Hacker News with Generative AI: DNS

Using CAA Records with Namecheap (aaronmdjones.net)
I'm getting tired of having to explain to DNS registrars (and even a DNS registry, once) how DNS works -- knowing this is literally their entire job, and yet this will be my sixth time doing so. But first, some context.

DNS, Domain Names, Web Hosting

19 points by aaronmdjones 8 days ago | 12 comments

DNS Blackhole (AS112) Service (iana.org)
Domain Name System resolvers can erroneously perform DNS lookups associated with private-use IP addresses, which generates a significant amount of undesirable Internet traffic. To combat this, a number of "blackhole" or "sinkhole" DNS servers exist to capture this traffic and reduce the load of DNS lookups.

DNS, Security, Network Traffic, Internet

6 points by mparkms 9 days ago | 0 comments

macOS Sends Locally-Served DNS Zones to iCloud Private Relay (apple.com)
My laptop (M1 Pro, macOS 15.3.2) is connected to a dual stack network via Wi-Fi. The home.arpa. domain is supplied as a search domain via both DHCPv4 (options 15 and 119) and DHCPv6 (option 24). "Details…" for the network connection in System Settings show this domain under the DNS tab.

macOS, DNS, Privacy, iCloud, Security

11 points by Kentzo 11 days ago | 2 comments

Show HN: godns A DNS forwarder similar to dnsmasq (github.com/nodesocket)

DNS, Networking, Open Source, Tools

5 points by nodesocket 15 days ago | 2 comments

Is BIND9 suitable as a recursive resolver in 2025? (szafka.net)
Recently, we have been engaged in consulting work and providing DNS training for a major IT corporation, boasting an employee count exceeding 10,000. Thankfully, not every staff member attended the course.

DNS, Networking, Security, Technology

22 points by plagiat0r 25 days ago | 7 comments

HTTPS RR in Curl (haxx.se)
RFC 9460 describes a DNS Resource Record (RR) named HTTPS. To highlight that it is exactly this DNS record called HTTPS we speak of, we try to always call it HTTPS RR using both words next to each other.

HTTPS, DNS, Security, Networking

58 points by TangerineDream 26 days ago | 12 comments

.arpa, rDNS and a few magical ICMP hacks (sdomi.pl)
Through Project SERVFAIL, I became aware that there are a few individuals, not just ISPs, who host their own in-addr.arpa. and ip6.arpa. zones. It never occurred to me that I could ask bgp.wtf, my beloved ISP, to delegate me a zone like this - until one faithful late-night chat.ARPA zones are usually totally out of reach for individuals, so I was absolutely hyped when one of our netadmins agreed to delegate me the ip6.arpa. zone for my whole /48 IPv6 range.

Networking, DNS, Security, Reverse DNS

7 points by todsacerdoti 27 days ago | 0 comments

iCloud Mail has DNS misconfigured? (mail-tester.com)
Good stuff. Your email is almost perfect

iCloud, Email, DNS, Security

180 points by wildekek 28 days ago | 87 comments

Quad9 – A public and free DNS service for a better security and privacy (quad9.net)
Quad9 is a free service that replaces your default ISP or enterprise Domain Name Server (DNS) configuration.

Security, Privacy, DNS, Internet

63 points by janandonly 32 days ago | 30 comments

DNS Speed Test (dnsspeedtest.online)
Optimize your internet experience by finding the fastest DNS server for your location. Just click the button below to start the test.

Internet, DNS, Optimization, Tools

41 points by tosh 32 days ago | 10 comments

Understanding DNS Resolution on Linux and Kubernetes (jpetazzo.github.io)
I recently investigated a warning message on Kubernetes that said: DNSConfigForming ... Nameserver limits were exceeded, some nameservers have been omitted. This was technically a Kubernetes event with type: Warning, and these usually indicate that there’s something wrong, so I wanted to investigate it.

Linux, Kubernetes, DNS, Troubleshooting, Network

74 points by fanf2 34 days ago | 33 comments

Italy demands Google poison DNS under strict Piracy Shield law (arstechnica.com)
Italy is using its Piracy Shield law to go after Google, with a court ordering the Internet giant to immediately begin poisoning its public DNS servers.

Law, Google, Italy, Piracy, DNS

176 points by DanAtC 34 days ago | 171 comments

Italian Court Orders Google to Poison Public DNS to Prevent IPTV Piracy (torrentfreak.com)
A decision issued by the same court now requires Google to poison its Public DNS to prevent access to pirate sites.

IPTV, Piracy, Law, Italy, DNS

19 points by DanAtC 35 days ago | 2 comments

More mysterious DNS root query traffic from a large cloud/DNS operator (2022) (apnic.net)
With so much traffic on the global Internet day after day, it’s not always easy to spot the occasional irregularity.

Internet, DNS, Security, Networking, Cloud Computing

75 points by mooreds 46 days ago | 15 comments

Kubernetes Home – what do you do if your ISP changes your IP addresses? (priv.no)
In my last blog post I described external-DNS, which is a way to have Kubernetes create and update DNS entries for its services. But as I mentioned, it got me thinking a bit on ways to extend this concept to handle other external aspects of my Kubernetes environment.

