home.social

#nameservers — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #nameservers, aggregated by home.social.

  1. Interesting, Netnod's (AS8674) 194.146.107.0/24 seems to be (also) a downstream of AS142502 which is "Bharat Public DNS" run by NIXI. bgp.he.net/super-lg/#194.146.1

    194.146.107.6 hosts n.de.net, one of the authoritative name servers for .de ccTLD.

    Bharat Public DNS by NIXI/Government of India runs recursive resolver on 1.10.10.10. Some details at blog.gauravkansal.in/2025/06/o

    #nameservers #dns #india

  2. I run my own #nameservers or #DNS if you will, and have done so for over 25 years. Initially based on #BIND (aka named) but I later moved to #PowerDNS, There are numerous frontends of varying quality available for PowerDNS. I have opinions on those, but this isn't about them.

    For the secondary name servers (in the old and less enlightened days known as slaves) I've always run the same software as the primary. First BIND, then PowerDNS. Recently though, I've been testing out what appears to be a much simpler alternative: #NSD by #Amsterdam based NLnet Labs.

    Using #CatalogZones - a new concept to me - I'm able to run secondaries with TSIG notifies and zone transfers as well as fully supported primary signed DNSSEC with a configuration of only 40 lines. No updates needed when adding or removing zones.

    For this to work well though, some configuration is required for each zone on the primary. With a little trigger and function magic, this can be automized by the database.

    Wheee!

  3. I run my own #nameservers or #DNS if you will, and have done so for over 25 years. Initially based on #BIND (aka named) but I later moved to #PowerDNS, There are numerous frontends of varying quality available for PowerDNS. I have opinions on those, but this isn't about them.

    For the secondary name servers (in the old and less enlightened days known as slaves) I've always run the same software as the primary. First BIND, then PowerDNS. Recently though, I've been testing out what appears to be a much simpler alternative: #NSD by #Amsterdam based NLnet Labs.

    Using #CatalogZones - a new concept to me - I'm able to run secondaries with TSIG notifies and zone transfers as well as fully supported primary signed DNSSEC with a configuration of only 40 lines. No updates needed when adding or removing zones.

    For this to work well though, some configuration is required for each zone on the primary. With a little trigger and function magic, this can be automized by the database.

    Wheee!

  4. I run my own #nameservers or #DNS if you will, and have done so for over 25 years. Initially based on #BIND (aka named) but I later moved to #PowerDNS, There are numerous frontends of varying quality available for PowerDNS. I have opinions on those, but this isn't about them.

    For the secondary name servers (in the old and less enlightened days known as slaves) I've always run the same software as the primary. First BIND, then PowerDNS. Recently though, I've been testing out what appears to be a much simpler alternative: #NSD by #Amsterdam based NLnet Labs.

    Using #CatalogZones - a new concept to me - I'm able to run secondaries with TSIG notifies and zone transfers as well as fully supported primary signed DNSSEC with a configuration of only 40 lines. No updates needed when adding or removing zones.

    For this to work well though, some configuration is required for each zone on the primary. With a little trigger and function magic, this can be automized by the database.

    Wheee!

  5. I run my own #nameservers or #DNS if you will, and have done so for over 25 years. Initially based on #BIND (aka named) but I later moved to #PowerDNS, There are numerous frontends of varying quality available for PowerDNS. I have opinions on those, but this isn't about them.

    For the secondary name servers (in the old and less enlightened days known as slaves) I've always run the same software as the primary. First BIND, then PowerDNS. Recently though, I've been testing out what appears to be a much simpler alternative: #NSD by #Amsterdam based NLnet Labs.

    Using #CatalogZones - a new concept to me - I'm able to run secondaries with TSIG notifies and zone transfers as well as fully supported primary signed DNSSEC with a configuration of only 40 lines. No updates needed when adding or removing zones.

    For this to work well though, some configuration is required for each zone on the primary. With a little trigger and function magic, this can be automized by the database.

    Wheee!

  6. I run my own #nameservers or #DNS if you will, and have done so for over 25 years. Initially based on #BIND (aka named) but I later moved to #PowerDNS, There are numerous frontends of varying quality available for PowerDNS. I have opinions on those, but this isn't about them.

