Public recursive name server Puns

So I setup PiHole on Raspbian, and installed Unbound with the intention of it acting as a recursive DNS server, using the example configruation from the PiHole website.

Problem: It doesn't appear to be doing recursive lookups, and is instead forwarding to 1.1.1.1 / 1.0.0.1 as far as I can tell.

If I run sudo unbound-control forward in an SSH session, it shows those two IP addresses. Doing unbound-control lookup someweirdsubdomain.site.com shows that it's talking to 1.1.1.1/1.0.0.1. If I run sudo unbound-control off and then try again, it shows it going through the root hints to get the answer.

But now here's what's weird - if I do a dig trace, both with forward on and off, it shows it going through the root hint servers.

So I'm a bit confused - what's actually going on here? Did unbound change from being recursive default to just forwarding requests to whatever server is configured in dhcpcd.conf? How do I know for a fact that it's doing recursive lookups when a client on my network is performing a DNS request?

TIA.....

Most of our servers are configured 8.8.8.8 and 8.8.4.4 Which I'm sure is more reliable than anything I can build, can be reached with 4ms latency and consumes negligible bandwidth. It still feels wrong to use and external service, my instinct is to set up my own caching DNS servers (answering only to our own IP range of course). Taking on a business critical system with no obvious benefit is hard to justify though.
Does anyone have any thoughts on this?

Hello everyone, I have installed PiHole through a HomeBridge helper script (also Unbound) and did all the necessary groundwork to get recursive DNS up and running according to this video. For some reason when I swap my DNS settings inside the PiHole from Cloudflare's DNS to Custom 1 (IPv4) 127.0.0.1#5335 and I go on and try it, the addresses are not resolved so my internet stops working.

Here are some details about my internet setup:

I have my ISP modem with its wireless connection turned off. I have a TP-Link router with wireless connection enabled, getting internet connection through ethernet cable from the modem. My HomeBridge (Raspberry Pi) is connected through ethernet cable onto my TP-Link wireless router. Since all of my home devices are connected wirelessly I set my DNS on my TP-Link router directly.

My Homebridge address is 192.168.0.160:8581

My PiHole is running on 192.168.0.160:80

My TP-link DHCP server is pointed towards 192.168.0.160 (which should be correct)

EDIT: The issue was resolved with the help of the PiHole team. Thank you!

I'd like to know other ways to arrive at this, but this approach is "zero indexed" in a way, which I like.

with cte as (
	select 0 as m
	union all
	select m + 1
	from cte
	where m < 11
)
select
	m + 1 as [MonthNumber]
	,format(dateadd(month, m, '1900-01-01'), 'MMMM') as [MonthName]
from cte

Maybe there is a way to get the month name format with functions that are more backward compatible.

I hate ads. I also have an old Chromebook Flip (C100PA) that has reached end of life over a year ago. I decided to do a little project to convert this nice low-powered device into an ad-blocking server for my entire network. While working on this project, I documented all of my steps. Everything I did is within a single script. This script, once executed, will only perform one step of the process, which is to migrate Debian 10 (Buster) from your SDCard to the internal EMMC, replacing Chrome OS. All other steps are in the comments in the script and have to be manually run/performed.

Overall, I'm quite happy with the results and am pretty amazed at how well it holds up against my actual Raspberry Pi 4 as an ad-blocking server, even though the Chromebook Flip is operating over WiFi. I'm so glad I did this as this terrific hardware was going to waste.

The caveats:

• There is no way to run a newer linux kernel > 4.19.133 armv7l. It requires far more work than I'm willing to do at the moment and is tied to the final release of Chrome OS for this device.
  • Do not try to install a newer kernel in Debian, it's a waste of space as it will never boot.
• The device will most likely be limited to Debian Buster (v10). That's fine for now since that is what PiHole is set up for at the moment.
• The device will still rely on the default Chrome OS bootloader/kernel, but it can be tweaked to reduce the timer and to have it auto boot from internal storage.

