's usually used with AJAX-based pages since changing the hash can be detected using JavaScript and allows you to use the back/forward button without actually triggering a full page reload.
  • Which characters make a URL invalid?
  • Special character in URL ignored by browsers


A record


  • A CNAME record is used to map one domain name to another domain name. For example, a CNAME record for "www.example.com" might map to "example.com". This is useful when you want to point multiple domain names to the same server.
  • A CNAME record is used in lieu of an A record when a domain or subdomain is an alias of another domain. All CNAME records must point to a domain, never to an IP address. See What is a DNS CNAME record? For example, www.example.com is an alias of example.com.


Network commands

DNS server

Setup on Linux/Ubuntu

sudo apt install bind9
sudo nano /etc/bind/named.conf.options
  # update 'forwarders' key to use 1,1,1,1;;
  # add 'forward only;'
sudo systemctl restart bind9
# open port 53, or let ufw to allow bind9

AdGuard Home

How to set up your own open source DNS server



How to Set Up Local DNS Resolver with Unbound on Ubuntu 22.04

Client part

  • Windows/Mac/Linux
dig @  linkedin.com  # Suppose the DNS server ips is
Pay attention to the Query time result. If we run the same command again, the query time will be reduced to 0 because of the cache in the DNS server.

Client part 2: what is my DNS server /etc/resolv.conf or /etc/network/interfaces. Static IP

Use one of the following commands

systemd-resolve  --status
resolvectl status
nmcli dev show | grep 'IP4.DNS'

PS. dig command can show my DNS server as part of its output.

On Ubuntu 18.04 and up, it uses netplan. PS. use space character instead tab in yml file.

Even I can change my DNS setting using the Network Manager (IPv4 -> disable Automatic -> Enter -> Apply -> Toggle On/Off), the name solving does not work. Testing works but not https://brb.nci.nih.gov

To use the /etc/resolv.conf method, check out how to add DNS servers or Set permanent DNS nameservers on Ubuntu/Debian with resolv.conf (video).

On my home computer, it just shows one line nameserver On work computer, it shows

# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
search XXX.XXX.gov

On the VM of my work computer, it shows

search XXX.XXX.gov

It seems the /etc/resolv.conf file changes with the file on the host.

After any change, we can restart the network by using sudo service networking restart.


  • nameserver Name-server-IP-address: Point out to your your own nameserver or to ISP’s name server. Up to 3 name servers may be listed.
  • search domain.com: The search list is normally determined from the local domain name; by default, it contains only the local domain name. So when you type nslookup www, it will be matched to www.cyberciti.biz

You can also use Public Name Servers


dig Command Examples

dig (domain information groper) is a DNS lookup utility.

$ sudo apt install dnsutils
$ dig google.com ANY
$ dig r-project.org  # only 1 is returned
$ dig r-project.org  ANY
;r-project.org.                 IN      ANY

r-project.org.          7199    IN      NS      ns2.urbanek.info.
r-project.org.          7199    IN      NS      ns1.urbanek.info.
r-project.org.          7199    IN      NS      ns2.wu-wien.ac.at.
r-project.org.          7199    IN      NS      ns3.urbanek.info.
r-project.org.          7199    IN      NS      ns4.urbanek.info.
r-project.org.          7199    IN      NS      ns1.wu-wien.ac.at.
r-project.org.          7199    IN      A
r-project.org.          7199    IN      MX      5 mc1.ethz.ch.
r-project.org.          7199    IN      MX      5 mc4.ethz.ch.
r-project.org.          7199    IN      MX      5 mc3.ethz.ch.
r-project.org.          7199    IN      MX      5 mc2.ethz.ch.
r-project.org.          7199    IN      TXT     "v=spf1 ip4: ~all"
r-project.org.          7199    IN      SOA     ns0.wu-wien.ac.at. postmaster.wu-wien.ac.at.

host command

Linux and Unix host Command Examples

DNSmasq (DNS + DHCP server)

Local forwarding server

dnsmasq program is running on my Ubuntu and Linux/Mint machines.

See nameserver in resolv.conf won't go away!