    For the secondary name servers (in the old and less enlightened days known as slaves) I've always run the same software as the primary. First BIND, then PowerDNS. Recently though, I've been testing out what appears to be a much simpler alternative: #NSD by #Amsterdam based NLnet Labs.

    Using #CatalogZones - a new concept to me - I'm able to run secondaries with TSIG notifies and zone transfers as well as fully supported primary signed DNSSEC with a configuration of only 40 lines. No updates needed when adding or removing zones.

    For this to work well though, some configuration is required for each zone on the primary. With a little trigger and function magic, this can be automized by the database.

    Wheee!

  7. Fancy, the authoritative nameservers for the xyz. TLD are as follows:

    x.nic.xyz
    y.nic.xyz
    z.nic.xyz
    generationxyz.nic.xyz

    How fun. I never thought of the #TLD as being a pun to demographic cohorts.

    #DNS #ICANN #nameservers

  8. Just scraping the #IANA assigned TLDs and the corresponding documented #nameservers. What I don't get is, why so many companies apply for a #TLD. It's not particularly cheap to apply for one of those ngTLDs, yet compared to the company sizes, it's probably pennies. Is it a prestige investment? Is it a digital resource to grab, before someone else does it?

    Other than #Microsoft, #Google, and #AWS, I've rarely seen any ngTLD representing a corporation's name to actually be used in practice.

    Does anyone in the #infosec community share their view?

    #askfedi #askmasto #askinfosec #DNS

  9. Just scraping the #IANA assigned TLDs and the corresponding documented #nameservers. What I don't get is, why so many companies apply for a #TLD. It's not particularly cheap to apply for one of those ngTLDs, yet compared to the company sizes, it's probably pennies. Is it a prestige investment? Is it a digital resource to grab, before someone else does it?

    Other than #Microsoft, #Google, and #AWS, I've rarely seen any ngTLD representing a corporation's name to actually be used in practice.

    Does anyone in the #infosec community share their view?

    #askfedi #askmasto #askinfosec #DNS

  10. Just scraping the #IANA assigned TLDs and the corresponding documented #nameservers. What I don't get is, why so many companies apply for a #TLD. It's not particularly cheap to apply for one of those ngTLDs, yet compared to the company sizes, it's probably pennies. Is it a prestige investment? Is it a digital resource to grab, before someone else does it?

    Other than #Microsoft, #Google, and #AWS, I've rarely seen any ngTLD representing a corporation's name to actually be used in practice.

    Does anyone in the #infosec community share their view?

    #askfedi #askmasto #askinfosec #DNS

  11. Just scraping the #IANA assigned TLDs and the corresponding documented #nameservers. What I don't get is, why so many companies apply for a #TLD. It's not particularly cheap to apply for one of those ngTLDs, yet compared to the company sizes, it's probably pennies. Is it a prestige investment? Is it a digital resource to grab, before someone else does it?

    Other than #Microsoft, #Google, and #AWS, I've rarely seen any ngTLD representing a corporation's name to actually be used in practice.

    Does anyone in the #infosec community share their view?

    #askfedi #askmasto #askinfosec #DNS

  12. Just scraping the #IANA assigned TLDs and the corresponding documented #nameservers. What I don't get is, why so many companies apply for a #TLD. It's not particularly cheap to apply for one of those ngTLDs, yet compared to the company sizes, it's probably pennies. Is it a prestige investment? Is it a digital resource to grab, before someone else does it?

    Other than #Microsoft, #Google, and #AWS, I've rarely seen any ngTLD representing a corporation's name to actually be used in practice.

    Does anyone in the #infosec community share their view?

    #askfedi #askmasto #askinfosec #DNS

  13. bgp.tools being served via 13 authoritative name servers (via 3 different providers + in house NS):

    ```
    $ dig +short ns bgp.tools
    ns1.exoscale.ch.
    ns-721.awsdns-26.net.
    ns-1329.awsdns-38.org.
    ns4-35.azure-dns.info.
    ns3-35.azure-dns.org.
    ns1.exoscale.io.
    ns-302.awsdns-37.com.
    ns-1799.awsdns-32.co.uk.
    ns1.exoscale.net.
    ns1-35.azure-dns.com.
    ns2-35.azure-dns.net.
    ns1.exoscale.com.
    backup-ns.bgp.tools.
    ```

    #bgptools #nameservers #dns

  14. @zenire @bert_hubert

    Qua Europese (anycast) nameserver hosters:

    - cloudns.net/ (Bulgaarse partij levert o.a. aan overheid)
    - desec.io/ (innovatieve Duitse non-profit)
    - netnod.se/dns (Zweedse operator van een van de root name servers)
    - rcodezero.at (verbonden aan Oostenrijkse TLD operator)

    Zie verder nog: european-alternatives.eu/categ (@european_alternatives).

