How much EU is in DNS4EU?

#DNS 

This is another post that started after several toots on mastodon. Most of the things presented here were already tooted by other people, but I think this is a good chance to write a mini tutorial about what to look at. We’ll use DNS, whois, BGP and your favourite search engine.

What is DNS4EU?

To quote the web page:

Supported by the European Union Agency for Cybersecurity (ENISA), the European Union’s DNS4EU secure-infrastructure project provides a protective, privacy-compliant, and resilient DNS service to strengthen digital sovereignty and security for EU citizens, governments, and critical infrastructure.

It’s 2025

#IPv6 

A short one, also via mastodon:

host deutschehochschule.de
deutschehochschule.de has address 162.159.134.42
deutschehochschule.de has IPv6 address ::ffff:162.159.134.42
deutschehochschule.de mail is handled by 0 deutschehochschule-de.mail.protection.outlook.com.

“Of course we have IPv6”. BTW: The IPv4 address is from Cloudflare. AFAIK: You have to actively do something not to do proper IPv6 using Cloudflare.

A small DNS problem

#DNS  #BIND 

Just so I find it again when I run across the same problem in the future:

I wanted to log in to one of my servers and couldn’t access it, because I couldn’t resolve the name from one specific domain. All other domains worked fine.

So let’s head over to the DNS server and check what we can do. I’m running BIND, and it ships with two tools, named-checkconf and named-checkzone. As the name implies named-checkconf checks the overall configuration, named-checkzone single zone. There is also an option -z for named-checkconf that checks all the primary zones found in the configuration.

Another DNS problem

#DNS  #troubleshooting 

Another troubleshooting tale.

When you look at the following output, what is your first guess?

root@mail:~# postqueue -p
-Queue ID-  --Size-- ----Arrival Time---- -Sender/Recipient-------
D94947FBE83    1331 Thu Apr  3 15:18:58  jens@example.net
(Host or domain name not found. Name service error for name=example.com type=MX: Host not found, try again)
                                         foobar@example.com

DNS right? Nope! Well kind off.

In reality it was another domain and not example.com, and it was of many mails I wrote that day and the only one that couldn’t be delivered. What looked like a DNS problem at first glance was accutaly an IPv4 routing problem inside the provider network.

Using make for system administration

#Linux  #Tools 

In another blog post I wrote that I’m using make to restart BIND and showed the following example:

root@dns:/etc/bind# cat Makefile
all:
        /usr/sbin/named-checkconf -z
        /usr/sbin/rndc reload

The all in the above Makefile is the default target used when calling make without options. The second line (Note that there is a TAB) runs a bind tool called named-checkconf with the option -z to check the BIND configuration and zones. If that works the third line is executed and BIND is restarted. If named-checkconf fails because you have a bad configuration the third line will not be executed.

License: CC BY-SA 4.0