DNS setup and redirect www to site root

I have written up a web masters question for this, but to summarise....

How can I manipulate the DNS records I have on my website managed in godaddy to make the www. part of the URL work?

I'm stumped at what to change and plus I don't want to cause any more down time on the site. Any help would be appreciated.

My wordpress site is hosted on kinsta if that helps. Even though I think that this is more of a go daddy issue that I'm not too comfortable with.

See Question for more details. Thanks for taking a look.

πŸ‘︎ 2
πŸ’¬︎
πŸ‘€︎ u/cwiggo
πŸ“…︎ Jan 25 2022
🚨︎ report
Root DNS issues?

Seeing unavailability on lots of sites or intermittent access; from our research looks like a DNS error - for example:

;; Got SERVFAIL reply from 192.168.3.253, trying next server

Server: 8.8.8.8

Address: 8.8.8.8#53

** server can't find pge.com: SERVFAIL

Downdetector.com is showing big spikes.

EDIT: gotoconnect says "3rd party dependencies so it may indeed by CDN, but that odd DNS response is throwing me.

EDIT 2: AKAMAI was issue; they seem to have resolved, and services are returning to normal.

πŸ‘︎ 37
πŸ’¬︎
πŸ‘€︎ u/wckdgrdn
πŸ“…︎ Jul 22 2021
🚨︎ report
Why would an F-ROOT be querying my client's WAN for DNS requests?

Hello,

I figured I would reach out to some networking gurus as this is a little above my head. We have been getting spammed with port 53 DNS requests from 192.5.5.241, which is an Internet Systems Consortium F-ROOT server.

Our firewall is dropping the traffic, but it's borderline like a DoS attack. I am kind of at a loss on where to go from here.

Thanks in advanced.

[EDIT] Thanks for all the responses.

  • We initiated packet captures but could not identify any internal traffic going out and making requests
  • We blocked all DNS going out except for 2 DNS servers, 1.1.1.1 and 8.8.8.8. 192.5.5.241 are responses are still coming in.
  • 192.5.5.241 is saying that the firewall is making those DNS requests and it's coming over TCP, not UDP (as traditional DNS requests are supposed to come in as)
  • We are going to try and unplug the local LAN switch and monitor the firewall from one device to see if the packets are still coming in
  • The ISP has NOT been helpful at all and basically said "If the internet is up and the modem is working we can't do anything" (This is Charter Spectrum in the LA Area)
  • If the requests continue to come in, we may just change the static IP
πŸ‘︎ 59
πŸ’¬︎
πŸ‘€︎ u/dfoolio
πŸ“…︎ May 05 2021
🚨︎ report
Weird DNS issue this morning maybe someone can help me better understand the root cause

This morning my users where seeing slow browsing, my initial thought was that it was my defender ATP filtering that somehow was having issues, so i began testing.

On my client machine i manually changed DNS server to point to google DNS instead of our internal DNS server, browsing speed was restored. ( my edgerouter also uses google DNS )

with that test i figured it must be something to do with my internal DNS server because my edgerouter uses google DNS aswell so setting it manually on my client machine only ment bypassing AD DNS, however i couldn't find a reasons why the internal DNS would cause this slowdown, i could however see that i was getting DNS errors looking up DNS to defender ATP ( my DNS server has defender ATP sensor installed aswell)

i kept scratching my head for while, doing nslookup on external domains would give me timeouts ( execept microsoft.com and google.com they would resolve fine )

internal lookup was working flawlessly

for good measure i rebooted both my DC's wich are running the DNS service. ( this didn't help issue kept persisting )

after 4 hours troubleshooting the issue resolved itself, but im sitting here still wondering what the hell was the issue, was it simply microsoft ATP that was having issues and preventing DNS lookup?

but when i do an external nslookup from a client machine against the domain DNS , i would not assume the defender ATP client would interfere with that traffic ?