    #DNS #nameservers

  15. In January 2023, #Cloudflare replaced #Verisign in providing #DNS #registry services for the .gov #TLD. Besides the registry, they also run the authoritative #nameservers.

    Verisign ran it for 12 years, and cost the #US #government apparently just half as much as Cloudflare charges ($7.2M).

    Verisign loses prestive .gov contract to Cloudflare

  16. In January 2023, #Cloudflare replaced #Verisign in providing #DNS #registry services for the .gov #TLD. Besides the registry, they also run the authoritative #nameservers.

    Verisign ran it for 12 years, and cost the #US #government apparently just half as much as Cloudflare charges ($7.2M).

    Verisign loses prestive .gov contract to Cloudflare

  17. In January 2023, #Cloudflare replaced #Verisign in providing #DNS #registry services for the .gov #TLD. Besides the registry, they also run the authoritative #nameservers.

    Verisign ran it for 12 years, and cost the #US #government apparently just half as much as Cloudflare charges ($7.2M).

    Verisign loses prestive .gov contract to Cloudflare

  18. In January 2023, #Cloudflare replaced #Verisign in providing #DNS #registry services for the .gov #TLD. Besides the registry, they also run the authoritative #nameservers.

    Verisign ran it for 12 years, and cost the #US #government apparently just half as much as Cloudflare charges ($7.2M).

    Verisign loses prestive .gov contract to Cloudflare

  19. In January 2023, #Cloudflare replaced #Verisign in providing #DNS #registry services for the .gov #TLD. Besides the registry, they also run the authoritative #nameservers.

    Verisign ran it for 12 years, and cost the #US #government apparently just half as much as Cloudflare charges ($7.2M).

    Verisign loses prestive .gov contract to Cloudflare

  20. Recently made the transition to self hosting authoritative name servers. Wrote a bit of secondary options available for it and the experience itself blog.sahilister.in/2025/07/sec

    Didn't found the process too hard TBF, worth a try.

    #authoritative #nameservers #dns #domains

  21. Case of (broken) maharashtra.gov.in Authoritative Name Servers blog.sahilister.in/2025/06/cas

    TLDR they're broken on multiple levels. Sync broken, RFC 1918 address, each NS giving different response - there's too much going on.

    #dns #authoritative #nameservers #india

  22. Good enough amount of name servers :P
    ```
    $ dig ns sahil.rocks +short
    ns2.afraid.org.
    marvin.sahilister.net.
    ns1.1984.is.
    ns0.1984.is.
    ns3.jing.rocks.
    colin.sahilister.net.
    puck.nether.net.
    ns2.albony.in.
    ns-global.kjsl.com.
    ns4.he.net.
    ns5.he.net.
    ```

    #dns #authoritative #nameservers

  23. Observing .ic TLD against authoritative nameservers serving samsung.com. No information of them anywhere.

    $ dig ns samsung.com +short
    auth04.sam.ic.
    auth02.nhn.ic.
    auth01.nhn.ic.
    dns-gi2.samsung.com.
    auth02.sam.ic.
    dnssm.samsung.com.
    dns-awskr1.samsung.com.
    dnssm2.samsung.com.
    dnsst.samsung.com.
    dnsst2.samsung.com.
    auth03.nhn.ic.
    auth04.nhn.ic.
    auth01.sam.ic.
    auth03.sam.ic.
    dns-gi1.samsung.com.

    Maybe some internal thingy? Thoughts?

    #DNS #Authoritative #Nameservers

  24. How good (or a bad) idea is to run ones own authoritative nameservers?

    Any tips/tricks/suggestions or gotyas to remember?

    #dns #authoritative #nameservers

  25. Not combining #DNS and domain registration makes moving registrars a pretty pleasant experience: Throw in the #nameservers and #DNSSEC key and you're done.

