Tag Archives: DNS

Secure DNS Traffic Using DNSSEC and DNS Policies

Secure DNS Traffic Using DNSSEC and DNS Policies

In Windows Server 2016 we can secure DNS traffic using DNSSEC and DNS policies. DNSSEC allows a client to validate DNS responses, as by default DNS was not designed to be a secure protocol. DNSSEC allows a client to confirm that the information which has been returned from a DNS server has actually come from the correct and trusted DNS server without modification.

DNSSEC, which stands for Domain Name System Security Extensions, was added to help secure the existing DNS protocol. This guide will walk you through configuring DNSSEC in a Windows Server 2016 environment.

Read more »

Where Is The Hosts File In Windows Server 2016

Where Is The Hosts File Located In Windows Server 2016

The location of the hosts file in Microsoft’s Windows Server 2016 hasn’t actually changed from previous releases of the Windows operating system.

In this quick guide we will show you where to find the hosts file and how it can be modified.

Read more »

How To Configure Local DNS Query Cache In Linux With Dnsmasq

How To Configure Local DNS Query Caching In Linux With Dnsmasq

In many Linux based distributions there does not appear to be any local DNS query caching performed by default on the client side like there is in Windows. This means that if a process on the system constantly needs to connect to some domain name it will perform a DNS lookup against the resolver defined to retrieve the IP every single time.

In this particular example instance there is a process that performs 30,000,000 DNS requests per day on average against the nameserver, we are going to significantly reduce this by configuring a local DNS cache on the server performing the excessive DNS queries.

Read more »

How To Troubleshoot DNS Client Issues in Linux

Linux Dig

DNS resolution is an important service, without it functioning properly domain names will not be correctly resolved to IP addresses preventing other network services from working correctly. Therefore it is equally important to know how to troubleshoot DNS issues on a Linux client and fix any problems to reduce disruption.

There are multiple potential points of failure during the DNS lookup process such as at the system performing the lookup, at the DNS cache, or on an external DNS server. Here we will cover how to check these and perform various tests to identify where exactly the problem lies.

Read more »

How To Configure a Caching-Only DNS Name Server

DNS resolution is used to lookup a domain name and resolve it to an IP address. Instead of having various systems in our network querying directly out to the Internet, we can configure a DNS caching server within our network and have other systems point to this for DNS resolution which will improve efficiency. The more systems sending queries through the caching server, the larger the cache will grow, further improving the hit rate.

The local cache of DNS records is stored closer to the systems initiating the requests, resulting in faster resolution time. These records will be cached until their TTL expires, or the cache is flushed. If any other system performs a DNS lookup for a query that resides in the cache it can be returned much faster as the caching server will not have to forward the query to some other DNS server out on the Internet.

There are many packages capable of acting as a DNS cache such as Bind, Dnsmasq and Unbound. In our example we will be working with Unbound.

Read more »

Reverse DNS explained

DNS is traditionally used to resolve a domain name to an IP address, this is known as forward resolution. Reverse DNS (rDNS) is the opposite of this whereby an IP address is resolved to a domain.

rDNS uses the arpa (address and routing parameter area) top level domain (TLD). The in-addr.arpa domain is used for IPv4 while ip6.arpa is used for IPv6 addresses.

This all sounds very backwards, let me explain…

Read more »

How to use the hosts file to fake DNS

The hosts file is stored on a computer or device to provide local entries for DNS lookup. Normally when you try to resolve a hostname or domain, your computer will consult your specified DNS server to discover the IP address that it points to. This requires that there is an existing DNS server out there with the record that you require, with the hosts file you can fake DNS entries that will resolve only on the local machine.

Why would you want to do this? It’s great for testing or troubleshooting. You may want to use a specific hostname that no DNS exists for, though ideally you should create DNS records where possible as they can be centrally managed. It can help you get around DNS propagation issues, for example if a DNS record has been updated but had a TTL of 24 hours you may have to wait up to this long (assuming the cache cannot be cleared) before the record will resolve to the new IP address. By adding a temporary host file entry you can resolve to the new IP address straight away as the hosts file takes precedence over external DNS.

Read more »

How to use the CloudNS DNS resolver with Windows

In this post I outline how you can set up and use the CloudNS DNS resolver on a Windows computer. CloudNS is a free security focused service currently providing two servers in Australia for DNS resolution. CloudNS only allows connections with DNSCrypt which ensures messages are safely and securely sent to the resolver and not tampered with, DNSSEC is also supported. The resolvers also support Namecoin resolution which is an alternative decentralized DNS system, allowing you to start accessing .bit domains. CloudNS also does not log any of the queries or connections taking place, keeping things anonymous.

Read more »

Loading different website content based on country with GeoDNS

Have you ever wanted to serve different DNS records out based on the location of the originating request?

Using the GeoDNS Bind patch we can have example.com resolve to a server in the US only if the requesting IP address loading the page is based in the US, and then have all other requests forward onto a server based in another country. You will be able to point a request for a domain from any country code to specified DNS records with this method.

This can be beneficial for many reasons, it will allow faster website page load times in different countries due to all content being served by the nearest server. It also allows you to run up different websites for the same domain in different countries as these will be running on different servers.

Read more »