Some more notes:

• I set my Chromebook Flip up as a headless server, I have not tried the image with LXDE (image sources in the script comments).
• Performance will not be great until you disable WiFi power-saving features and set the CPU Governor to Performance (instructions in the script comments).
• Below is the script I wrote to replace Chrome OS on my Chromebook Flip (C100PA) with Debian Buster, then set up Unbound and PiHole for a recursive ad-blocking DNS server.
• I TAKE ABSOLUTELY NO RESPONSIBILITY IF YOU BRICK YOUR DEVICE USING MY SCRIPT

What this script walks you through:

1. Enabling developer mode
2. Removing write protection (for overriding the BIOS flags)
3. Reducing the timeout value for the developer boot screen
4. Preparing an SDCard with a Debian 10 (Buster) image
5. Booting the Chromebook Flip into Debian 10 (Buster) from the SDCard
6. Replacing Chrome OS on your Chromebook Flip (C100PA) with the image from your SDCard (What the script itself actually performs)
7. Extra comments

I'm following Craft Computing's Video. At the 11:38 mark, I'm suppose to go into Settings>DNS>uncheck google's IPv4 upstream DNS servers and enter a custom one. I followed through that and after I hit save, it comes up with this:

>Error
>
>IP(127.0.01) is invalid!
>
>No DNS server has been selected.
>
>The settings have been reset to their previous values.

I checked google but all that I've found was addressing the semicolon to hash issue. I made sure by trying once more, but the same error comes up.

Any ideas/ tips?

We have an odd one where we can't resolve certain external records using our internal dns servers, but can resolve them when pointed to 8.8.8.8, etc.

I installed a fresh BIND 9.16.1 on an Ubuntu workstation, just to eliminate any possibly out-of-date packages on our organization's internal dns servers. Here's what we're seeing, when pointed at my workstation:

$ dig @localhost diamd-auth.usdoj.gov

; <<>> DiG 9.16.1-Ubuntu <<>> @localhost diamd-auth.usdoj.gov
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 55225
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: b6ec4a98e21cfcef01000000611c4d8710de6fcd8370fd99 (good)
;; QUESTION SECTION:
;diamd-auth.usdoj.gov.		IN	A

;; Query time: 131 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Aug 17 17:00:07 PDT 2021
;; MSG SIZE  rcvd: 77

Then from 8.8.8.8:

$ dig @8.8.8.8 diamd-auth.usdoj.gov

; <<>> DiG 9.16.1-Ubuntu <<>> @8.8.8.8 diamd-auth.usdoj.gov
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53633
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;diamd-auth.usdoj.gov.		IN	A

;; ANSWER SECTION:
diamd-auth.usdoj.gov.	30	IN	CNAME	diamd.customdomains.okta.com.
diamd.customdomains.okta.com. 30 IN	CNAME	ok5-custom-crtrs.okta.com.
ok5-custom-crtrs.okta.com. 30	IN	CNAME	ok5-crtr-custom-domains-f25d1212894ced23.elb.us-west-2.amazonaws.com.
ok5-crtr-custom-domains-f25d1212894ced23.elb.us-west-2.amazonaws.com. 30 IN A 34.223.206.17
ok5-crtr-custom-domains-f25d1212894ced23.elb.us-west-2.amazonaws.com. 30 IN A 34.223.206.19
ok5-crtr-custom-domains-f25d1212894ced23.elb.us-west-2.amazonaws.com. 30 IN A 34.223.206.18

;; Query time: 135 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Tue Aug 17 17:01:16 PDT 2021
;; MSG SIZE  rcvd: 249

When I add +trace to the options, I see some weird null-padded (\000) output in the answer sections. Not sure if that's significant:

$ dig @localhost +trace diamd-auth.usdoj.gov

; <<>> DiG 9.16.1-Ubunt

I'm new to this Pi-hole stuff and I'm not really that familiar with Linux but I was able to get PI-hole with Unbound working. All settings are the same with the instructions found in the Pi-hole website/github page. Upon checking the Pi-hole admin webpage, I can clearly see that DNS queries are being forwarded to 127.0.0.1#5335 or the Unbound server. How do I make sure then that Unbound is working as a recursive server and it's not just forwarding it to some other DNS Server like Google (like Pi-hole > Unbound > Google)?

I also tried deleting the contents of my root.hints file just to test but for some reason, I can still access websites and use dig command. Also restarted unbound and rebooted my pi as well. Shouldn't my DNS server fail to function if this file is not found?

EDIT: All questions answered. Thanks everyone!

