ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login
    1. Topics
    2. Tags
    3. dns
    Log in to post
    • All categories
    • 1

      Should I be concerned over info in public DNS records?

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion subdomain dns dynamicdns cybersecurity
      2
      0 Votes
      2 Posts
      564 Views
      scottalanmillerS

      I find it to not be of concern. I would never have it happen, because it's a bizarre and problematic way to handle internal DNS. But anyone who can exploit private IP mapping can figure it out without DNS in the first place. So I see no reason to want to hide it.

    • WLS-ITGuyW

      website/IP tracking

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion monitoring sonicwall dns
      4
      0 Votes
      4 Posts
      661 Views
      dbeatoD

      With Appflow you need to make sure you have authentication enabled for the users so it tracks per user. The Data Collection is for sure nice but it is only the top sites and no much information.
      https://www.sonicwall.com/support/knowledge-base/help-with-user-level-authentication-settings-like-local-users-ldap-radius/170503274714653/

      https://www.sonicwall.com/support/knowledge-base/configuring-app-flow-monitor-to-view-real-time-incoming-and-outgoing-network-data/170505632951042/

      https://www.sonicwall.com/support/knowledge-base/how-can-i-track-which-users-or-ip-addresses-are-accessing-a-certain-website-using-appflow/170505832815323/

      https://www.sonicwall.com/support/knowledge-base/how-can-i-collect-traffic-details-by-ip-address-on-the-firewall-through-log-reports-and-appflow/170503950787011/

    • EddieJenningsE

      YouTube Month in Review: January 2020

      Watching Ignoring Scheduled Pinned Locked Moved Self Promotion youtube powershell music dns music performance
      1
      0 Votes
      1 Posts
      473 Views
      No one has replied
    • 1

      How does name resolution work in AD?

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion windows dns ad
      15
      0 Votes
      15 Posts
      1k Views
      DashrenderD

      @Pete-S said in How does name resolution work in AD?:

      @Dashrender said in How does name resolution work in AD?:

      @scottalanmiller said in How does name resolution work in AD?:

      @Pete-S said in How does name resolution work in AD?:

      I was wondering how it works because we see a problem where a couple of Win 10 clients can resolve all the internal Windows servers names, but not the statically assigned names of linux servers.

      I thought if the name resolution works over different mechanisms and uses different ports it could be an firewall or L3 switch somewhere that has been misconfigured.

      This is common in situations where Linux is not given an opportunity to auto-update the DNS entries, no one makes them manually, and they are not joined to AD.

      Exactly - have you or anyone else added these servers to AD's DNS?

      They have been added manually. The name of the service is also not the name as the server. So if a webserver is abc001.company.com the name in the DNS that will send you to that server might be logistics.company.com.

      if you're being sent to logistics, that's the entry that must be in DNS.. you can have as many entries as are needed for a single server.
      each name is it's own entry.

    • wrx7mW

      Resolved: Weird Website Redirect Issues

      Watching Ignoring Scheduled Pinned Locked Moved Solved IT Discussion wordpress cpanel centos cloudflare dns redirect domain name 301 redirect
      4
      0 Votes
      4 Posts
      763 Views
      wrx7mW

      Turns out that there was a wildcard A record in DomainA2.com

    • EddieJenningsE

      YouTube Month in Review: December 2019

      Watching Ignoring Scheduled Pinned Locked Moved Self Promotion youtube self promo coppa bind dns openshot
      1
      1 Votes
      1 Posts
      377 Views
      No one has replied
    • scottalanmillerS

      Why big ISPs aren’t happy about Google’s plans for encrypted DNS

      Watching Ignoring Scheduled Pinned Locked Moved News isp fcc dns google dns over https
      41
      2 Votes
      41 Posts
      6k Views
      DashrenderD

      @Obsolesce said in Why big ISPs aren’t happy about Google’s plans for encrypted DNS:

      That all said, even though I don't care, I'd still prefer the ISP is totally out of the loop and am for encrypted DNS.

      Glad to see you come back with this.

      The old adage, if ya got nothing to hide/done nothing wrong, then what do you have to worry about, Sadly, this is so not true.

    • FATeknollogeeF

      Network routing question

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion fedora 30 network routing dns
      27
      0 Votes
      27 Posts
      2k Views
      FATeknollogeeF

      @dafyre said in Network routing question:

      @dafyre said in Network routing question:

      DNS server is at 10.50.235.235

      Configure your computer to look to 235.235 for DNS... and configure the DNS server at 235.235 to forward anything it doesn't recognize along to your Meraki?

      I added 235.235 as an additional DNS in the 250.254 network.

      I tried this yesterday but silly me forgot to "refresh" the NIC so it could grab the new settings.

      All is good & working.

    • B

      DNS Help ...

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion dns
      9
      0 Votes
      9 Posts
      596 Views
      scottalanmillerS

      @JaredBusch said in DNS Help ...:

      @EddieJennings said in DNS Help ...:

      @JaredBusch said in DNS Help ...:

      @Dashrender said in DNS Help ...:

      @JaredBusch said in DNS Help ...:

      PTR records are handled by the ISP.

      They are not something that should ever result in a domain name like this. but at some point in history, people always tried to contact their ISP to have PTR updated to thier mail server DNS name.

      it's part of anti-spamming.

      No, it is not.

      This kind of thing might be what Dash is thinking of.
      https://www.altn.com/Support/KnowledgeBase/KnowledgeBaseResults/?Number=KBA-01904

      While not explicitly a tool for anti-spam, I remember an MDaemon installation I inherited have reverse lookups enabled.

