Questions tagged [domain-name-system]
The Domain Name System, usually referred to by the acronym DNS, is a hierarchical, distributed database where the keys are domain names. Questions involving publicly accessible domains should include the real, Fully Qualified Domain Name (FQDN)
12,322
questions
307
votes
14
answers
992k
views
What's the command-line utility in Windows to do a reverse DNS look-up?
Is there a built-in command line tool that will do reverse DNS look-ups in Windows? I.e., something like <toolname> w.x.y.z => mycomputername
I've tried:
nslookup: seems to be forward look-...
- 3,205
268
votes
2
answers
321k
views
Linux command to inspect TXT records of a domain [closed]
Is there a linux shell command that I can use to inspect the TXT records of a domain?
- 7,413
264
votes
11
answers
603k
views
List all DNS records in a domain using dig?
My company runs an internal DNS for mycompany.example
There is a machine on the network that I need to find, but I’ve forgotten its name. If I could see a list, it would probably jog my memory.
...
- 3,215
244
votes
3
answers
410k
views
How to include multiple domains in an spf TXT Record
I am looking to setup a TXT spf record that has 2 included domains... individually:
v=spf1 include:_spf.google.com ~all
and
v=spf1 include:otherdomain.com ~all
What is the proper way of combining ...
- 2,832
217
votes
8
answers
348k
views
Setting the hostname: FQDN or short name?
I've noticed that the "preferred" method of setting the system hostname is fundamentally different between Red Hat/CentOS and Debian/Ubuntu systems.
CentOS documentation and the RHEL deployment guide ...
- 25.4k
205
votes
5
answers
150k
views
What is a glue record?
This is a Canonical Question about DNS glue records.
What exactly (but briefly) is a DNS glue record? Why are they needed and how do they work?
- 3,107
190
votes
5
answers
443k
views
DNS - NSLOOKUP what is the meaning of the non-authoritative answer?
For some domains nslookup gives me a Non-authoritative answer section. What does this mean?
Got answer:
HEADER:
opcode = QUERY, id = 3, rcode = NXDOMAIN
header flags: response, ...
- 4,382
185
votes
12
answers
199k
views
Top level domain/domain suffix for private network?
At our office, we have a local area network with a purely internal DNS setup, on which clients all named as whatever.lan. I also have a VMware environment, and on the virtual-machine-only network, I ...
- 2,081
184
votes
16
answers
173k
views
Why is DNS failover not recommended?
From reading, it seems like DNS failover is not recommended just because DNS wasn't designed for it. But if you have two webservers on different subnets hosting redundant content, what other methods ...
- 2,929
167
votes
5
answers
221k
views
Force dig to resolve without using cache
I'm wondering if there is a way to query a DNS server and bypass caching (with dig). Often I change a zone on the DNS server and I want to check if it resolves correctly from my workstation. But since ...
- 3,117
165
votes
3
answers
109k
views
Why can't a CNAME record be used at the apex (aka root) of a domain?
This is a Canonical Question about CNAMEs at the apices (or roots) of zones
It's relatively common knowledge that CNAME records at the apex of a domain are a taboo practice.
Example:
example.com. IN ...
- 32.8k
145
votes
3
answers
148k
views
What's the meaning of '@' in a DNS zone file?
I have the following data in my DNS zone file for my domain:
$ORIGIN mydomain.com.
@ IN A 208.X.Y.Z
mail IN A 208.X.Y.Z
... etc..
What does the @ line mean? I know ...
- 6,578
134
votes
4
answers
229k
views
What type of DNS record is needed to make a subdomain?
I'm making a website, and I need a sub-domain.
I need to add the new part to my website, but I don't know which type of DNS record to add in the DNS console to point to this new site.
Is it A or ...
- 1,441
128
votes
4
answers
211k
views
How can I see Time-To-Live (TTL) for a DNS record?
I would like to see the Time-To-Live (TTL) value for a CNAME record.
I have access to dig (on Apple Mac OS X), which gives me an answer like this:
% dig host.example.gov
<*SNIP*>
;; ANSWER ...
- 23.8k
121
votes
15
answers
148k
views
What's the reverse DNS command line utility?
What's the command to find the name of a computer given its IP address?
I always forget what this command is, but I know it exists in Windows and I assume it exists on the *nix command-line.
- 2,208
107
votes
8
answers
173k
views
Is a wildcard CNAME DNS record valid?
I know it's valid to have a DNS A record that's a wildcard (e.g. *.mysite.com). Is it possible/valid/advised to have a wildcard CNAME record?
