r/dns

It seems like .de TLD has some DNS issues going on. Our monitoring shows DNS resolution issues (SERVFAILs) across different networks and countries. Apparently most caches are also affected, with some caches sometimes working.

EDIT: I've run a RIPE Atlas measurement against 150 geodistributed hosts, and 2/3 of those hosts received a SERVFAIL. So its a global outage of the .de TLD.

EDIT2: https://status.denic.de/ is reporting a partial DNS disruption

EDIT3: https://status.denic.de/ is reporting a full DNS disruption

EDIT4: https://status.denic.de/pages/incident/592577eab611ce1e0d00046f/69fa60ef9d12f5057a974f38

EDIT5: My domains are resolvable again since 00:21 CEST.

Hello everyone,

I want to use a DNS for privacy and ad blocking purposes. What providers can you recommend. Till now, I heard from nextdns, ublockdns, adgurad home and pihole. The later two need your own server or hardware. Ideally I want to add my family into the DNS as well to cover them two.

If it ideally would be European that would be an added benefit.

I would have no problem with setting it up my self, but the maintenance has to be low due to me not having that much time for it.

Thanks in advance.

Hi I’m after some help if possible I’ve bought a domain and registered it via my seller panel, I’ve then used the name changes and applied them to my domain.

Previously I was just using the: cloud url when providing a url plus login info to users.

The problem is this changes regular and I have to help a lot of non tech savvy people update their urls to keep thier service working, now that I have my own Domain will it keep needing updating?

If it will change frequently is there a way to change their URLs remotely ? (This is what I ultimately want) I’m a total noob and would really appreciate a dummy’s guide.

Any help greatly appreciated

Every VPN ad talks about privacy and streaming but I’m curious what people here genuinely use theirs for day to day. For me it’s mostly public WIFI and getting around random region locks but I know some people use them for work travel gaming or just avoiding ISP tracking. Wondering what use cases actually made paying for a VPN worth it for you

I just have launched the first public page for Deenez at deenez.com

Deenez is a new tool i'm building to make DNS record management easier, especially when zones start getting messy across teams, providers, and environments.

The idea is to help with things like:

• grouping related DNS records
• adding notes/context to records
• normalizing record values
• integrating with multiple DNS providers
• composing more complex records like SPF
• optional SPF flattening
• linking records to resources, like servers, instead copy pasting ip addresses
• scheduling DNS changes or adding expiring dates
• keeping an audit trail of DNS record changes

If you'd like to keep posted. Make sure you sign up for the waitlist. If your would like a specific provider to integrate with, also let me know by filling in the form on the site.

Would also love to hear feedback from people who manage DNS regularly. What are the biggest pain points you’d like me to solve in this tool?

Hi there, I always had the pain of constantly dig'ing for a domain, and checking if the new expected IP address (or any other record type really) is finally written and propagated into all relevant resolvers.

So, I was thinking about automating this, wiring it up to email notifications or slack.. And webhooks would be cool - you could do some cool automation with those (chain with issuing a SSL cert)!!

Just wondering if I'm the only one who would pay a few bucks for this, or you guys don't share this pain point at all.

Have a magnificent day!

Edit: Solved! Microsoft support was able to help. Apparently the account was set up incorrectly in the first place.

client and I are stuck in a support loop with managing the DNS for their domain. The client has a domain with godaddy. They previously had a microsoft email account through godaddy, which they extricated. They are now using microsoft on it's own. They have not been able to verify their domain to use a custom domain with their microsoft email account, and therefore can't receive any emails.

My

When they contacted microsoft support, microsoft said that the domain is already being used for an email managed through godaddy, and to contact godaddy support. When we contacted godaddy support, they said that the email is no longer managed by godaddy and we need to contact microsoft. We basically keep getting stuck in a loop of "contact the other provider." Is there something I should be checking in their DNS records? According to godaddy, all of the DNS records are updated and the email should be working.

Hi all,

I’m working on an idea for a DNS management tool and I’d love to get some honest feedback. Especially from people who deal with DNS in real-world environments.

The problem I keep running into is that DNS records often become messy over time:

• records are spread across different providers
• it’s not always clear why a record exists (especially when they don't have a recognizable name)
• values are entered inconsistently (for like CNAME records with a dot at the end or not?)
• SPF records become hard to maintain
• temporary records stay around forever
• changes are made without much context or history
• DNS changes are hard to plan, review, or audit

The tool I’m thinking about would focus on making DNS management more structured and understandable, especially for those who manage multiple domains.

Some of the features I have in mind:

• grouping related DNS records together
• adding notes/comments to individual records
• normalizing record values
• integrations with multiple DNS providers (like cloudflare, route53 etc)
• helping compose more complex records like SPF
• optional SPF flattening
• linking records to resources, such as servers, instead of manually entering IP addresses
• scheduling DNS changes
• audit trail for changes
• expiration dates for temporary records

I’m not trying to pitch anything here. I’m trying to validate whether this is a real enough pain point.