πŸ‘︎ 9
πŸ’¬︎
πŸ‘€︎ u/WoTpro
πŸ“…︎ Jun 10 2021
🚨︎ report
Running A Root Server Locally On Your DNS Resolver blog.technitium.com/2021/…
πŸ‘︎ 3
πŸ’¬︎
πŸ‘€︎ u/shreyasonline
πŸ“…︎ Jul 25 2021
🚨︎ report
Running A Root Server Locally On Your DNS Resolver blog.technitium.com/2021/…
πŸ‘︎ 5
πŸ’¬︎
πŸ‘€︎ u/shreyasonline
πŸ“…︎ Jul 25 2021
🚨︎ report
DNS zone not resolving from google, cloudflare DNS but works on root com servers and opendns?

I opened tickets with cloudflare and google's DNS teams, however it's a public ticketing system so no idea when I'll hear back. I have 2 zones, one's working totally fine, one's non working on google dns and cloudflare (and a local ISP), but works fine on opendns and another local ISP's dns servers. What are things I can check for that might help me figure out why some DNS resolvers are basically ignoring my entire zone?

edit: problem ended up being dnssec, was expired

πŸ‘︎ 2
πŸ’¬︎
πŸ‘€︎ u/fortniteplayr2005
πŸ“…︎ Apr 25 2021
🚨︎ report
Chromium’s impact on root DNS traffic blog.apnic.net/2020/08/21…
πŸ‘︎ 384
πŸ’¬︎
πŸ‘€︎ u/alexeyr
πŸ“…︎ Aug 21 2020
🚨︎ report
Handshake (HNS) is a decentralised, permissionless naming protocol in which peers authenticate and are responsible for managing the root DNS naming zone to create an alternative to Existing naming systems and certification bodies. Join me in breaking down the token economics of $HNS. youtu.be/bJN_gqgEYPs
πŸ‘︎ 15
πŸ’¬︎
πŸ‘€︎ u/economicsdesign
πŸ“…︎ Apr 19 2021
🚨︎ report
Handshake (HNS) is a decentralised, permissionless naming protocol in which peers authenticate and are responsible for managing the root DNS naming zone to create an alternative to Existing naming systems and certification bodies. Join me in breaking down the token economics of $HNS. youtu.be/bJN_gqgEYPs
πŸ‘︎ 7
πŸ’¬︎
πŸ‘€︎ u/economicsdesign
πŸ“…︎ May 24 2021
🚨︎ report
How Chromium reduces Root DNS traffic | APNIC Blog blog.apnic.net/2021/02/04…
πŸ‘︎ 17
πŸ’¬︎
πŸ‘€︎ u/cmeerw
πŸ“…︎ Feb 04 2021
🚨︎ report
DNS - why using recursive servers (e.g. 1.1.1.1) instead of running a local server and querying the root servers directly? (Crosspost from r/networking)

I couldn't find an answer to this one. Negate says on the pfSense docs that the resolver (unbound) that is installed and enabled by default ignores any recursive name servers set and instead query the root servers directly, unless configured otherwise. (https://docs.netgate.com/pfsense/en/latest/services/dns/resolver.html). So I was thinking, in a privacy point of view, why having an intermediate and send them all your browsing history? Cloudflare implements, for example, DNS over TLS, DNS over HTTPS and even encryption of SNI (so "your ISP can't really see the names you are querying"). But ISPs can see the IPs you are accessing and, therefore, can trace back the IPs to their corresponding names. It looks like a bogus sense of privacy only to convince the users to send them their DNS requests. Besides, running it locally could bypass censorship on the DNS level (yes, it happens sometimes in my country, very "democratic") and the local cache could not only speed things up but also really improve privacy by reducing the number of queries sent though wan (and, obviously, excluding intermediates). Idk, maybe I am misunderstanding the functionality of the DNS stack. Am I missing something? Could someone help elaborate? Thanks!

πŸ‘︎ 13
πŸ’¬︎
πŸ‘€︎ u/Sanziumm
πŸ“…︎ Nov 03 2020
🚨︎ report
Seeing lots of DNS queries to my WAN for <Root> w/ OPT additional record

I recently noticed a bunch of DNS requests hitting my WAN IP (where I don't run a DNS server). They're sustained, from a fairly small set of source IPs. The queries are weird: The "Question" is for <Root> (a single 00 byte), and have an "Additional record" of type OPT, also with name <Root>. Is this part of an attack against some recent CVE? Is it worth reporting these sorts of things to the abuse contact in WHOIS for the IP?

