Tom :damnified:<p>Während ich mir die Performancergebnisse zu meinem metalhead.club CDN angesehen habe, ist mir aufgefallen, dass die Namensauflösung einen beträchtlichen Teil der Ladezeit für internationale User ausgemacht hat. </p><p>Woran lag's? An CNAMES!</p><p>Wieso CNAMES problematisch sein können, erfahrt ihr in diesem zweiten Blogpost, den ich während meiner Arbeiten am CDN geschrieben habe: </p><p>"Globale DNS-Auflösung durch Verzicht auf CNAMES beschleunigen" - <br><a href="https://thomas-leister.de/globale-dns-aufloesung-beschleunigen-cname/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">thomas-leister.de/globale-dns-</span><span class="invisible">aufloesung-beschleunigen-cname/</span></a></p><p><a href="https://metalhead.club/tags/metalheadclub" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>metalheadclub</span></a> <a href="https://metalhead.club/tags/blog" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>blog</span></a> <a href="https://metalhead.club/tags/dns" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dns</span></a> <a href="https://metalhead.club/tags/cname" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cname</span></a> <a href="https://metalhead.club/tags/nameserver" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>nameserver</span></a> <a href="https://metalhead.club/tags/performance" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>performance</span></a> <a href="https://metalhead.club/tags/cdn" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cdn</span></a> <a href="https://metalhead.club/tags/mastoadmin" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>mastoadmin</span></a> <a href="https://metalhead.club/tags/mastodon" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>mastodon</span></a></p>
fosstodon.org is one of the many independent Mastodon servers you can use to participate in the fediverse.
Fosstodon is an invite only Mastodon instance that is open to those who are interested in technology; particularly free & open source software.
If you wish to join, contact us for an invite.
Administered by:
Server stats:
8.7Kactive users
fosstodon.org: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.3
#nameserver
0 posts · 0 participants · 0 posts today
Tom :damnified:<p>Sagt mal - kann das wirklich sein, dass es außer Cloudflare keinen globalen DNS-Nameserveranbieter gibt, der 100 % Ökostrom einsetzt? 🤔 </p><p>Es gibt zwar ein paar, die nur mit Ökostrom laufen, aber die sind dann mit ihren Nameservern nur regional aufgestellt. :( </p><p><a href="https://metalhead.club/tags/dns" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dns</span></a> <a href="https://metalhead.club/tags/nameserver" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>nameserver</span></a> <a href="https://metalhead.club/tags/cloudflare" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cloudflare</span></a> <a href="https://metalhead.club/tags/%C3%B6kostrom" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ökostrom</span></a></p>
Max Resing<p>As of today, <a href="https://infosec.exchange/tags/DNS4EU" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DNS4EU</span></a> is live. A project that started somewhat of 3 years ago. Now, it's public and live, promising secure and resilient service to <a href="https://infosec.exchange/tags/EU" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EU</span></a> citizens, strengthening the <a href="https://infosec.exchange/tags/European" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>European</span></a> <a href="https://infosec.exchange/tags/cyberresiliency" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cyberresiliency</span></a> .</p><p>More <a href="https://www.joindns4.eu/learn/dns4eu-public-service-launched" rel="nofollow noopener" target="_blank">here</a>.</p><p>I queried my own domain name out of interest. The EU protective resolver resolves in 340 ms, whereas <a href="https://infosec.exchange/tags/Cloudflare" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cloudflare</span></a> and <a href="https://infosec.exchange/tags/Quad9" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Quad9</span></a> both resolve within 50 ms.</p><p>The unfiltered resolution however resolves within 50 ms as well, revealing that the filtering introduces a slight performance penalty.</p><p><a href="https://infosec.exchange/tags/DNS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DNS</span></a> <a href="https://infosec.exchange/tags/Nameserver" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Nameserver</span></a></p>
Rainer "friendica" Sokollhabe heute nachmittag in meinen autoritativen <a href="https://friendica.sokoll.com/search?tag=Nameserver" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Nameserver</span></a> (<a href="https://friendica.sokoll.com/search?tag=bind%29" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bind)</span></a> eingefügt:<br> <pre><code>rate-limit {
responses-per-second 5;
window 5;
slip 0;
exempt-clients {
alle_meine_freunde;
