#nameservers — Public Fediverse posts

I run my own #nameservers or #DNS if you will, and have done so for over 25 years. Initially based on #BIND (aka named) but I later moved to #PowerDNS, There are numerous frontends of varying quality available for PowerDNS. I have opinions on those, but this isn't about them.

For the secondary name servers (in the old and less enlightened days known as slaves) I've always run the same software as the primary. First BIND, then PowerDNS. Recently though, I've been testing out what appears to be a much simpler alternative: #NSD by #Amsterdam based NLnet Labs.

Using #CatalogZones - a new concept to me - I'm able to run secondaries with TSIG notifies and zone transfers as well as fully supported primary signed DNSSEC with a configuration of only 40 lines. No updates needed when adding or removing zones.

For this to work well though, some configuration is required for each zone on the primary. With a little trigger and function magic, this can be automized by the database.

Wheee!

Fancy, the authoritative nameservers for the xyz. TLD are as follows:

x.nic.xyz
y.nic.xyz
z.nic.xyz
generationxyz.nic.xyz

How fun. I never thought of the #TLD as being a pun to demographic cohorts.

#DNS #ICANN #nameservers

Just scraping the #IANA assigned TLDs and the corresponding documented #nameservers. What I don't get is, why so many companies apply for a #TLD. It's not particularly cheap to apply for one of those ngTLDs, yet compared to the company sizes, it's probably pennies. Is it a prestige investment? Is it a digital resource to grab, before someone else does it?

Other than #Microsoft, #Google, and #AWS, I've rarely seen any ngTLD representing a corporation's name to actually be used in practice.

Does anyone in the #infosec community share their view?

#askfedi #askmasto #askinfosec #DNS

bgp.tools being served via 13 authoritative name servers (via 3 different providers + in house NS):

```
$ dig +short ns bgp.tools
ns1.exoscale.ch.
ns-721.awsdns-26.net.
ns-1329.awsdns-38.org.
ns4-35.azure-dns.info.
ns3-35.azure-dns.org.
ns1.exoscale.io.
ns-302.awsdns-37.com.
ns-1799.awsdns-32.co.uk.
ns1.exoscale.net.
ns1-35.azure-dns.com.
ns2-35.azure-dns.net.
ns1.exoscale.com.
backup-ns.bgp.tools.
```

#bgptools #nameservers #dns

Recently made the transition to self hosting authoritative name servers. Wrote a bit of secondary options available for it and the experience itself https://blog.sahilister.in/2025/07/secondary-authoritative-name-server-options-for-self-hosted-domains/

Didn't found the process too hard TBF, worth a try.

#authoritative #nameservers #dns #domains

Case of (broken) maharashtra.gov.in Authoritative Name Servers https://blog.sahilister.in/2025/06/case-of-broken-maharashtra.gov.in-authoritative-name-servers/

TLDR they're broken on multiple levels. Sync broken, RFC 1918 address, each NS giving different response - there's too much going on.

#dns #authoritative #nameservers #india

Good enough amount of name servers :P
```
$ dig ns sahil.rocks +short
ns2.afraid.org.
marvin.sahilister.net.
ns1.1984.is.
ns0.1984.is.
ns3.jing.rocks.
colin.sahilister.net.
puck.nether.net.
ns2.albony.in.
ns-global.kjsl.com.
ns4.he.net.
ns5.he.net.
```

#dns #authoritative #nameservers

I found the case of .UA ccTLD secondaries interesting so did a deep dive on it https://blog.sahilister.in/2025/06/a-look-at-.ua-cctld-authoritative-name-servers/

#dns #ua #cctld #internet #nameservers

Observing .ic TLD against authoritative nameservers serving samsung.com. No information of them anywhere.

$ dig ns samsung.com +short
auth04.sam.ic.
auth02.nhn.ic.
auth01.nhn.ic.
dns-gi2.samsung.com.
auth02.sam.ic.
dnssm.samsung.com.
dns-awskr1.samsung.com.
dnssm2.samsung.com.
dnsst.samsung.com.
dnsst2.samsung.com.
auth03.nhn.ic.
auth04.nhn.ic.
auth01.sam.ic.
auth03.sam.ic.
dns-gi1.samsung.com.

Maybe some internal thingy? Thoughts?

#DNS #Authoritative #Nameservers

How good (or a bad) idea is to run ones own authoritative nameservers?

Any tips/tricks/suggestions or gotyas to remember?

#dns #authoritative #nameservers

For some research, I am setting up some authoritative #nameservers. My server-software of choice is #KnotDNS. My domain is registered at Namecheap. Now, I am struggling with setting up the glue records for #ipv6. By any chance, is it not yet implemented?!

Whenever, I add my IPv6 into the "IP" field, it asks to "provide a valid IP address".

#dns

Meet Ika & Sal: The Bulletproof Hosting Duo from Hell https://krebsonsecurity.com/2024/01/meet-ika-sal-the-bulletproof-hosting-duo-from-hell/ #AlexanderValerievichGrichishkin #duanesburgcentralschooldistrict #ConstellaIntelligence #grichishkin@gmail.com #tech@safe-mail.net #ad1@safe-mail.net #icamis@4host.info #ALittleSunshine #AndreySkvortsov #nameservers.ru #Breadcrumbs #Cherepovets #JabberZeuS #rescator #Salomon #Spamdot #Icami$ #Icamis #Spamit #Ika #Sal

The post on LinkedIn already announced two blog posts to expect in shortly. One of them covers #ddos on #authoritative #nameservers of #TLDs. I'll keep an eye on it, cause I am really curious what will be covered by that blog post