home.social

#itsalwaysdns — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #itsalwaysdns, aggregated by home.social.

  1. Heute war #DENIC an der Reihe, uns daran zu erinnern, was passiert, wenn auch nur ein Baustein unserer modernen, vernetzten Welt ausfällt.

    #DigitaleResilienz #Resilienz #KRITIS #ItsAlwaysDNS

  2. Heute war #DENIC an der Reihe, uns daran zu erinnern, was passiert, wenn auch nur ein Baustein unserer modernen, vernetzten Welt ausfällt.

    #DigitaleResilienz #Resilienz #KRITIS #ItsAlwaysDNS

  3. Heute war #DENIC an der Reihe, uns daran zu erinnern, was passiert, wenn auch nur ein Baustein unserer modernen, vernetzten Welt ausfällt.

    #DigitaleResilienz #Resilienz #KRITIS #ItsAlwaysDNS

  4. Heute war #DENIC an der Reihe, uns daran zu erinnern, was passiert, wenn auch nur ein Baustein unserer modernen, vernetzten Welt ausfällt.

    #DigitaleResilienz #Resilienz #KRITIS #ItsAlwaysDNS

  5. Heute war #DENIC an der Reihe, uns daran zu erinnern, was passiert, wenn auch nur ein Baustein unserer modernen, vernetzten Welt ausfällt.

    #DigitaleResilienz #Resilienz #KRITIS #ItsAlwaysDNS

  6. Kommste nach'm Plenum nach Hause und musst dich erstmal erklären, warum denn das Internet nicht geht, warum und was man denn da wieder unbedingt selber machen muss, auf dem Handy geht es aber doch!!1
    #itsalwaysDNS

  7. Ah, the first details emerge. TL;DR: Denic experts are looking for the root cause.

    "Frankfurt am Main, 5 May 2026 - DENIC eG is currently experiencing a disruption in its DNS service for .de domains. As a result, all DNSSEC-signed .de domains are currently affected in their reachability."

    #ItsAlwaysDNS

  8. UPDATE: Seems to be fixed, all back to normal.

    Oops. Seems that #Denic has b0rked DNSSEC for the .de TLD. They list an ongoing issue but no details are (yet) available. status.denic.de

    UPDATE: Now upgraded to a service disruption, still no details.

    #ItsAlwaysDNS

  9. CW: Rant - Denic / .de Domain registry outage

    GG. The .de Domain registry (Denic) just landed the biggest "win" of the Year:

    They successfully taken offline the ENTIRE .de Zone, just because someone was to stupid to get the DNSSEC key right. Or how I like to call it: someone ha so small pp energey they just NEEDED to fuck up something big again to feel more important than they are....

    #dns #itsalwaysdns #dnssec #fuckdns #denic #outage #aibrowsareatitagain #justletcloudehandlealldnsanditwillbefine

    -.-

  10. context the root servers for .de have currently issues with DNSSEC

    #ItsAlwaysDNS

  11. Was debugging on and off for literally days why collabora wasn’t working on one Nextcloud and of course just now it struck me: it was #DNS

    #itsalwaysdns #selfhosting

  12. Oh. Huh. Imagine that….

    The .org root DNSSEC is gerbusterficated or in transition or something.

    #Sysadminnery #DNSSEC #ItsAlwaysDNS

  13. dnsviz is being cranky for me. Everyone else stop using it for the day, OK?

    #Sysadminnery #DNSSEC #ItsAlwaysDNS

  14. So I've just set up a new domain for a client to receive emails and forward them on using various rules, and sent a test email to make sure it's working.

    Test email did not arrive.

    So I dive into email server logs, double check SPF and DMARC settings, examine the forwarding and other configs.

    5 minutes later I realise I've utterly forgotten to add an MX record in DNS for the domain 🤦🏻‍♂️

    #itsAlwaysDNS

  15. When setting up a new DNS server at home, don’t forget the `systemctl enable named` to avoid a barrage of error messages and notifications after you reboot the machine running said new DNS server :)

    #ItsAlwaysDNS #Selfhost #NeedMoreCoffee @homelab

  16. After setting up DNS over HTTPS, got curious how DNS leak test tools, which discover your DNS resolver, such as Browser Leaks, work :blobcatthinking:

    Turns out, it's quite clever setup: while you are visiting browserleaks.com website, in the background it queries a number of hostnames generated especially for you, such as 9d0pafrc5tnu.dns4.browserleaks.net, 0zfannouveb4.dns4.browserleaks.org and so on.

    Because the website generates those hostnames specifically for your session, it is able to associate your external IP to the hostnames you attempt to resolve.

    Now because site operators controls authoritative name servers behind those generated hostnames - specifically ns2.browserleaks.net and ns1.browserleaks.net (also with .org), from logs they can check what exact DNS resolver asked for those unique hostnames.

    Simply matching a resolver DNS that attempted to resolve those unique hostnames is enough to link it to your visit of a website session - it is often going to be the resolver of your internet service or virtual private network provider, unless you've explicitly changed your resolver to something else. Still, easily visible to authoritative DNS server.

