DNS

DNS Server

Tutorials

DNS over HTTPS (DoH)

Secure DNS

Adguard Home
NSD

An authoritative-only DNS server

Pi-hole

Pi-hole - A DNS-based advertisement blocker

docker-compose.yaml :

# More info at https://github.com/pi-hole/docker-pi-hole/ and https://docs.pi-hole.net/
services:
  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    ports:
      # DNS Ports
      - "53:53/tcp"
      - "53:53/udp"
      # Default HTTP Port
      - "80:80/tcp"
      # Default HTTPs Port. FTL will generate a self-signed certificate
      - "443:443/tcp"
      # Uncomment the line below if you are using Pi-hole as your DHCP server
      #- "67:67/udp"
      # Uncomment the line below if you are using Pi-hole as your NTP server
      #- "123:123/udp"
    environment:
      # Set the appropriate timezone for your location (https://en.wikipedia.org/wiki/List_of_tz_database_time_zones), e.g:
      TZ: 'Asia/Taipei'
      # Set a password to access the web interface. Not setting one will result in a random password being assigned
      FTLCONF_webserver_api_password: 'correct horse battery staple'
      # If using Docker's default `bridge` network setting the dns listening mode should be set to 'ALL'
      FTLCONF_dns_listeningMode: 'ALL'
    # Volumes store your data between container upgrades
    volumes:
      # For persisting Pi-hole's databases and common configuration file
      - './etc-pihole:/etc/pihole'
      # Uncomment the below if you have custom dnsmasq config files that you want to persist. Not needed for most starting fresh with Pi-hole v6. If you're upgrading from v5 you and have used this directory before, you should keep it enabled for the first v6 container start to allow for a complete migration. It can be removed afterwards. Needs environment variable FTLCONF_misc_etc_dnsmasq_d: 'true'
      #- './etc-dnsmasq.d:/etc/dnsmasq.d'
    cap_add:
      # See https://docs.pi-hole.net/docker/#note-on-capabilities
      # Required if you are using Pi-hole as your DHCP server, else not needed
      - NET_ADMIN
      # Required if you are using Pi-hole as your NTP client to be able to set the host's system time
      - SYS_TIME
      # Optional, if Pi-hole should get some more processing time
      - SYS_NICE
    restart: unless-stopped
Technitium

Self host a DNS server for privacy & security

dig - DNS Lookup Utility

The dig is a powerful CLI to find out information about domains and IP addresses without using any 3rd party tools or websites. 

01. What is the website’s IP address?

dig apple.com

 02. How do you identify the name servers(NS) associated with a domain? 

dig NS apple.com +short 
dig NS com. +short

03. Which eMail Servers(MX) are responsible for a domain? 

dig MX apple.com +short

04. Finding out the domain name associated with the IP address (reverse IP lookup) 

dig -x 1.1.1.1 +short 
dig -x 8.8.4.4 +short

05. Finding out the delegation path for any DNS zone (learn how DNS works) 

dig apple.com +trace

06. Finding out DNS answers from specific cache resolver (e.g. Cloudflare [1.1.1.1], Google DNS [8.8.8.8], IBM and so on for cyberciti.biz domain) 

dig A cyberciti.biz @1.1.1.1 +short 
dig A cyberciti.biz @8.8.8.8 +short

07. Finding out the cache expire time (TTL) for DNS 

# AAAA is for IPv6
dig A www.cyberciti.biz +nocmd +noall +answer +ttlid 
dig AAAA www.cyberciti.biz +nocmd +noall +answer +ttlid

08. Finding if a zone is synchronized with all authoritative name servers (look for serial number) 

dig nixcraft.com +nssearch

09. What is my public IPv4 or IPv6 address? 

dig TXT o-o.myaddr.l.google.com @ns1.google.com +short 
dig TXT ch whoami.cloudflare @1.0.0.1 +short

10. Getting help about the dig command 

man dig

11. Finding out the IP address associated the domain name.

dig yahoo.com +short | sort -V

 

 

What's DNS

Tutorials
How DNS Works

how_dns_works.jpg

how_dns_works_2.jpg

DNS Record Type

dns_record_type.jpg

DNS Online Tools

DNS Check
SPF/DKIM/DMARC Check
Domain Tools