Table of Contents

Domain Name System (DNS)

See also: Active Directory#DNS, dnsmasq

DNS Server implementations

Fast public DNS servers

IP Name
9.9.9.9 Quad9
1.1.1.1 Cloudflare
8.8.4.4 Google Public DNS-2
212.82.225.12 Clara-2 DE

Find out with namebench.

Resource Records

Format: <name> [<ttl>] [<class>] <type> <rdata>

SRV

https://de.wikipedia.org/wiki/SRV_Resource_Record

_service._proto.name. TTL class SRV priority weight port target.

Sender Policy Framework (SPF)

Send mail from MX and A entries, prohibit all others:

example.com 28800 TXT 10 v=spf1 mx a -all

Check with spfquery.

Mail Autoconfig

https://tools.ietf.org/html/rfc6186

_submission._tcp     SRV 0 1 587 smtp.example.com.
_imap._tcp    SRV 0 1 143 imap.example.com.

Test domains

RFC-2606 reserves 4 different TLDs for testing and documentation examples:

DO NOT use .local for testing or local purposes! It's reserved for mDNS – if you hand out .local DNS entries, you'll interfere with Avahi/Zeroconf hostname resolution.

Dynamic DNS

Free providers

update DNS from DHCP

Split DNS

If you want to serve the same content both locally and from outside of your LAN, you can use Split DNS. A local DNS resolver responds to local clients with a LAN IP and the public DNS responds with a WAN IP. A similar thing can be done with hairpin NAT on the network layer, which routes traffic to the external IP back to the LAN.

Reverse DNS lookups (rDNS)

A regular lookup ("forward DNS") tells you the IP address for a given hostname. A reverse DNS lookup tells you the canonical DNS address for a given IP. This doesn't have to be populated for every IP and not all forward DNS entries also have a reverse entry.

In most DNS servers this has to be set explicitly, to prevent leaking DNS names for IP addresses where this is not needed.

.mail servers use this to find out if the mail hostname a system authenticates with is also the hostname which actually belongs to the system. Many mail systems discard incoming mail as spam when the reverse DNS entry doesn't point to the hostname they got mail from.

rDNS entries have to be set by the provider of the IP, not the provider of the target domain. The reverse DNS database of the Internet is rooted in the .arpa top-level domain1.

Linux

On Linux systems, you can use dig -x $IP to look up rDNS entries.

Troubleshooting

flush DNS cache

try one of the following:

resolvectl flush-caches
nmcli general reload dns-full
systemd-resolve --flush-caches
systemctl restart nscd
systemctl restart dnsmasq
systemctl restart named
service networking restart