- 1,203
104
votes
6
answers
66k
views
Why can't MX records point to an IP address?
I understand you should not point a MX record at an IP address directly, but should instead point it to an A record, which, in turns, points to the IP address of your mail server.
But, in principle, ...
- 1,283
100
votes
21
answers
53k
views
Should we host our own nameservers?
This is a Canonical Question about whether to outsource DNS resolution for ones own domains
I currently have my ISP providing DNS for my domain, but they impose limitations on adding records. ...
- 1,965
100
votes
4
answers
333k
views
How does ServerName and ServerAlias work?
It's the following part of a virtual host config that I need further clarification on:
<VirtualHost *:80>
# Admin email, Server Name (domain name), and any aliases
ServerAdmin example@...
- 1,102
96
votes
2
answers
93k
views
Should CNAME Be Used For Subdomains?
I manage multiple websites that currently have the following DNS configuration:
example.com - A Record - Production Server IP
test.example.com - A Record - Test Server IP
www.example.com - ...
- 1,284
90
votes
3
answers
58k
views
Is a CNAME to CNAME chain allowed?
Is it allowed in DNS to have a CNAME record that points to another CNAME record?
The reason we need this is that we have a hostname that we want to be looked up to the IP address of our web server ...
- 2,145
89
votes
4
answers
72k
views
Vagrant / VirtualBox DNS 10.0.2.3 not working
I am running a fresh install of Linux Mint Nadia (14). I am following the instructions on Vagrant Getting Started but have gotten stuck on the Provisioning. It seems the Vagrant box cannot connect ...
- 1,305
87
votes
3
answers
101k
views
Multiple TXT fields for same subdomain
I would like to understand if multiple TXT records for the same subdomain are ok or could lead to issues. In particular, we have the requirement for one SPF record and one Google Domain Verification ...
- 1,289
82
votes
2
answers
171k
views
How to configure a Windows machine to allow file sharing with a DNS alias
What process is necessary to configure a Windows environment to allow me to use DNS CNAME to reference servers?
I want to do this so that I can name my servers something like SRV001, but still have \\...
- 1,641
81
votes
6
answers
115k
views
Do SPF Records For Primary Domain apply to subdomains?
I have a quick question regarding SPF records: Do they need to be present for all subdomains?
Lets say that I have a TXT record with SPF info for domain.com
Let's also say that I have a seperate ...
- 11.9k
80
votes
11
answers
26k
views
Multiple data centers and HTTP traffic: DNS Round Robin is the ONLY way to assure instant fail-over?
Multiple A records pointing to the same domain seem to be used almost exclusively to implement DNS Round Robin as a cheap load balancing technique.
The usual warning against DNS RR is that it is not ...
- 1,113
79
votes
11
answers
116k
views
Private IP address in public DNS
We have an SMTP only mail server behind a firewall which will have a public A record of mail.. The only way to access this mail server is from another server behind the same firewall. We do not run ...
- 2,506
78
votes
8
answers
195k
views
How does Windows decide which DNS Server to use when resolving names?
What algorithm does Windows use to decide which DNS Server it will query in order to resolve names?
Let's say I have several interfaces, all active, some with no dns server specified, some told to ...
- 1,065
76
votes
14
answers
224k
views
Docker containers can't resolve DNS on Ubuntu 14.04 Desktop Host
I'm running into a problem with my Docker containers on Ubuntu 14.04 LTS.
Docker worked fine for two days, and then suddenly I lost all network connectivity inside my containers. The error output ...
- 2,101
76
votes
3
answers
59k
views
How long does negative DNS caching typically last?
If a DNS server looks up a record and it's missing, it will often "negatively cache" the fact that this record is missing, and not try to look it up again for a while. I don't see anything ...
- 1,827
75
votes
3
answers
224k
views
What is the difference between a hostname and a fully qualified domain name?
I am new to the world of setting up servers and am baffled by the term hostname and fully qualified domain name (FQDN).
For example, if I want to set up a server that hosts files on the local network ...
- 1,912
73
votes
3
answers
239k
views
How to ensure OpenVPN connection uses specific DNS?
I'm using OpenVPN through Tunnelblick on MacOS X Lion.
I need to set specific DNS (with local IP, which works only when VPN is up) for the duration of this VPN session only.
I do not have access to ...
73
votes
1
answer
70k
views
How long does it take for DNS records to propagate?
This is a Canonical Question about DNS Propagation
How long does it take for an the various types of records to propagate?
Do some propagate faster than others?
