DNS : Hints to limit access to known clients

I would like to set up for personal purposes a DNS server on the cloud and offer its service to several members of my family/friends. Based on their IP and the filtering options they’d like, DNS queries will be performed in confidence (filter only ads, filter only non-appropriate sites for kids, etc…). In fact, a homemade OpenDNS solution.

To do so, I can use the directive allow-from (or equivalent) of my DNS solution but due to the DNS protocol nature, I can use only IP address/netmasks. This would work fine for people with public static IP addresses but not for people with a dynamic one.

I was thinking about using a reverse proxy that does support allow-from FQDN directive and forward the query to the local DNS server once the FQDN/IP matches.

What do you think about it? Is there any other/more straightforward solution/idea?

DNS : Hints to limitate access to known clients

I would like to set up for personal purposes a DNS server on the cloud and offer its service to several members of my family/friends. Based on their IP and the filtering options they’d like, dns query will be performed in consequence (filter only ads, filter only non appropriate sites for kids, etc…). In fact, a home-made opendns solution if you know it.

To do so, I can use the directive ‘allow-from’ (or equivalent) of my dns solution but due to the dns protocol nature, I can use only ip address/netmasks. This would work fine for people with public static IP address but not for people with a dynamic one.

I was thinking about using a reverse proxy which does support "allow-from FQDN" directive and forward the query to the local dns server once the fqdn/ip matches.

What do you think about it ? Is there any other/more straight-forward solution/idea ?

NB : I’ve searched on StackExchange before posting but didn’t find anything. However, if a post would already exist :

  • my sincere apologies;
  • may you give me the link to this post ?

Thank you very much,

Best regards,

David

networking – How to troubleshoot DNS not resolved issues?

I can’t open Hotstar/Disney+ on my Android phone/ Android TV. Upon investigation, I found out that the webpage hotstar.com is not opening in general on my phone/TV and is throwing an “err::NAME NOT RESOLVED” error. I can open hotstar.com on my laptop using the same network. Since this problem just started abruptly, I don’t even know where to look for. Thanks for any suggestions you may provide.

DNS providers

Hey guys,
I just wanted to ask what managed DNS providers are you using and what is your experience with them? We are currently looking at a couple of providers and I think constellix our manager's favorite so far, of course, we are still researching other providers like ns1 and azure. Since there have been a decent amount of outages in the last couple of weeks I really want to know "who I'm getting in bed with". So any feedback would be helpful! And for those of you who are not familiar…

DNS providers

dns – Android ignores DHCP “Search domain” unless it’s on a VPN

So I have a single subnet, flat LAN, multiple wired access points all in bridge mode.

I have ISC-DHCP server and Bind9 DNS server configured for dynamic DNS hosts etc. The DNS provides a local zone of my public domain, *.lan.publicdomain.com but is not externally marked as a server for that domain. Thus internal *.lan. hosts are on the LAN server and *.publicdomain.com hosts are on the external public DNS at 123reg.

I also have an OpenVPN port open on the public IP. Externally vpn.publicdomain.com leads to my current IP.

It all works, I can be on the VPN on 4G or public wifi … or be on my local wifi and access all my LAN hosts either way. I can actually be on both my local Wifi and VPN at the same time.

The android issue is that while on the VPN going to say:

http://somehost:8080/

Will resolve correctly to somehost.lan.publicdomain.com and the site will open.

If however I disconnect from VPN and just connect to my bare Wifi, my phone will still access somehost, but it will not resolve it without specifying the FQDN. It’s like it will accept the search-domain from the VPN DHCP pool, but it will not accept it from the ISC-DHCP server locally.

Is this something to do with Android forcing DNS to avoid adblocks? Only when on VPN they can’t get away with doing that as it’s insecure and corporate types would object loudly.

I should note that all normal LAN clients, like Windows10, Linux etc, all honor the search domain in DHCP. Just not the android in LAN mode.

Phone is MotoG5 Plus, android: 8.1.0

dns – Installed 18.04 Server and netplan was NOT installed

Installed 18.04 on an older Dell server. Netplan was not installed nor was the /etc/netplan directory created. I attempted to update the /etc/network/interfaces file with the DNS nameservers (I used google’s) but the machine still cannot resolve. Because I cannot resolve, I cannot update or install packages. I attempted to install Netplan.io from a .deb file but that didn’t work either. Can someone please give me a hand here. I am stuck with a new server install and I can’t do a thing with it. Thank you all

Shawn Simmons

networking – In a recursive DNA query procedure, if a local DNS server needs to query root DNS servers, how does it know/get their IP addresses?

I am taking a computer networks class, and was wondering how a local DNS server knows the root DNS servers’ IP addresses when querying them. I am assuming that since this is the root server, maybe there is a pre-provided root server address list for the local DNS, since a root server address can’t be found from DNS servers from lower hierarchy, but I may be mistaken.

dns hosting – Pointing a custom domain to Azure Web App – Without the need of adding verification records

I have a website running on Azure Web App. This website provides a profile page to its users. The users are looking to point their custom domains to their respective profile page. I want to minimize the manual steps to achieve this. For every custom domain, I need to add that manually to Azure Web app and also need to verify the ownership via TXT record. This could be fine for a small number of custom domains but when you have 100s of such users, it just becomes a blocker.

Is there any way I could somehow let any custom domain pointed to my website work without needing to add the domain record on Azure portal and having to verify ownership?

I wonder if Azure DNS can help me achieve my goal in anyway.

Bind DNS server on virtualmin Ubuntu 20.4 only resolves DNS locally

I have been trying to move my server from CentOS 8 to Ubuntu 20.04 due to centos stopping updates
since my old server was running on Virtualmin I installed Virtualmin on Ubuntu and then moved the files and made a new server and made sure to configure Bind same as centos , to make sure that there is nothing blocking the DNS requests I also disabled the firewall on Ubuntu.
the problem is that the DNS is resolved locally when I use NS-lookup on the Ubuntu machine but it does not resolve on a external computer and the DNS request is timed out
any help is greatly appreciated

Android won’t query DNS server for IPv6 addresses, why?

I have a weird issue; for a single connect request to a server that has a single AAAA record my device runs two A queries instead and fails to connect.

My setup is as follows:

  • LAN (a regular router) without IPv6 connectivity
  • Android 10 with only WiFi connectivity, having one fe80: and two fd14: addresses
  • Debian box, wired, running dnsmasq, acting as the DNS server for all devices
  • dnsmasq will reply that website foo.com has an IPv6 of the Debian box, and no IPv4

I can:

  • Connect from my phone to the Debian box using literal IPv6 address
  • Connect from other devices to foo.com
  • Connect to foo.com from JuiceSSH
  • Do ping6 foo.com successfully in Termux on the phone

What I can’t do, I can’t connect from my phone to the Debian box via foo.com using regular apps such as Chrome, or my own app. JuiceSSH is the weird exception. I tried making a new app, adding INTERNET permission and this bit of code only:

thread {
    Socket("foo.com", 9000)
}

This works consistently with the apps such as Chrome in that it doesn’t connect and—from what I see in dsmasq logs—performs two A queries (both with NODATA-IPv4 response). It never performs an AAAA query. Inet*Address.getAllByName() behaves in a similar way. I tested with another device running Android 6, same outcome.

What’s going on here?