22:30:06.406020 IP (tos 0x0, ttl 240, id 43779, offset 0, flags [none], proto UDP (17), length 56)
    169.55.119.4.43136 &gt; xxx.xxx.xxx.xxx.53: [udp sum ok] 22510+ [1au] A? . ar: . OPT UDPsize=1280 (28)
22:30:12.415737 IP (tos 0x0, ttl 240, id 43789, offset 0, flags [none], proto UDP (17), length 56)
    169.55.119.4.35237 &gt; xxx.xxx.xxx.xxx.53: [udp sum ok] 12216+ [1au] A? . ar: . OPT UDPsize=1280 (28)
22:30:23.110057 IP (tos 0x0, ttl 240, id 15394, offset 0, flags [none], proto UDP (17), length 56)
    198.23.119.36.2532 &gt; xxx.xxx.xxx.xxx.53: [udp sum ok] 37476+ [1au] A? . ar: . OPT UDPsize=1280 (28)
22:30:29.129976 IP (tos 0x0, ttl 240, id 15402, offset 0, flags [none], proto UDP (17), length 56)
    198.23.119.36.45860 &gt; xxx.xxx.xxx.xxx.53: [udp sum ok] 31860+ [1au] A? . ar: . OPT UDPsize=1280 (28)
22:30:35.139692 IP (tos 0x0, ttl 240, id 15410, offset 0, flags [none], proto UDP (17), length 56)
    198.23.119.36.16678 &gt; xxx.xxx.xxx.xxx.53: [udp sum ok] 13519+ [1au] A? . ar: . OPT UDPsize=1280 (28)
22:30:45.435683 IP (tos 0x0, ttl 240, id 43833, offset 0, flags [none], proto UDP (17), length 56)
    169.55.119.4.44565 &gt; xxx.xxx.xxx.xxx.53: [udp sum ok] 14516+ [1au] A? . ar: . OPT UDPsize=1280 (28)

In case anyone is curious here's a redacted (-) hexdump of one of the packets:

-- -- -- -- -- -- -- -- -- -- -- -- 08 00 45 00
00 38 a8 81 00 00 f0 11 12 df a9 37 77 04 -- --
-- -- 40 cd 00 35 00 24 59 f9 4d 2b 01 00 00 01
00 00 00 00 00 01 00 00 01 00 01 00 00 29 05 00
00 00 00 00 00 00
πŸ‘︎ 10
πŸ’¬︎
πŸ‘€︎ u/sudo_mksandwhich
πŸ“…︎ Feb 19 2021
🚨︎ report
Setting Bind as a root DNS server and changing root hints

I have not been able to find any information on doing such a thing, not on this website or the web itself (I suppose because it is considered pointless). So I will be first to ask does anyone with good experience in Bind know if it is possible to set up Bind as a root DNS, and how to change the local recursive server's root hints file (not making a new one which would prevent from accessing the official roots) to include this new root which could point delegate local TLDs? And yes, I know I could just set up the recursive server to handle local domains, but I can't help but feel that this is possible, and I have a few computers collecting dust that could be doing something. This will be a simple activity for learning's sake, so what is practical and not can be ignored. I appreciate any help you can provide.

πŸ‘︎ 5
πŸ’¬︎
πŸ‘€︎ u/theholyplatypus
πŸ“…︎ Jan 19 2021
🚨︎ report
The operation requested is not permitted on a DNS root server

Hi DNS Experts,

Error: a problem occurred while trying to add the conditional forwarder. The operation requested is not permitted on a DNS root server.

We have "com" zone and under that Microsoft delegation but now trying to create logins.microsoft.com conditional forwarder but getting the above error.

Our Internal DNS forwarding to DMZ DNZ for the external name resolution but trying to set up direct access.

Do I have to create a stub zone with that name?