Why does it take time for DNS records ...
user38535
73
votes
6
answers
347k
views
How to redirect domain A to domain B using A-Records and CNAME records only
I have 2 domains hosted with different hosts. I need to redirect Domain A to Domain B. Unfortunately I can't do a 301 redirect from Host A, but can only modify/add DNS entries (A-Records and CNAMEs) ...
- 917
71
votes
21
answers
13k
views
How the heck is http://to./ a valid domain name?
Apparently it's a URL shortener. It resolves just fine in Chrome and Firefox. How is this a valid top-level domain?
Update: for the people saying it's browser shenanigans, why is it that: http://com./...
- 1,381
70
votes
15
answers
16k
views
Are IP addresses "trivial to forge"?
I was reading through some of the notes on Google's new public DNS service:
Performance Benefits
Security Benefits
I noticed under the security section this paragraph:
Until a standard system-wide ...
- 13.2k
70
votes
7
answers
118k
views
DNS A vs NS record
I'm trying to understand DNS a bit better, but I still don't get A and NS records completely.
As far as I understood, the A record tells which IP-address belongs to a (sub) domain, so far it was ...
- 1,029
70
votes
18
answers
70k
views
Is Round-Robin DNS "good enough" for load balancing static content?
We have a set of shared, static content that we serve up between our websites at http://sstatic.net. Unfortunately, this content is not currently load balanced at all -- it's served from a single ...
- 13.2k
67
votes
7
answers
10k
views
Government censors HTTPS traffic to our website. Workarounds?
I am helping run a website that has been blocked for political reasons by the same Russian agency that has previously tried blocking Telegram (RosKomNadzor). This is not the first time it happens, and ...
- 613
67
votes
2
answers
24k
views
Why does Heroku warn against "naked" domain names?
I ran across this page in the Heroku docs...
Naked domains, also called bare or apex domains, are configured in DNS via A-records and have serious availability implications when used in highly ...
- 2,459
66
votes
7
answers
13k
views
DNS failing to propagate worldwide
I haven't changed anything related to the DNS entry for serverfault.com, but some users were reporting today that the serverfault.com DNS fails to resolve for them.
I ran a justping query and I can ...
- 13.2k
64
votes
8
answers
113k
views
Overriding some DNS entries in BIND for internal networks
I have an internal network with a DNS server running BIND, connected to the internet through a single gateway. My domain "example.com" is managed by an external DNS provider. Some of the entries in ...
- 2,025
63
votes
2
answers
147k
views
Can we have multiple CNAMES for a single Name?
I need this for load balancing. For example, I've two azure storage accounts (say a and b) and the blob addresses for those are a.blob.core.windows.net and b.blob.core.windows.net. Both of them store ...
59
votes
2
answers
24k
views
What are SPF records, and how do I configure them?
This is a canonical question about setting up SPF records.
I have an office with many computers that share a single external ip (I'm unsure if the address is static or dynamic). Each computer ...
- 749
58
votes
4
answers
165k
views
How to specify multiple included domains in SPF record?
Our business email is hosted on Google apps. In addition, our web server may also send email. Currently our SPF record in DNS looks like this:
domain.com. IN TXT "v=spf1 a include:_spf....
- 966
57
votes
10
answers
77k
views
How to use DNS/Hostnames or Other ways to resolve to a specific IP:Port
This is a Canonical Question about DNS/Hostnames resolution to IPs/Ports
Example 1
I'm running a web server on port 80 and another on port 87. I would like to use DNS so that www.example.com goes to ...
- 1,125
56
votes
12
answers
77k
views
Linux command line utility to resolve host names using /etc/hosts first
There are several command line utilities to resolve host names (host, dig, nslookup), however they all use nameservers exclusively, while applications in general look in /etc/hosts first (using ...
- 645
55
votes
2
answers
153k
views
When do DNS queries use TCP instead of UDP? [duplicate]
Possible Duplicate:
Is it true that a nameserver have to answer queries over TCP?
I know DNS uses UDP for most of its queries, but in what circumstances will it use TCP instead?
- 2,788
54
votes
7
answers
303k
views
How can I find the LDAP server in the DNS on Windows?
For Linux, this command should return the DNS record for the LDAP server
host -t srv _ldap._tcp.DOMAINNAME
(found at Authenticating from Java (Linux) to Active Directory using LDAP WITHOUT ...
- 943
54
votes
4
answers
46k
views
What does the "IN" mean in a zone file?
Sometimes a record is listed as www IN A 192.168.1.1 and sometimes it is listed as www A 192.168.1.1.
What is the purpose of the IN and when is it required/not required?
- 1,015