Also if there are any ban lists, please send them to me

Yes, it is, it's short for Chhhhhhhhhhhhhhhhhhhhhaaaaaaaaaadddddddddddddddddddd

Been here since beta, have over 2k hours in game and im just beyond tired of seeing events, quests and generally just the entire game having trouble loading, and god forbid you see the server not responding message in the middle of a queen or earl. Dont get me wrong I agree that the game has made good steps since launch but it still has so much more to go in the sence of being a stable game. How do my fellow 76ers feel?

When installing Debian, there is this part of the installation:

https://preview.redd.it/5sc53fie2l371.png?width=790&format=png&auto=webp&s=a975e0d6d95e279c26a94323a9fe396943288ac9

Is this where you set a custom domain name for your Debian set up if you're going to setup a server to make it public?

I have Ubuntu server running with the LAMP stack right now. I also have set up an ethernet cable hooked up my home WIFI router, and have also pointed my domain names to the static ip address on my Ubuntu server PC. When I type in the domain name into any of my computers connected to my home wifi, it will run, but when I'm at a coffee shop or some public place and try to type in the domain name, it won't show anything. Am I doing something wrong?

I want to switch from Ubuntu server to Debian, and during the installation process, I'm brought to a prompt to enter a domain name. Will this set up a public ip address to make my web server public so that my websites can be accessed outside my house?

Hi there, I have been driving myself crazy trying to figure this out... I am trying to identify the size of my manager's teams - essentially counting up every direct and indirect report a manager has. The data is hierarchal, each employee has a single manager listed. I figure the best way to get this would be a recursive CTE, but I'm not getting what I want. Here is some sample data:

And here is the code I have so far:

WITH cte AS(

SELECT eeid,fnm,mgr,1 lvl

FROM CUSTOM.dbo.ut_HRIS

WHERE mgr IS NULL

UNION ALL

SELECT e.eeid,e.fnm,e.mgr,o.lvl + 1

FROM CUSTOM.dbo.ut_HRIS e

INNER JOIN cte o ON e.mgr = o.eeid

WHERE e.mgr IS NOT NULL)

SELECT * FROM cte o

Here is the output:

What I am looking for is to see a line for every direct/indirect report per manager - so Wendy would have 5 lines on the output, because everyone eventually rolls up to her. Timothy would have 4 rows, Lauree 3, etc.

Can anyone tell me what mistake I am making? Or if I am completely approaching this the wrong way?

EDIT: Problem solved! I ended up using the code from PossiblePreparation, as well as the tip from Seven-of-Nein. Put together it worked like a charm. Thanks for the help everyone.

We are just a fun community style server I don’t really care what u say as long as it isn’t super raunchy or mean please respect the staff If u want to join dm me

I couldn't find an answer to this one. Negate says on the pfSense docs that the resolver (unbound) that is installed and enabled by default ignores any recursive name servers set and instead query the root servers directly, unless configured otherwise. (https://docs.netgate.com/pfsense/en/latest/services/dns/resolver.html). So I was thinking, in a privacy point of view, why having an intermediate and send them all your browsing history? Cloudflare implements, for example, DNS over TLS, DNS over HTTPS and even encryption of SNI (so "your ISP can't really see the names you are querying"). But ISPs can see the IPs you are accessing and, therefore, can trace back the IPs to their corresponding names. It looks like a bogus sense of privacy only to convince the users to send them their DNS requests. Besides, running it locally could bypass censorship on the DNS level (yes, it happens sometimes in my country, very "democratic") and the local cache could not only speed things up but also really improve privacy by reducing the number of queries sent though wan (and, obviously, excluding intermediates). Idk, maybe I am misunderstanding the functionality of the DNS stack. Am I missing something? Could someone help elaborate? Thanks!

https://youtu.be/FnFtWsZ8IP0

Pi-Hole is an awesome service to run in your house. It keeps ads from loading on every device, and will run on any Raspberry Pi, Docker container or virtual machine you'd like. But did you know it can do SO much more than just block ads? You can also completely bypass 3rd party DNS servers like 8.8.8.8, 1.1.1.1, 208.67. 222.222, or the ones ran by your ISP.

