DNSSEC - OARC Size Tester

Talk from @mwl at BSDCAN 2022 https://www.youtube.com/watch?v=1n62VZj-CKI OARC Reply Size Tester dig +short rs.dns-oarc.net TXT Host1 - good :) # dig +short rs.dns-oarc.net TXT rst.x4090.rs.dns-oarc.net. rst.x4058.x4090.rs.dns-oarc.net. rst.x4064.x4058.x4090.rs.dns-oarc.net. " DNS reply size limit is at least 4090" " sent EDNS buffer size 4096" Host2 - bad :( # dig +short rs.dns-oarc.net TXT rst.x1196.rs.dns-oarc.net. rst.x1206.x1196.rs.dns-oarc.net. rst.x1204.x1206.x1196.rs.dns-oarc.net. " DNS reply size limit is at least 1206" " sent EDNS buffer size 1232" sha256: 110b220f93eff767b7e4d488294b00ede4f4509258d0148704b145df79fa9821

IPv6 Reverse DNS

IPv6 is fun, if you know how to handle it ! As a “sponsor LIR”, i got my own AS and a small /44 IP Space. So, as we all do “forward” DNS with our Domains, i’d like to have Reverse DNS as well. And as i don’t have a legacy IP Range, i like todo it with my v6 Space. Special thanks to Christian for his remote Hands/Tips. Appreciate it!

PowerDNS on OpenBSD

Run PowerDNS on OpenBSD I’m mostly happy with NSD as Authoritative Nameserver. But why not look over the fence and have a look at PowerDNS ? At least the API looks promising to me … Install Package doas pkg_add powerdns-- Create Folder, DB and set Permission doas mkdir /var/db/pdns doas sqlite3 /var/db/pdns/pdns.sql < /usr/local/share/doc/pdns/schema.sqlite3.sql doas chown -R _powerdns:wheel /var/db/pdns/ Update Config File /etc/pdns/pdns.conf # DB gsqlite3-database=/var/db/pdns/pdns.sql launch=gsqlite3 setuid=_powerdns # Tuning & Protection max-queue-length=5000 overload-queue-length=2500 # Webserver webserver=yes webserver-address=ip-of-your-nameserver webserver-allow-from=127.


Dog (echo dig |sed ’s/i/o/') you know nslookup, dig, hosts, getenv and all the commans for the cli. but have you ever tried dog ? Website: https://dns.lookup.dog/ and their Doku: https://dns.lookup.dog/dns-in-five-minutes dog is an open-source DNS client for the command-line. It has colourful output, supports the DoT and DoH protocols, and can emit JSON. Install Package $ doas pkg_add dog Examples DNS over TLS $ dog example.com --tls @dns.google DNS Request over HTTPS $ dog -H @https://dns.


https://serverfault.com/questions/142344/how-to-test-dns-glue-record Check GlueRecords host:~ $ dig +short ch. NS c.nic.ch. a.nic.ch. h.nic.ch. f.nic.ch. g.nic.ch. b.nic.ch. e.nic.ch. host:~ $ dig +norec @a.nic.ch. noflow.ch. NS ; <<>> DiG 9.10.6 <<>> +norec @a.nic.ch. noflow.ch. NS ; (2 servers found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29211 ;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 4 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION: ;noflow.

Dig Dns Whois

whois egal.com user@erde$ whois egal.com Domain Name: EGAL.COM Registry Domain ID: 1979745_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.name.com Registrar URL: http://www.name.com Updated Date: 2019-09-25T20:43:47Z Creation Date: 1996-03-25T05:00:00Z Registry Expiry Date: 2022-03-26T04:00:00Z Registrar: Name.com, Inc. Registrar IANA ID: 625 Registrar Abuse Contact Email: abuse@name.com Registrar Abuse Contact Phone: 7202492374 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Name Server: NS1CNY.NAME.COM Name Server: NS2KRY.NAME.COM Name Server: NS3DKZ.NAME.COM Name Server: NS4BHT.NAME.COM DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.