Hacker News with Generative AI: DNS

Is BIND9 suitable as a recursive resolver in 2025? (szafka.net)
Recently, we have been engaged in consulting work and providing DNS training for a major IT corporation, boasting an employee count exceeding 10,000. Thankfully, not every staff member attended the course.

DNS, Networking, Security, Technology

22 points by plagiat0r 2 days ago | 7 comments

HTTPS RR in Curl (haxx.se)
RFC 9460 describes a DNS Resource Record (RR) named HTTPS. To highlight that it is exactly this DNS record called HTTPS we speak of, we try to always call it HTTPS RR using both words next to each other.

HTTPS, DNS, Security, Networking

58 points by TangerineDream 2 days ago | 12 comments

.arpa, rDNS and a few magical ICMP hacks (sdomi.pl)
Through Project SERVFAIL, I became aware that there are a few individuals, not just ISPs, who host their own in-addr.arpa. and ip6.arpa. zones. It never occurred to me that I could ask bgp.wtf, my beloved ISP, to delegate me a zone like this - until one faithful late-night chat.ARPA zones are usually totally out of reach for individuals, so I was absolutely hyped when one of our netadmins agreed to delegate me the ip6.arpa. zone for my whole /48 IPv6 range.

Networking, DNS, Security, Reverse DNS

7 points by todsacerdoti 3 days ago | 0 comments

iCloud Mail has DNS misconfigured? (mail-tester.com)
Good stuff. Your email is almost perfect

iCloud, Email, DNS, Security

180 points by wildekek 4 days ago | 87 comments

Quad9 – A public and free DNS service for a better security and privacy (quad9.net)
Quad9 is a free service that replaces your default ISP or enterprise Domain Name Server (DNS) configuration.

Security, Privacy, DNS, Internet

63 points by janandonly 8 days ago | 30 comments

DNS Speed Test (dnsspeedtest.online)
Optimize your internet experience by finding the fastest DNS server for your location. Just click the button below to start the test.

Internet, DNS, Optimization, Tools

41 points by tosh 8 days ago | 10 comments

Understanding DNS Resolution on Linux and Kubernetes (jpetazzo.github.io)
I recently investigated a warning message on Kubernetes that said: DNSConfigForming ... Nameserver limits were exceeded, some nameservers have been omitted. This was technically a Kubernetes event with type: Warning, and these usually indicate that there’s something wrong, so I wanted to investigate it.

Linux, Kubernetes, DNS, Troubleshooting, Network

73 points by fanf2 10 days ago | 33 comments

Italy demands Google poison DNS under strict Piracy Shield law (arstechnica.com)
Italy is using its Piracy Shield law to go after Google, with a court ordering the Internet giant to immediately begin poisoning its public DNS servers.

Law, Google, Italy, Piracy, DNS

176 points by DanAtC 11 days ago | 171 comments

Italian Court Orders Google to Poison Public DNS to Prevent IPTV Piracy (torrentfreak.com)
A decision issued by the same court now requires Google to poison its Public DNS to prevent access to pirate sites.

IPTV, Piracy, Law, Italy, DNS

19 points by DanAtC 12 days ago | 2 comments

More mysterious DNS root query traffic from a large cloud/DNS operator (2022) (apnic.net)
With so much traffic on the global Internet day after day, it’s not always easy to spot the occasional irregularity.

Internet, DNS, Security, Networking, Cloud Computing

75 points by mooreds 22 days ago | 15 comments

Kubernetes Home – what do you do if your ISP changes your IP addresses? (priv.no)
In my last blog post I described external-DNS, which is a way to have Kubernetes create and update DNS entries for its services. But as I mentioned, it got me thinking a bit on ways to extend this concept to handle other external aspects of my Kubernetes environment.

Kubernetes, DNS, Networking, Cloud Computing

49 points by jandeboevrie 24 days ago | 101 comments

NIH.gov DNS servers down, making PubMed, BLAST, etc. unreachable [fixed] (nslookup.io)

NIH, DNS, Downtime, Medical Research, Science

494 points by raphman 31 days ago | 385 comments

DNS Nerds Don't Control the Internet (2016) (sockpuppet.org)
You’re reading this page because you’ve suggested that “14 people control the Internet through the DNSSEC root keys”. If you’re unlucky, you might be a journalist preparing a story about those people. Stop!

DNS, Security, Internet, Journalism

18 points by wglb 34 days ago | 7 comments

An illustrated guide to the Kaminsky DNS vulnerability (2008) (unixwiz.net)
The big security news of Summer 2008 has been Dan Kaminsky's discovery of a serious vulnerability in DNS. This vulnerability could allow an attacker to redirect network clients to alternate servers of his own choosing, presumably for ill ends.

Security, Networking, DNS, Vulnerabilities

25 points by amidtheperf 36 days ago | 6 comments

Zns: CLI tool for querying DNS records with readable, colored output (github.com/znscli)
zns is a command-line utility for querying DNS records, displaying them in a human-readable, colored format that includes type, name, TTL, and value.