};
log-only no;
};
logging {
channel rate-limit_file {
file "/var/log/rate-limit.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
category rate-limit { rate-limit_file; };
};</code></pre><br>Meine Fresse, was da abgeht!<br>(in Wirklichkeit steht da natürlich noch viel mehr)
1977er<p>Wie dumm ist eigentlich die Idee, einen der secondary authoritative <a href="https://23.social/tags/nameserver" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>nameserver</span></a> für eine Domain nur per <a href="https://23.social/tags/ipv6" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ipv6</span></a> erreichbar zu haben?</p>
L⌐ "SpätzleGrab™",8,1<p>Kann es sein, dass die <a href="https://mastodon.bayern/tags/telekom" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>telekom</span></a> <a href="https://mastodon.bayern/tags/nameserver" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>nameserver</span></a> <a href="https://mastodon.bayern/tags/dns" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dns</span></a> die <a href="https://mastodon.bayern/tags/TTL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TTL</span></a> nicht unbedingt befolgen?</p><p>Ich habe (<a href="https://mastodon.bayern/tags/AusGruenden" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AusGruenden</span></a>) hier einen RR auf 60 Sekunden gesetzt und irgendwie hat's jetzt (ziemlich genau?!) eine Stunde gedauert, bis die Updates an den LTE-VPN-Knoten durch waren...</p>
christian mock<p>What would one use for an internal, authoritative nameserver these days on Debian? Shall I go with good old Bind as I have been for decades or is there something better?</p><p>(Just a handful of zones, definitely keeping text-based zone files, tooling for automatically generating reverse zones could be nice...)</p><p>:BoostOK: </p><p><a href="https://chaos.social/tags/debian" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>debian</span></a> <a href="https://chaos.social/tags/nameserver" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>nameserver</span></a></p>
Hopbox by Unmukti<p>Managing authoritative and recursive name servers (i.e. DNS servers) at hopbox, has shown us a bunch of quirks and insights of domain name system. Read more at <a href="https://blog.hopbox.net/sahil/dns-chronicles-part-1" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blog.hopbox.net/sahil/dns-chro</span><span class="invisible">nicles-part-1</span></a></p><p><a href="https://mastodon.hopbox.net/tags/DNS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DNS</span></a> <a href="https://mastodon.hopbox.net/tags/nameserver" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>nameserver</span></a></p>
Gustavino Bevilacqua<p><span class="h-card" translate="no"><a href="https://kolektiva.social/@jones_" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>jones_</span></a></span> </p><p>In officina in /etc/resolv.conf al momento c'è </p><p><a href="https://puntarella.party/tags/nameserver" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>nameserver</span></a> 8.8.8.8<br><a href="https://puntarella.party/tags/OpenDNS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenDNS</span></a><br># 208.67.222.222<br># 45.90.28.0<br><a href="https://puntarella.party/tags/OpenNIC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenNIC</span></a><br># 185.121.177.177<br>nameserver 169.239.202.202</p><p>e non va.</p>
🧿🪬🍄🌈🎮💻🚲🥓🎃💀🏴🛻🇺🇸<p><a href="https://mastodon.social/tags/Fleek" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Fleek</span></a> is leveraging <a href="https://mastodon.social/tags/TEEs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TEEs</span></a>, specifically <a href="https://mastodon.social/tags/IntelSGX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IntelSGX</span></a>, to create a secure, <a href="https://mastodon.social/tags/decentralized" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>decentralized</span></a> <a href="https://mastodon.social/tags/DNS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DNS</span></a> <a href="https://mastodon.social/tags/nameServer" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>nameServer</span></a>. This protects DNS data and keeps private keys secure by executing sensitive processes inside a secure enclave.</p><p>Centralized name servers can lie or be compromised. DNSSEC helps somewhat but is limited. Fleek’s approach aims to address this by ensuring only the <a href="https://mastodon.social/tags/domain" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>domain</span></a> owner (a private key holder or smart contract) can update DNS records!</p><p><a href="https://fleek.xyz/blog/announcements/decentralized-trustless-frontend-hosting-fleek/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">fleek.xyz/blog/announcements/d</span><span class="invisible">ecentralized-trustless-frontend-hosting-fleek/</span></a></p><p><a href="https://mastodon.social/tags/fleekxyz" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fleekxyz</span></a> <a href="https://mastodon.social/tags/web3" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>web3</span></a></p>
