====== Domain Name System (DNS) ====== //See also: [[de:admin:windows:ad#dns|Active Directory#DNS]], [[de:admin:network:dnsmasq]]// ===== DNS Server implementations ===== * [[https://coredns.io/|CoreDNS]] – written in Go, [[https://cncf.io/|Cloud Native Computing Foundation]] graduated project. * [[https://bind9.net/|Bind9]] * DNSMasq – can also do [[.network:dhcp|DHCP]]. * [[https://docs.pi-hole.net/ftldns/|FTL DNS]] ("Faster Than Light DNS") – DNSMasq fork used by [[pi-hole|Pi-hole]] * [[https://www.knot-dns.cz/|Knot DNS]] – scalable DNS resolver * [[https://www.knot-resolver.cz/|Knot Resolver]] (''kresd'') ===== Fast public DNS servers ==== ^ IP ^ Name | | 9.9.9.9 | Quad9 | | 1.1.1.1 | Cloudflare | | 8.8.4.4 | Google Public DNS-2 | | 212.82.225.12 | Clara-2 DE | Find out with ''namebench''. ===== Resource Records ===== Format: '' [] [] '' ==== SRV ==== https://de.wikipedia.org/wiki/SRV_Resource_Record _service._proto.name. TTL class SRV priority weight port target. ===== Sender Policy Framework (SPF) ===== Send mail from MX and A entries, prohibit all others: example.com 28800 TXT 10 v=spf1 mx a -all Check with ''spfquery''. ==== Mail Autoconfig ==== https://tools.ietf.org/html/rfc6186 _submission._tcp SRV 0 1 587 smtp.example.com. _imap._tcp SRV 0 1 143 imap.example.com. ===== Test domains ===== [[http://tools.ietf.org/html/rfc2606|RFC-2606]] reserves 4 different TLDs for testing and documentation examples: * ''[[https://en.wikipedia.org/wiki/.test|.test]]'' * ''.example'' * ''.invalid'' * ''.localhost'' **DO NOT use ''.local''** for testing or local purposes! It's reserved for [[https://en.wikipedia.org/wiki/Multicast_DNS|mDNS]] – if you hand out .local DNS entries, you'll interfere with Avahi/Zeroconf hostname resolution. ===== Dynamic DNS ===== ==== Free providers ==== * [[https://www.noip.com/|no-ip.com]] ==== update DNS from DHCP ==== * [[https://oxcrag.net/2022/02/12/dns-ddns-and-dhcp-on-a-linux-router/#making-the-dhcp-server-update-dns|DNS, DDNS, and DHCP on a Linux router – Part 2 # Making the DHCP server update DNS]] (Mikael Hansson, oxcrag.net, 2022) * [[https://github.com/turris-cz/os-packages/blob/824eeb471acae68b5225c8d53e41add0dc9b4c4c/net/resolver-conf/files/dhcp_host_domain_ng.py#L171|Turris Omnia script DNSMasq → Kresd]] (for reference only, doesn't work without Turris' version of OpenWRT) ===== Split DNS ===== If you want to serve the same content both locally and from outside of your LAN, you can use Split DNS. A local DNS resolver responds to local clients with a LAN IP and the public DNS responds with a WAN IP. A similar thing can be done with hairpin [[.:network:nat|NAT]] on the network [[.:network:osi:|layer]], which routes traffic to the external IP back to the LAN. ===== Reverse DNS lookups (rDNS) ===== A regular lookup ("forward DNS") tells you the IP address for a given hostname. A reverse DNS lookup tells you the canonical DNS address for a given IP. This doesn't have to be populated for every IP and not all forward DNS entries also have a reverse entry. In most DNS servers this has to be set explicitly, to prevent leaking DNS names for IP addresses where this is not needed. [[.mail:start]] servers use this to find out if the mail hostname a system authenticates with is also the hostname which actually belongs to the system. Many mail systems discard incoming mail as spam when the reverse DNS entry doesn't point to the hostname they got mail from. rDNS entries have to be set by the provider of the IP, not the provider of the target domain. The reverse DNS database of the Internet is rooted in the .arpa top-level domain[(https://en.wikipedia.org/wiki/Reverse_DNS_lookup)]. ==== Linux ==== On Linux systems, you can use ''dig -x $IP'' to look up rDNS entries. ===== Troubleshooting ===== ==== flush DNS cache ==== try one of the following: resolvectl flush-caches nmcli general reload dns-full systemd-resolve --flush-caches systemctl restart nscd systemctl restart dnsmasq systemctl restart named service networking restart