πŸ‘︎ 2
πŸ’¬︎
πŸ‘€︎ u/AusSupport
πŸ“…︎ Feb 01 2021
🚨︎ report
Chromium cleans up its act and daily DNS root server queries drop by 50 billion theregister.com/2021/02/0…
πŸ‘︎ 31
πŸ’¬︎
πŸ‘€︎ u/rwnash
πŸ“…︎ Feb 04 2021
🚨︎ report
Chromium cleans up its act and daily DNS root server queries drop by 60B theregister.com/2021/02/0…
πŸ‘︎ 20
πŸ’¬︎
πŸ‘€︎ u/qznc_bot2
πŸ“…︎ Feb 05 2021
🚨︎ report
Chromium cleans up its act – and daily DNS root server queries drop by 60 billion theregister.com/2021/02/0…
πŸ‘︎ 19
πŸ’¬︎
πŸ‘€︎ u/CrankyBear
πŸ“…︎ Feb 04 2021
🚨︎ report
Chromium cleans up its act – and daily DNS root server queries drop by 60 billion | The Register theregister.com/2021/02/0…
πŸ‘︎ 13
πŸ’¬︎
πŸ‘€︎ u/kv_87
πŸ“…︎ Feb 04 2021
🚨︎ report
DNS root hints privacy

Hi.

I have setup my own recursive DNS servers. All works fine, but I have still concerns about privacy. On what port my servers are connecting to root hint servers? Usual unencrypted 53? Do they log queries?

πŸ‘︎ 5
πŸ’¬︎
πŸ‘€︎ u/kasinjsh
πŸ“…︎ Sep 26 2020
🚨︎ report
How Chromium reduced Root DNS traffic blog.apnic.net/2021/02/04…
πŸ‘︎ 3
πŸ’¬︎
πŸ‘€︎ u/eberkut
πŸ“…︎ Feb 18 2021
🚨︎ report
Chromium cleans up its act – and daily DNS root server queries drop by 60 billion theregister.com/2021/02/0…
πŸ‘︎ 4
πŸ’¬︎
πŸ‘€︎ u/rtbot2
πŸ“…︎ Feb 04 2021
🚨︎ report
Adguard - tons of dns requests for a.root-servers.net

Hey guys, I've been noticing a slowdown in name resolution on my home network, and when checking the query log in adguard I see tons of requests that are timing out from dns.local.hass.io to root-servers.net with a ttl of around 500,000ms. Are these requests normal, and if so what can I do to get them to move a little faster?

πŸ‘︎ 7
πŸ’¬︎
πŸ‘€︎ u/Neontc
πŸ“…︎ Jul 17 2020
🚨︎ report
How Chromium reduces Root DNS traffic blog.apnic.net/2021/02/04…
πŸ‘︎ 2
πŸ’¬︎
πŸ‘€︎ u/oaf357
πŸ“…︎ Feb 05 2021
🚨︎ report
DNS filtering doesn't work on (root) http proxy mode

I'm rooted on Android 11 (December patch), using Pixel 4XL.

DNS filtering doesn't work when in auto proxy mode. I can select the DNS server and turn on filtering, but the selected DNS server isn't used, nor is there any kind of filtering. My wifi provider is used instead; it's the same on mobile data.

DNS filtering works on VPN mode.

Can anyone tell me why? Is there a setting I need to check?

Thank you and God Bless.

πŸ‘︎ 3
πŸ’¬︎
πŸ“…︎ Jan 03 2021
🚨︎ report
european rivers with "DN" root in the name (taken mainly in italian)
πŸ‘︎ 44
πŸ’¬︎
πŸ‘€︎ u/ASTRONACH
πŸ“…︎ Jan 29 2020
🚨︎ report
Non-Root User DNS fails

I have a handful of docker containers that connect out to the internet to look for updates and unfortunately it appears that if the container is running under a non-root account, DNS fails. But if the container is run under root, DNS works. For example I have a Nextcloud container which for the most part is fine with DNS not working (with the exception of reaching the DB server, but I'm using IPs for that) but it fails to check for updates to addons. I ran a "docker exec -it nextcloud /bin/bash" which connects as root and have no problem issuing a "curl www.google.com" or any other site. But if I connect as "docker exec -it -u www-data nextcloud /bin/bash", DNS completely fails. I THINK it has something to do with rights to the /etc/resolve.conf file within the container as only root has read access. Would this be an issue with the image, my docker config, or possibly even my filesystem? I do have my config file stored as a bind and not a docker volume, but I allowed the container to create the folder upon creation.