DNS, Tools

30 points by bschaatsbergen 39 days ago | 6 comments

I ditched my Pi-hole but still block ads with NextDNS (mattsayar.com)
I love the idea behind the Pi-hole: block ads at the DNS layer so ads never even reach your devices. No ads, no trackers, and no worries about your extensions breaking! Works network-wide! Unfortunately, it caused me more grief than joy.

Advertising, DNS, Software

69 points by MattSayar 42 days ago | 72 comments

Decentralized Naming and Certificate Authority (handshake.org)
Handshake is a decentralized, permissionless naming protocol where every peer is validating and in charge of managing the root DNS naming zone with the goal of creating an alternative to existing Certificate Authorities and naming systems.

Decentralization, Blockchain, DNS, Certificate Authorities, Security

17 points by nkjoep 44 days ago | 1 comments

Hickory DNS Is Moving Toward Production Readiness (memorysafety.org)
The Domain Name System (DNS) is a foundational part of the Internet. It stores data associated with domain names, like web server addresses and mail server addresses. Almost all network connections are preceded by a DNS lookup. The most popular DNS server implementations are written in C, and as a result, they have been affected by a series of memory safety vulnerabilities. These vulnerabilities can put DNS infrastructure at risk, as well as any system that depends on DNS.

Security, DNS, Networking

19 points by ksec 47 days ago | 2 comments

Getaddrinfo sucks. everything else is much worse (gosu.se)
DNS is one of the critical building blocks of the internet and of the modern web. For the longest time the only way for Firefox to resolve a DNS domain was by using getaddrinfo. What's remarkable about this function is that it's implemented on Linux, Windows, MacOS - even Android. It has the same signature, and works in roughly the same way, even though the implementation in these operating systems doesn't share the same code base.

DNS, Networking, Operating Systems, Web Development

34 points by todsacerdoti 54 days ago | 10 comments

Invalid Niger Nameservers in the com zone (0xda.de)
A recent post by Krebs On Security about a mastercard mistake in their nameservers got me thinking. I recently got access to the .com zone file, I could just… grep for this common type of mistake.

Security, DNS, Networking

6 points by mtlynch 69 days ago | 0 comments

Mastercard DNS error went unnoticed for years (krebsonsecurity.com)
The payment card giant MasterCard just fixed a glaring error in its domain name server settings that could have allowed anyone to intercept or divert Internet traffic for the company by registering an unused domain name.

Cybersecurity, DNS, Mastercard, Security Flaws

1007 points by todsacerdoti 70 days ago | 249 comments

Preventing conflicts in authoritative DNS config using formal verification (cloudflare.com)
Over the last year, Cloudflare has begun formally verifying the correctness of our internal DNS addressing behavior — the logic that determines which IP address a DNS query receives when it hits our authoritative nameserver.

DNS, Formal Verification, Security, Networking, Cloud Computing

64 points by rscho 85 days ago | 3 comments

DNS Nameservers (potaroo.net)
It's common folklore in the Domain Name System that a delegated domain name must be served by 2 or more nameservers.

DNS, Internet

26 points by belter 97 days ago | 5 comments

Breaking down OpenAI's outage: a hidden DNS dependency in Kubernetes (render.com)
OpenAI recently experienced an hours-long, platform-wide outage after a newly-deployed telemetry service overloaded their Kubernetes (K8s) control planes.

OpenAI, Kubernetes, Cloud Computing, DNS, Software

21 points by skywardavocado 106 days ago | 3 comments

The secret life of DNS packets (2019) (stripe.com)

Networking, Security, Internet, DNS

95 points by ohjeez 111 days ago | 15 comments

French Piracy Blocking Order Goes Global, DNS Service Quad9 Vows to Fight (torrentfreak.com)
In an ongoing escalation of its fight against online sports piracy, media giant Canal+ secured court orders compelling DNS providers Quad9 and Vercara to block access to pirate streaming sites in France. Quad9 says that it's determined to appeal what it sees as an absurd application of copyright law. For now, however, it will block the targeted domain names globally.

Copyright Law, Piracy, DNS, France, Internet

36 points by latexr 111 days ago | 22 comments

Reachability Analysis of DNS (arxiv.org)
The high complexity of DNS poses unique challenges for ensuring its security and reliability.

DNS, Security, Network Analysis

12 points by agnishom 111 days ago | 0 comments

Parsing Millions of DNS Records Per Second (github.com/NLnetLabs)
Fast and standards compliant DNS zone parser.

DNS, Networking, Performance, Software, Open Source

42 points by oco101 113 days ago | 1 comments

Who controls the Internet? A survey of authoritative DNS server diversity (netmeister.org)
Why yes, the internet is resting on a foundation of duct tape and WD40 - it is known. And the DNS is the mother of all corner stones that, if knocked out, would quickly lead to the fall of western civilization. (And yes, it is a hard requirement to use this XKCD cartoon to illustrate this.) But at least it's not quite as fragile as, say, whois, so yay!

Internet, DNS, Security, Technology, Infrastructure

4 points by fanf2 117 days ago | 0 comments

cli53 – Command line tool for Amazon Route 53 (github.com/barnybug)
cli53 provides import and export from BIND format and simple command line management of Route 53 domains.

DNS

53 points by indigodaddy 118 days ago | 5 comments