$ ps -ef | grep -i dnsmasq

$ sudo netstat -anp | grep -i dnsmasq

DHCP server

  • Turn Raspi into a wireless hotspot / access point
  • ChatGPT. Remember to replace eth0 with the interface name connected to your home router and adjust IP ranges and settings according to your needs.
    • Install the DHCP Server
    sudo apt install isc-dhcp-server
    sudo nano /etc/default/isc-dhcp-server
    INTERFACES="eth0 eth1"
    • Configure the DHCP Server
    subnet netmask {
      option routers;
      option subnet-mask;
      option broadcast-address;
      option domain-name-servers,;
      default-lease-time 600;
      max-lease-time 7200;
    • Assign Static IP to the Second NIC
    • Enable IP Forwarding: Enable IP forwarding to allow internet access to the devices on the new network.
    echo "net.ipv4.ip_forward=1" | sudo tee -a /etc/sysctl.conf
    sudo sysctl -p
    • Set Up NAT: Use iptables to set up NAT (Network Address Translation) so that devices on the new network can access the internet.
    sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
    sudo iptables-save > /etc/iptables.rules

DNS providers

Benchmark, bottleneck

How to determine bottleneck in page load time? Use a plugin or if you have Chrome, use its built-in inspector. Google Chrome: Right-click on anything and click "Inspect element" and click "Network" tab on the new box that appears. Navigate to your site, you will now see in real-time how the browser is receiving the information

Change DNS setting

Command line

How to Find and Change Your DNS Server on Linux.

resolvectl status

resolvectl dns <interface> <dns address 1> <dns address2>

Domain Setup & SSL Certificates, HTTPS - NGINX & Docker Compose

Shiny Production with AWS Book

Flush DNS cache

How To Set Permanent DNS Nameservers

How To Set Permanent DNS Nameservers in Ubuntu and Debian

Test if you are using OpenDNS


I try to change the DNS ip using either Network Connection GUI or modifying /etc/resolv.conf (& calling sudo /etc/init.d/networking restart). But it does not change anything??

DNS-over-HTTPS (DoH) in Firefox

Query DNS server

DNS leak test

To list the current DNS servers used by my system,

Method 1:

# Ubuntu >= 15
$ nmcli dev show | grep 'IP4.DNS'
$ nmcli device show <interfacename> | grep IP4.DNS
# Ubuntu <= 14
$ nmcli dev list iface <interfacename> | grep IP4

Method 2:

$ cat /etc/resolv.conf

Method 3 (macOS):

scutil --dns | grep nameserver
# cat /etc/resolv.conf

Another way is to use the R packages: gdns and dnsflare. More Options For Querying DNS From R with

3 Ways to Check DNS Propagation Status


DNS tricks

5 DNS Servers Guaranteed to Improve Your Online Safety


5 Nifty Ways to Use DNS to Your Advantage


Discover subdomains

5 Powerful Linux Tools to Discover Subdomains as an Ethical Hacker



Reverse DNS

Reverse DNS (rDNS) is a process that resolves an IP address back to a domain name, the opposite of a forward DNS query. What Is Reverse DNS and How Does It Work?

Dyndns and ddclient

According to a comment in this video, Cloudflare tunnel completely replaces the need for reverse proxy like Traefik/Nginx Proxy Manager.


nano /etc/ddclient.conf /etc/ddclient/ddclient.conf. See my 'ddclient' google doc.

Note that the specification should depend on the domain name registrar (eg namecheap). For namecheap, the login/password is NOT your actual credential from your domain name registrar. The password should be obtained from the domain name registrar website. The last line is about the host. If I am setting it up for a subdomain, I should enter the subdomain name (and skip the domain name part). The ssl=yes is to ensure the connection is made over https instead of http.

And run sudo ddclient -daemon=0 -debug -verbose -noquiet to verify ddclient is working. You shall get a long return with the last line looks like

SUCCESS:  updating YOURSUBDOMAIN: good: IP address set to XX.XXX.XXX.XXX

No matter which method we use, we can go to our DNS account (in namecheap, go to Dashboard -> MANAGE button -> Domains -> Advanced DNS) and temporarily change the global IP address to another one, run the update script and then check if the global IP address has been updated to the correct one.

sudo systemctl restart ddclient.service
# sudo /etc/init.d/ddclient restart

sudo service ddclient status





Why You Should Use a CDN to Improve Your Website’s User Experience




  • Allow only one MX record for each host for free no-ip account.
  • Click Host/Redirects > Manage Hosts > Modify.

DNS attack

What Are DNS Attacks and How Do You Prevent Them?

Proxy server

Zero trust network access

What Is Zero Trust Network Access (ZTNA)

Cloudflare Tunnel


  • Tailscale is an alternative to cloudflare tunnel
  • https://tailscale.com/kb/use-cases/. Some of the most common ones include deploying internal apps anywhere without changing firewall settings, replacing site-to-site VPNs with WireGuard, transparently interconnecting microservices between data centers and pods, and VPN from the couch to the office and HQ. Tailscale also allows remote access to computer resources and applications from any location.
  • How NAT traversal works by tailscale
  • How I use tailscale

Wireguard tunnel

SelfHosted Gateway - WireGuard Tunnel for secure external access to all of your Self Hosted Apps & Notes


IP spoofing

What Is IP Spoofing and What Is It Used For?