Kubernetes, DNS, Networking, Cloud Computing

49 points by jandeboevrie 48 days ago | 101 comments

NIH.gov DNS servers down, making PubMed, BLAST, etc. unreachable [fixed] (nslookup.io)

NIH, DNS, Downtime, Medical Research, Science

494 points by raphman 55 days ago | 385 comments

DNS Nerds Don't Control the Internet (2016) (sockpuppet.org)
You’re reading this page because you’ve suggested that “14 people control the Internet through the DNSSEC root keys”. If you’re unlucky, you might be a journalist preparing a story about those people. Stop!

DNS, Security, Internet, Journalism

18 points by wglb 57 days ago | 7 comments

An illustrated guide to the Kaminsky DNS vulnerability (2008) (unixwiz.net)
The big security news of Summer 2008 has been Dan Kaminsky's discovery of a serious vulnerability in DNS. This vulnerability could allow an attacker to redirect network clients to alternate servers of his own choosing, presumably for ill ends.

Security, Networking, DNS, Vulnerabilities

25 points by amidtheperf 60 days ago | 6 comments

Zns: CLI tool for querying DNS records with readable, colored output (github.com/znscli)
zns is a command-line utility for querying DNS records, displaying them in a human-readable, colored format that includes type, name, TTL, and value.

DNS, Tools

30 points by bschaatsbergen 63 days ago | 6 comments

I ditched my Pi-hole but still block ads with NextDNS (mattsayar.com)
I love the idea behind the Pi-hole: block ads at the DNS layer so ads never even reach your devices. No ads, no trackers, and no worries about your extensions breaking! Works network-wide! Unfortunately, it caused me more grief than joy.

Advertising, DNS, Software

69 points by MattSayar 65 days ago | 72 comments

Decentralized Naming and Certificate Authority (handshake.org)
Handshake is a decentralized, permissionless naming protocol where every peer is validating and in charge of managing the root DNS naming zone with the goal of creating an alternative to existing Certificate Authorities and naming systems.

Decentralization, Blockchain, DNS, Certificate Authorities, Security

17 points by nkjoep 68 days ago | 1 comments

Hickory DNS Is Moving Toward Production Readiness (memorysafety.org)
The Domain Name System (DNS) is a foundational part of the Internet. It stores data associated with domain names, like web server addresses and mail server addresses. Almost all network connections are preceded by a DNS lookup. The most popular DNS server implementations are written in C, and as a result, they have been affected by a series of memory safety vulnerabilities. These vulnerabilities can put DNS infrastructure at risk, as well as any system that depends on DNS.

Security, DNS, Networking

19 points by ksec 70 days ago | 2 comments

Getaddrinfo sucks. everything else is much worse (gosu.se)
DNS is one of the critical building blocks of the internet and of the modern web. For the longest time the only way for Firefox to resolve a DNS domain was by using getaddrinfo. What's remarkable about this function is that it's implemented on Linux, Windows, MacOS - even Android. It has the same signature, and works in roughly the same way, even though the implementation in these operating systems doesn't share the same code base.

DNS, Networking, Operating Systems, Web Development

34 points by todsacerdoti 77 days ago | 10 comments

Invalid Niger Nameservers in the com zone (0xda.de)
A recent post by Krebs On Security about a mastercard mistake in their nameservers got me thinking. I recently got access to the .com zone file, I could just… grep for this common type of mistake.

Security, DNS, Networking

6 points by mtlynch 92 days ago | 0 comments

Mastercard DNS error went unnoticed for years (krebsonsecurity.com)
The payment card giant MasterCard just fixed a glaring error in its domain name server settings that could have allowed anyone to intercept or divert Internet traffic for the company by registering an unused domain name.

Cybersecurity, DNS, Mastercard, Security Flaws

1007 points by todsacerdoti 94 days ago | 249 comments

Preventing conflicts in authoritative DNS config using formal verification (cloudflare.com)
Over the last year, Cloudflare has begun formally verifying the correctness of our internal DNS addressing behavior — the logic that determines which IP address a DNS query receives when it hits our authoritative nameserver.

DNS, Formal Verification, Security, Networking, Cloud Computing

64 points by rscho 108 days ago | 3 comments

DNS Nameservers (potaroo.net)
It's common folklore in the Domain Name System that a delegated domain name must be served by 2 or more nameservers.

DNS, Internet

26 points by belter 121 days ago | 5 comments

Breaking down OpenAI's outage: a hidden DNS dependency in Kubernetes (render.com)
OpenAI recently experienced an hours-long, platform-wide outage after a newly-deployed telemetry service overloaded their Kubernetes (K8s) control planes.

OpenAI, Kubernetes, Cloud Computing, DNS, Software

21 points by skywardavocado 129 days ago | 3 comments

The secret life of DNS packets (2019) (stripe.com)

Networking, Security, Internet, DNS

95 points by ohjeez 134 days ago | 15 comments

French Piracy Blocking Order Goes Global, DNS Service Quad9 Vows to Fight (torrentfreak.com)
In an ongoing escalation of its fight against online sports piracy, media giant Canal+ secured court orders compelling DNS providers Quad9 and Vercara to block access to pirate streaming sites in France. Quad9 says that it's determined to appeal what it sees as an absurd application of copyright law. For now, however, it will block the targeted domain names globally.

Copyright Law, Piracy, DNS, France, Internet

36 points by latexr 135 days ago | 22 comments