πŸ‘︎ 16
πŸ’¬︎
πŸ‘€︎ u/ParadingLunatic
πŸ“…︎ May 21 2020
🚨︎ report
DNS Root Hints issue

Weird DNS Issue. Our Bind 9 server is pointed to the root hints. We tried to resolve zoom.us and get a time out. Tried to resolve google.com and it resolves. So instead of using the root hints, we changed it to 8.8.8.8 and are able resolve zoom.us.

Anyone else seeing this?

πŸ‘︎ 8
πŸ’¬︎
πŸ‘€︎ u/oneCrazyAdmin
πŸ“…︎ Aug 27 2020
🚨︎ report
Pihole->Stubby->DOT->Quad9 DNS or Pihole->Ubound->Root NameServers?

My current Pihole setup with redundancy:

Raspberry 3b+: Pihole DNS #1

Raspberry 3b: Pihole DNS #2

Stubby is setup on both the Rpi's with DOT using Quad DNS 9.9.9.9 on PiHole #1 and 149.112.112.112 on Pihole #2.

Benefits of DOT with Quad9:

  1. Safety from MITM Attack
  2. Quad9 Blocks list of domains combined from 19 different threat intelligence partners

I know DOT doesn't provide any security or privacy as the ISP can still see the plaintext SNI.

Lately, I have been reading a lot of comments on reddit about Unbound DNS.

If I switch to Unbound with Root Name servers, then I will lose the two benefits that I am getting with DOT using Quad9.

Shall I switch to Unbound DNS or stick with DOT using Quad9?

Cheers

Akl

πŸ‘︎ 3
πŸ’¬︎
πŸ‘€︎ u/akl88
πŸ“…︎ Jul 24 2020
🚨︎ report
Scaling the Root of the DNS circleid.com/posts/202009…
πŸ‘︎ 7
πŸ’¬︎
πŸ‘€︎ u/cmeerw
πŸ“…︎ Sep 27 2020
🚨︎ report
Anycast & Corporate DNS; also, querying root-level servers directly?

Hey guys, I've got a couple of DNS-related questions for you all.

  1. When you're hosting multiple authoritative name servers for your enterprise - perhaps in primary/backup or active/active data centers - would you typically anycast them to one logical IP address? Or can you register your domain as having multiple authoritative servers?

  2. if you can have multiple authoritative servers, how does the TLD server decide which one to route requests to? Are there assigned levels of priority? Is it round robin? Are there any health checks involved?

  3. Typically on your corporate DNS servers would they query all the root-level DNS servers directly, or do they need to route through your ISP's DNS servers / public DNS servers such as 8.8.8.8.

Sorry if these are stupid questions, I'm just trying to understand a bit more about how DNS is configured both on the enterprise side as well as the TLD & root sides. I've searched online and I can't seem to find any answers to this question beyond just the basics of DNS.

πŸ‘︎ 8
πŸ’¬︎
πŸ‘€︎ u/Azarias59
πŸ“…︎ Apr 25 2020
🚨︎ report
A Chrome feature is creating enormous load on global root DNS servers arstechnica.com/gadgets/2…
πŸ‘︎ 28
πŸ’¬︎
πŸ‘€︎ u/rwnash
πŸ“…︎ Aug 26 2020
🚨︎ report
Pi-hole with unbound + root-hints as a recursive DNS server. CNAME not resolved?

I follow https://docs.pi-hole.net/guides/unbound/ all domains seems resolved properly except those domain with load balance CNAME. dig command return CNAME but no A record. Only happen when using root-hints instead of forwarding to 1.1.1.1 etc. Any insight?

