Hacker News with Generative AI: DNS

I ditched my Pi-hole but still block ads with NextDNS (mattsayar.com)
I love the idea behind the Pi-hole: block ads at the DNS layer so ads never even reach your devices. No ads, no trackers, and no worries about your extensions breaking! Works network-wide! Unfortunately, it caused me more grief than joy.

Advertising, DNS, Software

66 points by MattSayar 2 days ago | 69 comments

Decentralized Naming and Certificate Authority (handshake.org)
Handshake is a decentralized, permissionless naming protocol where every peer is validating and in charge of managing the root DNS naming zone with the goal of creating an alternative to existing Certificate Authorities and naming systems.

Decentralization, Blockchain, DNS, Certificate Authorities, Security

17 points by nkjoep 4 days ago | 1 comments

Hickory DNS Is Moving Toward Production Readiness (memorysafety.org)
The Domain Name System (DNS) is a foundational part of the Internet. It stores data associated with domain names, like web server addresses and mail server addresses. Almost all network connections are preceded by a DNS lookup. The most popular DNS server implementations are written in C, and as a result, they have been affected by a series of memory safety vulnerabilities. These vulnerabilities can put DNS infrastructure at risk, as well as any system that depends on DNS.

Security, DNS, Networking

19 points by ksec 7 days ago | 2 comments

Getaddrinfo sucks. everything else is much worse (gosu.se)
DNS is one of the critical building blocks of the internet and of the modern web. For the longest time the only way for Firefox to resolve a DNS domain was by using getaddrinfo. What's remarkable about this function is that it's implemented on Linux, Windows, MacOS - even Android. It has the same signature, and works in roughly the same way, even though the implementation in these operating systems doesn't share the same code base.

DNS, Networking, Operating Systems, Web Development

34 points by todsacerdoti 14 days ago | 10 comments

Invalid Niger Nameservers in the com zone (0xda.de)
A recent post by Krebs On Security about a mastercard mistake in their nameservers got me thinking. I recently got access to the .com zone file, I could just… grep for this common type of mistake.

Security, DNS, Networking

6 points by mtlynch 29 days ago | 0 comments

Mastercard DNS error went unnoticed for years (krebsonsecurity.com)
The payment card giant MasterCard just fixed a glaring error in its domain name server settings that could have allowed anyone to intercept or divert Internet traffic for the company by registering an unused domain name.

Cybersecurity, DNS, Mastercard, Security Flaws

1007 points by todsacerdoti 30 days ago | 249 comments

Preventing conflicts in authoritative DNS config using formal verification (cloudflare.com)
Over the last year, Cloudflare has begun formally verifying the correctness of our internal DNS addressing behavior — the logic that determines which IP address a DNS query receives when it hits our authoritative nameserver.

DNS, Formal Verification, Security, Networking, Cloud Computing

64 points by rscho 45 days ago | 3 comments

DNS Nameservers (potaroo.net)
It's common folklore in the Domain Name System that a delegated domain name must be served by 2 or more nameservers.

DNS, Internet

26 points by belter 58 days ago | 5 comments

Breaking down OpenAI's outage: a hidden DNS dependency in Kubernetes (render.com)
OpenAI recently experienced an hours-long, platform-wide outage after a newly-deployed telemetry service overloaded their Kubernetes (K8s) control planes.

OpenAI, Kubernetes, Cloud Computing, DNS, Software

21 points by skywardavocado 66 days ago | 3 comments

The secret life of DNS packets (2019) (stripe.com)

Networking, Security, Internet, DNS

95 points by ohjeez 71 days ago | 15 comments

French Piracy Blocking Order Goes Global, DNS Service Quad9 Vows to Fight (torrentfreak.com)
In an ongoing escalation of its fight against online sports piracy, media giant Canal+ secured court orders compelling DNS providers Quad9 and Vercara to block access to pirate streaming sites in France. Quad9 says that it's determined to appeal what it sees as an absurd application of copyright law. For now, however, it will block the targeted domain names globally.

Copyright Law, Piracy, DNS, France, Internet

36 points by latexr 71 days ago | 22 comments

Reachability Analysis of DNS (arxiv.org)
The high complexity of DNS poses unique challenges for ensuring its security and reliability.

DNS, Security, Network Analysis

12 points by agnishom 72 days ago | 0 comments

Parsing Millions of DNS Records Per Second (github.com/NLnetLabs)
Fast and standards compliant DNS zone parser.

DNS, Networking, Performance, Software, Open Source

42 points by oco101 73 days ago | 1 comments

Who controls the Internet? A survey of authoritative DNS server diversity (netmeister.org)
Why yes, the internet is resting on a foundation of duct tape and WD40 - it is known. And the DNS is the mother of all corner stones that, if knocked out, would quickly lead to the fall of western civilization. (And yes, it is a hard requirement to use this XKCD cartoon to illustrate this.) But at least it's not quite as fragile as, say, whois, so yay!