      NO, old guides used to claim that you needed to setup PTR for on site Exchange to make sure you had not SPAM issues. I know what he is talking about. Jus tthat it has never been fact, no matter what people used to say.

      I'm with Jared on this. Yes, historically it was common to do this thing but it was a myth. It's just one of those things that people repeated a lot but had no technical reasoning behind it. People generally don't understand DNS and so DNS becomes one of those magic black boxes and once someone made up that PTR could have something to do with SPAM people ran with it. But it was never part of a spam blocking or reduction mechanism, it was just a random, foolish technical mistake that people made thinking that it might have something to do with something else that they didn't understand.

    • P

      DNS PTR Record with 2 FQDN Entries with SPAM Check

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion dns email spam ptr record zimbra
      37
      1 Votes
      37 Posts
      3k Views
      JaredBuschJ

      @pattonb said in DNS PTR Record with 2 FQDN Entries with SPAM Check:

      @JaredBusch incorrect, Scott has summarized succinctly

      That is what you asked. But going with that is not what you actually wanted, then the answer to your original post is that you don't fix anything.

      You whitelist the domain in question and move on.

      The sender's ISP is in charge of setting the PTR record and there is not a damned thing you can do about it.

    • steveS

      DNS Record Types - CompTIA Network+ N10-007 Prof. Messer

      Watching Ignoring Scheduled Pinned Locked Moved Training dns networking network+ certification comptia prof messer youtube video training it training it career
      1
      1 Votes
      1 Posts
      272 Views
      No one has replied
    • steveS

      An Overview of DNS - CompTIA Network+ N10-007 Prof. Messer

      Watching Ignoring Scheduled Pinned Locked Moved Training dns networking network+ prof messer comptia certification youtube it training it career video training
      1
      2 Votes
      1 Posts
      229 Views
      No one has replied
    • 1

      How long does it take for clients to resolve new IP from DNS on LAN?

      Watching Ignoring Scheduled Pinned Locked Moved Solved IT Discussion microsoft active directory dns
      13
      0 Votes
      13 Posts
      562 Views
      1

      @Dashrender I just checked a couple of clients and Time To Live where set to 3600 at most and counting down.

      @Obsolesce If it's default then one hour it is.

    • JaredBuschJ

      DNS problem with Nginx on reboot

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion nginx error dns
      5
      0 Votes
      5 Posts
      664 Views
      1

      dhcp

    • OksanaO

      Stay in charge and manage your public DNS from Azure cloud

      Watching Ignoring Scheduled Pinned Locked Moved Starwind azure dns
      1
      1 Votes
      1 Posts
      133 Views
      No one has replied
    • B

      Cloudflare 301/2 Redirects ...

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion dns cloudflare
      7
      0 Votes
      7 Posts
      381 Views
      JaredBuschJ

      Like this.

      be78d39b-4bf6-4b74-a15e-ec044e88ed03-image.png
      04f1585b-838d-46eb-826c-be15fd766645-image.png

    • 1

      DNS woes

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion dns godaddy cloudflare
      5
      1 Votes
      5 Posts
      556 Views
      scottalanmillerS

      @Pete-S said in DNS woes:

      If I understand correctly, DNS propagates everywhere anyway so what difference does it make? Or are the DNS records not cached/replicated?

      It does, and they do. Propagation, caching, etc. all happens with DNS. But that doesn't mean that you don't still want your master DNS to be screaming fast, globally distributed, highly available, etc. If your DNS goes down, most DNS providers (Google, etc.) will known almost immediately and see your infrastructure as offline as part of their security system.

    • IRJI

      KVM/QEMU DNS

      Watching Ignoring Scheduled Pinned Locked Moved Solved IT Discussion kvm qemu dns
      8
      0 Votes
      8 Posts
      1k Views
      IRJI

      @dyasny said in KVM/QEMU DNS:

      libvirt has dnsmasq built in, to serve DHCP. It can also be configured to serve DNS to the libvirt NAT network, and the host.

      This is an example of a working configuration: https://fabianlee.org/2018/10/22/kvm-using-dnsmasq-for-libvirt-dns-resolution/

      Pretty cool. Thanks.

    • AdamFA

      FreePBX and DNS settings

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion freepbx dns
      16
      0 Votes
      16 Posts
      3k Views
      JaredBuschJ

      @fuznutz04 said in FreePBX and DNS settings:

      @scottalanmiller said in FreePBX and DNS settings:

      @fuznutz04 said in FreePBX and DNS settings:

      @Scott says not to set it. You say to set it to 127.0.0.1 and the Vultr DNS.

      No, Scott says he doesn't use it, not that you shouldn't. Not the same thing 😉

      But doesn't this just write it to the /etc/resolve file anyway? I could set DNS statically via the file, but I'm still unclear what the best practice is for FreePBX in regards to DNS.

      To not fuck with it unless you have a reason to.

      FreePBX is an appliance. A software appliance, but an appliance. You don’t fuck with it under the hood unless you have a good reason to do so.

    • M

      [Solved] All computers cannot access 1 specific site

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion website network dns
      14
      0 Votes
      14 Posts
      1k Views
      M

      @scottalanmiller said in [Solved] All computers cannot access 1 specific site:

      @manxam Well that worked out then 🙂

      I did. We're not ones for forcing tech on clients but there's a limit to client risks that we're willing to live with.
      This particular client deals with a LOT of sensitive data and it always bothered me that they had a known vulnerable router in place that we had to admin with a 5 year old version of Firefox.

    • 1
    • 2
    • 3
    • 4
    • 5
    • 6
    • 2 / 6