    Voila! No magic, just simple, nice setup :blobcatcheer:

    Just think of how many fingerprinting schemes can big techs carry out to track you across the internet with vast compute resources available to them... :blobcatheadinitshands:

    #itsalwaysdns #dns #resolver #dnsleak #survelliance #tracking #privacy

  17. Setting up DNS over HTTPS (DoH) is so much more complicated than DNS over TLS (DoT) :blobcatthinking:

    Funny enough Mozilla Firefox :firefox: supports DoH and sets it up on application level, while Android :android: uses DoT on operating system level :blobcatnerd:

    #itsalwaysdns #dns #dot #doh #sysadmin #linuxadmin

  18. It's always DNS.
    I can not check in to my flight tomorrow because Lufthansa's DNS responds with NXDOMAIN due to denial of existance responses.

    #ItsAlwaysDNS

  19. Today in #ItsAlwaysDNS: FT identifies a network of Russian oil sanctions evasion fronts by their MX records

    ft.com/content/4310f010-2b3c-4

  20. My mailserver is very German. When your mailserver tries to send a message, it does a reverse lookup on the IP address. If that doesn't deliver a valid hostname, you're out. But we are not done yet. If it gets a valid hostname, it does an A (IPv4) or AAAA (IPv6&) lookup on that hostname. And if it doesn't deliver back the same IP address, you are still out. It is fascinating to observe how often that uncovers that even big names get their DNS wrong. Hello, Spamcop ;)

    #ItsAlwaysDNS #MailAdmin

  21. Did I silently drop the MX record for my mailserver? Somehow, yes.

    #itsAlwaysDNS

    #selfhosted #homelab

  22. I swear the Linux version of “it's always DNS” is “it's always SELinux” 🤦🏻‍♂️

    #itsalwaysdns #itsalwaysselinux #selinux

  23. #Note2Self: Always. Update. The. Version. Number. In. Bind. Zone. Files. After. Any. Change.

    (written after removing dozens of tmp-* files in /var/named that suddenly showed up, together with weird permission denied entries in the log files ;)

    #ItsAlwaysDNS #SelfHost #SysAdminLife

  24. So I was pretty enthusiastic about #DNS4EU at first.

    Then I've discovered it blocklisted some random pastebin. Well, it happens. I mean, pastebins frequently get into trouble because of people pasting random shit. So I've filed an unblock request. I've suddenly got a mail to confirm registration in some random company's system — I suspect it was related to DNS4EU, but no clear indication. I've ignored it.

    Then they've blocklisted my mail provider, for no apparent reason. It's still blocked. I've switched to the "unfiltered" version to be able to access my mail again.

    Today I've gotten a mail via my backup MX. My main MX is up. My educated guess is that sysadmins using DNS4EU now get my mail redirected to their "site blocked" server. Isn't that great?

    PS. Maybe if more people filed unblock requests for "poczta.ftdl.pl", it would help. It's a non-profit e-mail provider.

    #DNS #ItsAlwaysDNS

  25. It is really nice to see a level of transparency that is offered by Cloudflare after it cripples the internet. I find their writing style technical and pleasing.

    I didn't get the same feeling after AWS or Azure. This may be because of inherent bias or that I don't know where to find their direct RCA Blog like I do Cloudflare.

    #itsalwaysdns #cloudflare #azure #aws #internetoutage #itwasntdns #RCA #has htag

  26. It is really nice to see a level of transparency that is offered by Cloudflare after it cripples the internet. I find their writing style technical and pleasing.

    I didn't get the same feeling after AWS or Azure. This may be because of inherent bias or that I don't know where to find their direct RCA Blog like I do Cloudflare.

    #itsalwaysdns #cloudflare #azure #aws #internetoutage #itwasntdns #RCA #has htag

  27. It is really nice to see a level of transparency that is offered by Cloudflare after it cripples the internet. I find their writing style technical and pleasing.

    I didn't get the same feeling after AWS or Azure. This may be because of inherent bias or that I don't know where to find their direct RCA Blog like I do Cloudflare.

    #itsalwaysdns #cloudflare #azure #aws #internetoutage #itwasntdns #RCA #has htag

  28. It is really nice to see a level of transparency that is offered by Cloudflare after it cripples the internet. I find their writing style technical and pleasing.

    I didn't get the same feeling after AWS or Azure. This may be because of inherent bias or that I don't know where to find their direct RCA Blog like I do Cloudflare.

    #itsalwaysdns #cloudflare #azure #aws #internetoutage #itwasntdns #RCA #has htag

  29. It is really nice to see a level of transparency that is offered by Cloudflare after it cripples the internet. I find their writing style technical and pleasing.

    I didn't get the same feeling after AWS or Azure. This may be because of inherent bias or that I don't know where to find their direct RCA Blog like I do Cloudflare.

    htag

  30. (sigh) Migrated a site to another host, thought everything was working for a while, then started to see bizarre issues, old data, errors, etc. Can you guess my knuckleheaded screw-up?
    #itwasdns #itsalwaysdns

  31. (sigh) Migrated a site to another host, thought everything was working for a while, then started to see bizarre issues, old data, errors, etc. Can you guess my knuckleheaded screw-up?

  32. I have successfully not borked my clients DNS and will now slowly back away crossing my fingers …

    #it #dns #itsAlwaysDNS #livingDangerously

  33. I have successfully not borked my clients DNS and will now slowly back away crossing my fingers …

    #it #dns #itsAlwaysDNS #livingDangerously

  34. I have successfully not borked my clients DNS and will now slowly back away crossing my fingers …

    #it #dns #itsAlwaysDNS #livingDangerously