Hi, I have a job interview task for a Devops engineer position. Have to create a Linux VM that runs a DNS server using IaC tools on a cloud platform. I know the cloud/IaC part but don't have that much Linux experience.

The requirements for the DNS server are it should be able to resolve public DNS zone domains like google.com, reddit.com etc.

I have set up Bind DNS server and stuck at the config part. I looked up some docs and tutorials but most explain how to map a specific hostname to an IP. I need a way for it to resolve not just that but all public domain names. How do I do that? Or am I misunderstanding something?

Thanks!

Using Pi-Hole with Unbound (as recursive) and while reviewing some firewall logs, I am receiving public inbound queries of one to two per second to Port 53. My firewall is blocking them all. As a test, I forwarded all of my internal queries (via Unbound) to OpenDNS. I verified traffic was being forwarded to OpenDNS, and in about 30 minutes, all inquiries to my Port 53 stopped.

About an hour later, I removed the forwarders (back to recursive) and about 30 minutes later, the queries are back. About one to two per second. Is this behavior expected?

I hate ads. I also have an old Chromebook Flip (C100PA) that has reached end of life over a year ago. I decided to do a little project to convert this nice low-powered device into an ad-blocking server for my entire network. While working on this project, I documented all of my steps. Everything I did is within a single script. This script, once executed, will only perform one step of the process, which is to migrate Debian 10 (Buster) from your SDCard to the internal EMMC, replacing Chrome OS. All other steps are in the comments in the script and have to be manually run/performed.

Overall, I'm quite happy with the results and am pretty amazed at how well it holds up against my actual Raspberry Pi 4 as an ad-blocking server, even though the Chromebook Flip is operating over WiFi. I'm so glad I did this as this terrific hardware was going to waste.

The caveats:

• There is no way to run a newer linux kernel > 4.19.133 armv7l. It requires far more work than I'm willing to do at the moment and is tied to the final release of Chrome OS for this device.
  • Do not try to install a newer kernel in Debian, it's a waste of space as it will never boot.
• The device will most likely be limited to Debian Buster (v10). That's fine for now since that is what PiHole is set up for at the moment.
• The device will still rely on the default Chrome OS bootloader/kernel, but it can be tweaked to reduce the timer and to have it auto boot from internal storage.

Some more notes:

• I set my Chromebook Flip up as a headless server, I have not tried the image with LXDE (image sources in the script comments).
• Performance will not be great until you disable WiFi power-saving features and set the CPU Governor to Performance (instructions in the script comments).
• Below is the script I wrote to replace Chrome OS on my Chromebook Flip (C100PA) with Debian Buster, then set up Unbound and PiHole for a recursive ad-blocking DNS server.
• I TAKE ABSOLUTELY NO RESPONSIBILITY IF YOU BRICK YOUR DEVICE USING MY SCRIPT

What this script walks you through:

1. Enabling developer mode
2. Removing write protection (for overriding the BIOS flags)
3. Reducing the timeout value for the developer boot screen
4. Preparing an SDCard with a Debian 10 (Buster) image
5. Booting the Chromebook Flip into Debian 10 (Buster) from the SDCard
6. Replacing Chrome OS on your Chromebook Flip (C100PA) with the image from your SDCard (What the script itself actually performs)
7. Extra comments

I couldn't find an answer to this one. Negate says on the pfSense docs that the resolver (unbound) that is installed and enabled by default ignores any recursive name servers set and instead query the root servers directly, unless configured otherwise. (https://docs.netgate.com/pfsense/en/latest/services/dns/resolver.html). So I was thinking, in a privacy point of view, why having an intermediate and send them all your browsing history? Cloudflare implements, for example, DNS over TLS, DNS over HTTPS and even encryption of SNI (so "your ISP can't really see the names you are querying"). But ISPs can see the IPs you are accessing and, therefore, can trace back the IPs to their corresponding names. It looks like a bogus sense of privacy only to convince the users to send them their DNS requests. Besides, running it locally could bypass censorship on the DNS level (yes, it happens sometimes in my country, very "democratic") and the local cache could not only speed things up but also really improve privacy by reducing the number of queries sent though wan (and, obviously, excluding intermediates). Idk, maybe I am misunderstanding the functionality of the DNS stack. Am I missing something? Could someone help elaborate? Thanks!