A few questions:

1. Is this something you would actually use?
2. What part of DNS management is most annoying or risky for you today?
3. Are there features missing from the list above?
4. If you manage DNS for clients or multiple teams, what would make this trustworthy enough for you to use?

Any feedback or criticism are very welcome. Also leave a reply like “please don’t build this” if you think nobody is waiting for a tool like this.

Hi All

I've woken to notifications our SMTP2GO account has become unverified. I've logged in and checked, it says the CNAME is no longer verified.

Jump into the cPanel, have a look at the zones, and everything is as it should be.

Do a quick DNS DIG with google toolbox and no CNAME results.

Whatismydns dot net, same results.

Any ideas?

Hello,

I have been looking into getting a Raspberry Pi to host Pi-hole (or Adguard Home, I havent decided yet) and also Unbound DNS.

Now, I've come into a fork in the road, if you will.

I am unsure if it makes more sense to leave Unbound in its default reverse DNS mode, or if it makes sense to use DoT with it to Quad9, for a balance of privacy and such. I understand the differences, just not sure what other people tend to do for it.

The search feature really was just going towards Quad9 and Pihole and such being used for malware protection, so I apologize if this is something asked often.

I appreciate any recommendations.

Thank you.

I am by no means an expert on how the DNS works. But this sparked my interest, so I came here for wisdom of the elders of DNS. What happened is that I changed the nameservers for a domain name that I own. It was using the registrar provided nameservers, and I changed them to a third party DNS provider. So I specified my two servers in the custom servers section of the dashboard, on the registrar's website, to point to my new DNS provider.

The changes have already propagated, no doubt. Because it has been several days since I made the change. The propagation was almost immediate, it probably took less than 1 hour. I used these commands on Windows to check the DNS status – specifically the NS records in this example.

Resolve-DnsName -Name mydomain.com -Type NS

Name                           Type   TTL   Section    NameHost
----                           ----   ---   -------    --------
mydomain.com                   NS     300   Answer     ns1.vultr.com
mydomain.com                   NS     300   Answer     ns2.vultr.com


Resolve-DnsName -Name mydomain.com -Type NS -Server dns1.registrar-servers.com

Name                           Type   TTL   Section    NameHost
----                           ----   ---   -------    --------
mydomain.com                   NS     1800  Answer     dns1.registrar-servers.com
mydomain.com                   NS     1800  Answer     dns2.registrar-servers.com

When I didn't specify any server to do the checking against (authoritative server), I got a completely different output than when I did specify the server. Why is that? The new custom nameservers are listed at the top, and registrar's servers are listed below that.

Is this normal behavior in DNS? When I run -Type NS -Server dns1.registrar-servers.com I am expecting to see ns1.vultr.com in the output. Why is this not happening? Is it because "authoritative servers" don't do dual duty as "recursive resolvers" as well?

But if this is true, then I would expect to see only a SOA record returned if the domain has no other DNS records, which is in fact exactly what I have seen from other registrars. I own more than one domain name, and I have recently transferred some of them to other registrars. But I am only seeing this behavior with this particular registrar.

The command Resolve-DnsName -Name mydomain.com -Type NS -Server dns1.registrar-servers.com is more specific than Resolve-DnsName -Name mydomain.com -Type NS. Despite being more specific, it returns inaccurate data. The output from the less specific command is 100% accurate. I take this to mean that the DNS changes have propagated correctly across the world, and even my local router knows this, but my registrar's nameservers don't. This is what made me suspect that authoritative servers can't do dual duty as recursive resolvers as well. Or perhaps it's not a common config? But still possible?

But so what does this mean then? Why is my registrar's nameserver returning anything other than a SOA record, when in fact, this registrar's nameservers are no longer in use? There is nothing listed under "host records" for this domain, in the Advanced DNS section of the dashboard.

The only explanation I can think of is that they are hiding these records from me, i.e. they have kept them on their nameservers. Maybe in case I change my mind later and revert to using their nameservers again, so that I won't need to recreate the records? But they are not showing anything in the user facing dashboard that would suggest that any old records even exist! Let alone that they can be reused at a later time!

It's very tricky to navigate their DNS settings pages and some of their templates are either buggy or intentionally made to reset your preferences and park your unused domains. And this is one of the reasons I decided to moved the DNS function out to a third party that I can trust, and set my DNS records reliably.

Any other explanation you can offer me? Any advice you can give me when it comes to DNS and domains? I know it's often recommended by the pros to create separation between the registrar and the DNS management. I have finally done that now.