πŸ‘︎ 2
πŸ’¬︎
πŸ‘€︎ u/NoMoreTech
πŸ“…︎ Aug 25 2020
🚨︎ report
How to set the DNS so that both the root domain and the subdomain of a gitlab page point to the same address?

I created a static site with Hugo and hosted it on gitlab, in a repository called (for example) "example.gitlab.io" which can be reached (again for example) at the address "https://example.gitlab.io"

I own a domain that has been assigned to me by tophost.it, say example.it

As explained in this document, and in particular in this paragraph (*), I created 4 dns:

  1. @ A 35.185.44.232
  2. www CNAME example.gitlab.io
  3. _gitlab-pages-verification-code TXT gitlab-pages-verification-code = ...
  4. _gitlab-pages-verification-code.www TXT gitlab-pages-verification-code = ...

In my gitlab control panel Settings/General/Visibility/Pages is setted to β€œEveryone”.

If I type in any browser example.it my site hosted on gitlab opens normally; if instead I type www.example.it I get the following error message:

> 401 > > You don't have permission to access the resource. > > The resource that you are attempting to access is protected and you don't have the necessary permissions to view it.

What's the mistake? How to correct it? Can those who have a site hosted on gitlab explain to me how they set their DNS to connect their custom domain with and without "www"?


(*): ... There are a few cases where you need point both subdomain and root domain to the same website, for instance, example.com and www.example.com. ...

πŸ‘︎ 4
πŸ’¬︎
πŸ‘€︎ u/Akira-Takeshi
πŸ“…︎ Mar 24 2020
🚨︎ report
Chromium’s impact on root DNS traffic | APNIC Blog blog.apnic.net/2020/08/21…
πŸ‘︎ 17
πŸ’¬︎
πŸ“…︎ Aug 21 2020
🚨︎ report
Non-root app that's a DNS changer (i.e. DoH/DoT) AND blocks wifi/mobile access to apps

EDIT: QUESTION ANSWERED, got Adguard.

Changing DNS requires VPN.

Blocking internet access to apps requires VPN.

I've found apps that do either one of these, but not both. Which means I can only use the VPN on my phone for one thing at a time rather than both.

πŸ‘︎ 5
πŸ’¬︎
πŸ‘€︎ u/shoot2die
πŸ“…︎ Mar 05 2020
🚨︎ report
Chromium's Impact on Root DNS Traffic blog.apnic.net/2020/08/21…
πŸ‘︎ 9
πŸ’¬︎
πŸ‘€︎ u/qznc_bot2
πŸ“…︎ Aug 21 2020
🚨︎ report
DNS question - why using a recursive resolver (e.g. 1.1.1.1 or your ISP's) instead of running it locally and querying directly the DNS root servers?

I couldn't find an answer to this one. Negate says on the pfSense docs that the resolver (unbound) that is installed and enabled by default ignores any recursive name servers set and instead query the root servers directly, unless configured otherwise. (https://docs.netgate.com/pfsense/en/latest/services/dns/resolver.html). So I was thinking, in a privacy point of view, why having an intermediate and send them all your browsing history? Cloudflare implements, for example, DNS over TLS, DNS over HTTPS and even encryption of SNI (so "your ISP can't really see the names you are querying"). But ISPs can see the IPs you are accessing and, therefore, can trace back the IPs to their corresponding names. It looks like a bogus sense of privacy only to convince the users to send them their DNS requests. Besides, running it locally could bypass censorship on the DNS level (yes, it happens sometimes in my country, very "democratic") and the local cache could not only speed things up but also really improve privacy by reducing the number of queries sent though wan (and, obviously, excluding intermediates). Idk, maybe I am misunderstanding the functionality of the DNS stack. Am I missing something? Could someone help elaborate? Thanks!

πŸ‘︎ 2
πŸ’¬︎
πŸ‘€︎ u/Sanziumm
πŸ“…︎ Nov 03 2020
🚨︎ report

Please note that this site uses cookies to personalise content and adverts, to provide social media features, and to analyse web traffic. Click here for more information.