LinuxNews.de<p>Der "Ihr seid down"-Post. Jeder der uns mitteilen möchte, dass wir down sind kann das als Antwort unter diesem Post gerne tun 😂</p><p>Edit: unter allen Einsendungen verlosen wir eine Lastschift vom privaten Konto, die uns einen Monat einen DNS-Admin sponsert 😇 </p><p><a href="https://social.anoxinon.de/tags/down" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>down</span></a> <a href="https://social.anoxinon.de/tags/downtime" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>downtime</span></a> <a href="https://social.anoxinon.de/tags/dns" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dns</span></a> <a href="https://social.anoxinon.de/tags/nameserver" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>nameserver</span></a> <a href="https://social.anoxinon.de/tags/ichhassedns" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ichhassedns</span></a></p>
Max Resing<p><a href="https://infosec.exchange/tags/Cloudflare" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cloudflare</span></a> announced a <a href="https://infosec.exchange/tags/DNSSEC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DNSSEC</span></a> key transition from algorithm 8 to algorithm 13 for the <code>gov.</code> <a href="https://infosec.exchange/tags/TLD" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TLD</span></a> for which they host the authoritative <a href="https://infosec.exchange/tags/nameserver" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>nameserver</span></a>. Although, currently not aware of the details of the <code>gov.</code> domain abuse, I saw that queries on <code>gov.</code> are an often abused query for <a href="https://infosec.exchange/tags/DNS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DNS</span></a> reflection/amplification <a href="https://infosec.exchange/tags/DDoS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DDoS</span></a> attacks.</p><p>The smaller footprint of algorithm 13 - an elliptic curve algorithm - hopefully has a positive impact on that.</p>
adb<p><span class="h-card" translate="no"><a href="https://mastodon.social/@cks" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>cks</span></a></span> I can neither confirm nor deny that a particular <a href="https://infosec.exchange/tags/DNS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DNS</span></a> <a href="https://infosec.exchange/tags/nameserver" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>nameserver</span></a> that shouldn't have been getting so many queries that shouldn't have been asked oneday found itself with a root zone that might have said "* IN A 127.0.0.1" but at least some of the clients stopped asking.</p>
Axel ⌨🐧🐪🚴😷 | R.I.P Natenom<p>🤬 Why does <a href="https://chaos.social/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a> (or rather <a href="https://chaos.social/tags/glibc" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>glibc</span></a>) have a limit on 3 (in words: three) <a href="https://chaos.social/tags/DNS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DNS</span></a> <a href="https://chaos.social/tags/nameservers" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>nameservers</span></a>‽ 🤌</p><p>I want to have two IPv4 and two <a href="https://chaos.social/tags/IPv6" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IPv6</span></a> DNS servers listed as <a href="https://chaos.social/tags/nameserver" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>nameserver</span></a> in my /etc/resolv.conf. That's four DNS servers.</p><p>Should I throw dices which one I list last and hence will get ignored and never used? (Yeah, the probably best workaround is to use <a href="https://chaos.social/tags/anycast" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>anycast</span></a>. Cracking a nut with a sledgehammer…)</p>
Daniel Wenzlik<p>Ich brauche mal Hilfe von <a href="https://selfhostedsocial.com/tags/Netzwerkern" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Netzwerkern</span></a> :</p><p>Ich nutze derzeit eine <a href="https://selfhostedsocial.com/tags/Fritzbox" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Fritzbox</span></a> als Router mit dahinterhängendem Asus-Router fürs eigentliche <a href="https://selfhostedsocial.com/tags/Netzwerk" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Netzwerk</span></a>. An der Fritzbox hängt ein <a href="https://selfhostedsocial.com/tags/Pihole" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Pihole</span></a> und die Fritzbox nutzt diesen auch als <a href="https://selfhostedsocial.com/tags/Nameserver" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Nameserver</span></a></p><p>Muss ich zwigend den Asus-Router auf den Pihole Nameserver stellen oder ist es auch "sauber" wenn ich die Fritzbox als Nameserver drin lasse? Die Fritzbox nutzt ja eh den Pihole als <a href="https://selfhostedsocial.com/tags/Nameserver" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Nameserver</span></a></p>