Internet, DNS, Security, Technology, Infrastructure

4 points by fanf2 77 days ago | 0 comments

cli53 – Command line tool for Amazon Route 53 (github.com/barnybug)
cli53 provides import and export from BIND format and simple command line management of Route 53 domains.

DNS

53 points by indigodaddy 78 days ago | 5 comments

All of Google Offline? (ycombinator.com)
Noticed no domains were resolving. Turned out Google's DNS server (8.8.8.8) is down.

Internet, DNS, Google, Downtime, Network Issues

28 points by gadtfly 78 days ago | 22 comments

DNS records and a Cloudflare security violation (coryd.dev)
This site (was) hosted on Cloudflare Pages. In an effort to make scheduling more convenient for my mentee from Underdog Devs, I set up SavvyCal. Without giving it any thought, I added an easy to remember CNAME and pointed it at SavvyCal.

DNS, Security, Cloud Services

6 points by cdme 83 days ago | 0 comments

Bluesky seems to be caching the DNS TXT result indefinitely (github.com/bluesky-social)
I previously had an account with the handle @vagasprajr.com.br, but I deleted it. Now, I'm trying to use the same domain for a new account's custom handle, but Bluesky keeps using the old TXT record settings.

Social Media, DNS, Bluesky

6 points by ismaildonmez 90 days ago | 0 comments

Migrating billions of records: moving Cloudflare DNS database while it's in use (cloudflare.com)
According to a survey done by W3Techs, as of October 2024, Cloudflare is used as an authoritative DNS provider by 14.5% of all websites.

Cloud Computing, DNS, Database Management, Operations, Technology

5 points by programd 99 days ago | 0 comments

Another simple online DNS query tool (nstoolbox.com)
Lookup DNS records for any domain.

Tools, DNS, Networking

48 points by sckn 103 days ago | 16 comments

Upcoming changes to the DNSSEC root trust anchor (dns-oarc.net)
We are reaching out to inform you of important changes to the DNSSEC trust anchor in the root zone. If you manage a validating DNS resolver or a tool that interacts with the DNS root zone you might need to change your software to handle the changes. This letter provides a summary of the upcoming changes and gives pointers to resources that describe them in detail.

DNSSEC, Security, Internet, Root Zone, DNS

111 points by todsacerdoti 107 days ago | 23 comments

Archive of wiki.bash-hackers.org (github.com/flokoe)
The popular wiki.bash-hackers.org (original IP address: 83.243.40.67) site had its DNS expire in April 2023.

Web Development, Software, Archives, DNS

5 points by sipofwater 110 days ago | 1 comments

Pkdns: DNS server resolving via mainline DHT (github.com/pubky)
A DNS server providing self-sovereign and censorship-resistant domain names. It resolves records hosted on the Mainline DHT, the biggest DHT on the planet with ~15M nodes that services torrents since 15 years.

DNS, Decentralized Systems, P2P, Security, Censorship Resistance

52 points by janandonly 111 days ago | 10 comments

Migrating billions of records: moving our active DNS database while it's in use (cloudflare.com)
According to a survey done by W3Techs, as of October 2024, Cloudflare is used as an authoritative DNS provider by 14.5% of all websites.

DNS, Cloud Computing, Database Management, Engineering, Networking

16 points by mikece 115 days ago | 0 comments

The trailing dot in domain names matter (lacot.org)
While inspecting traffic logs for my website in redirection.io recently, I noticed several requests logged on the lacot.org. domain name. Did you see the final trailing dot in the hostname? I first thought it was a bug in the logging platform, but I was surprised to learn that it is perfectly possible to add a dot at the end of a domain name.

Domain Names, DNS, Web Development

68 points by Damin0u 115 days ago | 18 comments

Using less memory to look up IP addresses in Mess With DNS (jvns.ca)
I’ve been having problems for the last 3 years or so where Mess With DNS periodically runs out of memory and gets OOM killed.

DNS, Memory Management, Optimization

137 points by todsacerdoti 117 days ago | 41 comments

Understanding Round Robin DNS (hyperknot.com)
For OpenFreeMap, I'm using servers behind Round Robin DNS. In this article, I'm trying to understand how browsers and CDNs select which one to use.

DNS, Networking, Web Development

394 points by hyperknot 118 days ago | 123 comments

The Alarming Prevalence of Zone Transfers (reconwave.com)
We found that 8% of all nameservers still have zone transfers enabled for all authorized zones, potentially exposing sensitive information to malicious actors.

Security, DNS, Internet Security

11 points by olamoskae 123 days ago | 6 comments

Show HN: Dynamic IPv4/6 records for Cloudflare (github.com/ddries)
Update Cloudflare DNS 'A' and 'AAAA' records for your dynamic IP.

Networking, DNS, CloudFlare, Software

13 points by kurokawad 123 days ago | 9 comments

Can't trust any VPN these days (orhun.dev)
After Turkey banned Discord, I had to jump through some hoops, fix my VPN, and learn a bit about how DNS works.

Privacy, VPNs, Turkey, DNS

89 points by orhunp_ 128 days ago | 78 comments