    I really hate manually moving a bunch of records from one crappy zone editor to the another.

  26. I should've moved my #nameservers to #cloudflare sooner. The additional proxy setting is a nice feature to have.

  27. 🤬 Why does #Linux (or rather #glibc) have a limit on 3 (in words: three) #DNS #nameservers‽ 🤌

    I want to have two IPv4 and two #IPv6 DNS servers listed as #nameserver in my /etc/resolv.conf. That's four DNS servers.

    Should I throw dices which one I list last and hence will get ignored and never used? (Yeah, the probably best workaround is to use #anycast. Cracking a nut with a sledgehammer…)

  28. For some research, I am setting up some authoritative #nameservers. My server-software of choice is #KnotDNS. My domain is registered at Namecheap. Now, I am struggling with setting up the glue records for #ipv6. By any chance, is it not yet implemented?!

    Whenever, I add my IPv6 into the "IP" field, it asks to "provide a valid IP address".

    #dns

  29. For some research, I am setting up some authoritative #nameservers. My server-software of choice is #KnotDNS. My domain is registered at Namecheap. Now, I am struggling with setting up the glue records for #ipv6. By any chance, is it not yet implemented?!

    Whenever, I add my IPv6 into the "IP" field, it asks to "provide a valid IP address".

    #dns

  30. For some research, I am setting up some authoritative #nameservers. My server-software of choice is #KnotDNS. My domain is registered at Namecheap. Now, I am struggling with setting up the glue records for #ipv6. By any chance, is it not yet implemented?!

    Whenever, I add my IPv6 into the "IP" field, it asks to "provide a valid IP address".

    #dns

  31. For some research, I am setting up some authoritative #nameservers. My server-software of choice is #KnotDNS. My domain is registered at Namecheap. Now, I am struggling with setting up the glue records for #ipv6. By any chance, is it not yet implemented?!

    Whenever, I add my IPv6 into the "IP" field, it asks to "provide a valid IP address".

    #dns

  32. For some research, I am setting up some authoritative #nameservers. My server-software of choice is #KnotDNS. My domain is registered at Namecheap. Now, I am struggling with setting up the glue records for #ipv6. By any chance, is it not yet implemented?!

    Whenever, I add my IPv6 into the "IP" field, it asks to "provide a valid IP address".

    #dns

  33. After a lot of messing around, I found out that the problem was with my #DNS provider, despite changing the #NAMESERVERS, it was picking up the #CNAME for one of the subdomains from the original #DNS provider.

    I had to #delete the CNAME record from the original provider to make it work.

    I wonder why this happened.
  34. Well. The domain registrar I've used for years, gandi, has gone through a series of ownership changes and has drastically raised rates on #domains. Looking for a new home that is privacy-respecting.

    Several of them seem to not let you run your own nameservers anymore (ugh). #gandi offered to let them run the #nameservers, let me run the primary and they run the secondary, or run it all myself. I always had them as secondary and that worked quite well. Anyone else still do this? #askfedi

  35. The post on LinkedIn already announced two blog posts to expect in shortly. One of them covers #ddos on #authoritative #nameservers of #TLDs. I'll keep an eye on it, cause I am really curious what will be covered by that blog post

  36. If you find your #web pages are loading slowly, you may be using bad #DNS #nameservers. You can remedy that with a great freeware tool, #SteveGibson's #DNSBench.

    grc.com/dns/benchmark.htm

  37. If you find your #web pages are loading slowly, you may be using bad #DNS #nameservers. You can remedy that with a great freeware tool, #SteveGibson's #DNSBench.

    grc.com/dns/benchmark.htm

  38. Had some strange charges in GCP so had to deal with that. Also setting up a role to manage NS records for static website and thoughts on a Cloud Center of Excellence.
    ~~
    #gcp #cloud #security #aws #route53 #domains #nameservers #centerofexcellence
    ~~
    medium.com/cloud-security

  39. Though TBH it bugs me that we have to "business model paradigm for publishers, creates a way for users to own their experiences" about it... I suspect (not having yet looked at the codebase) that these addons are entirely a matter of worldview and perception; and that they don't *have* to be built into notions of unique name ownership.
    #NamingThings #Nameservers #Decentralization #DistributedTech