Kromonos 🇩🇪 :pleroma:<p>So, die ersten meiner <a class="hashtag" href="https://social.mooneyed.de/tag/domain" rel="nofollow noopener" target="_blank">#Domain</a>s sind wieder auf einen eigenen <a class="hashtag" href="https://social.mooneyed.de/tag/nameserver" rel="nofollow noopener" target="_blank">#Nameserver</a> gezogen. Dieses rum gemurkse mit <a class="hashtag" href="https://social.mooneyed.de/tag/dnssec" rel="nofollow noopener" target="_blank">#DNSSEC</a> war echt nervig. Einzig zum Funktionieren gebracht hab ich es, indem ich zuerst DNSSEC deaktiviert hatte, ein bis zwei Tage gewartet habe, dann die Domain umgezogen habe und nach einem Tag wieder DNSSEC eingerichtet.</p>
Drew<p>Has anyone ever seen it actually take 48 hours for a name server change to propagate? We changed our name servers yesterday morning and once we changed it, our site was no longer accessible and has been down ever since. Pinging the domain (pbjcal.org), says "Cannot resolve pbjcal.org: unknown host". Our domain name registrar support people say it takes 24-48 hrs and we just have to wait but I'm just worried that something else is wrong because I've never seen it actually take that long.<br><a href="https://tech.lgbt/tags/dns" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dns</span></a> <a href="https://tech.lgbt/tags/nameserver" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>nameserver</span></a></p>
GrapheneOS<p>We host our own authoritative DNS servers rather than using a managed service. When you connect to <a href="https://grapheneos.org/" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="">grapheneos.org/</span><span class="invisible"></span></a>, your DNS resolver service obtains an IP from our own DNS servers. We route traffic to the closest server via GeoDNS and have automatic failover on downtime.</p><p><a href="https://grapheneos.social/tags/grapheneos" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>grapheneos</span></a> <a href="https://grapheneos.social/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>privacy</span></a> <a href="https://grapheneos.social/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://grapheneos.social/tags/dns" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dns</span></a> <a href="https://grapheneos.social/tags/nameserver" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>nameserver</span></a> <a href="https://grapheneos.social/tags/anycast" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>anycast</span></a> <a href="https://grapheneos.social/tags/geodns" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>geodns</span></a> <a href="https://grapheneos.social/tags/failover" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>failover</span></a> <a href="https://grapheneos.social/tags/powerdns" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>powerdns</span></a> <a href="https://grapheneos.social/tags/ovh" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ovh</span></a> <a href="https://grapheneos.social/tags/buyvm" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>buyvm</span></a></p>
ThomasWenn ich mit meinem Handy auf deviceinfo.me gehe, dann steht dort mein <a href="https://anonsys.net/search?tag=ISP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ISP</span></a> und auch der <a href="https://anonsys.net/search?tag=Nameserver" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Nameserver</span></a>. Ich surfe mit <a href="https://anonsys.net/search?tag=Mull" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Mull</span></a> und blockiere mittels <a href="https://anonsys.net/search?tag=UBlock" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>UBlock</span></a> <a href="https://anonsys.net/search?tag=JavaScript" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>JavaScript</span></a>. Habe außerdem <a href="https://anonsys.net/search?tag=DNSForge" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DNSForge</span></a> eingesetzt. Bringt alles nichts. Was kann da noch eingestellt werden?
Trusty<p>What's new at DNSimple? We've improved domain management APIs & redundancy, added Okta SSO & new name server sets, and now have 500+ TLDs for you to choose from — read more 👉 <a href="https://blog.dnsimple.com/2023/04/feature-roundup/" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blog.dnsimple.com/2023/04/feat</span><span class="invisible">ure-roundup/</span></a><br><a href="https://dnsimple.social/tags/api" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>api</span></a> <a href="https://dnsimple.social/tags/nameserver" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>nameserver</span></a> <a href="https://dnsimple.social/tags/okta" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>okta</span></a> <a href="https://dnsimple.social/tags/tlds" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tlds</span></a></p>
TrendingLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
LoginDrag & drop to upload