Tootfinder

I write up some of my advice on surviving DNS outages as it seems timely #AWS #DNS https://adrianco.medium.com…

The standalone Proxmox server is basically done at this point, all three DNS servers are online and secure, the Tailscale VM is online after completely forgetting that it was running on one of the Raspberry Pis, and the `authentik` instance that I'm gonna need to work on tomorrow.
#proxmox #dns

@… Hey, it is me again 😅
Just to let you know that I receive some 400 Bad Request errors from some DoH servers (dns.quad9.net and ns0.fdn.fr for instance) while some others accept my queries (dns.google and Cloudflare 1.1.1.1).
I am not sure yet if the error is on my use of the library or within the library itself.
Here is the code to run the query:

from my link log —
The disappearing Windows DNS debug log.
https://nxlog.co/disappearing-windows-dns-debug-log
saved 2019-01-10 https://

»Amazon Web #Service's — DNS-Problem legte zahlreiche #Online-Dienste lahm:
Wenn es einmal bei einem der großen #Cloud Service #Provider

I switched away from GitHub to host my (so far) boring ass website somewhere else and obviously had DNS issues!
Adjusted DNS records and it worked smoothly everywhere except on my own machine where they could not be found *at all* (not even outdated ones). But waiting it out obviously fixed it in the end. I’m no AWS so nobody noticed or cared. 😵‍💫

"Self-hosting DNS for no fun, but a little profit!" – Morten Linderud
https://linderud.dev/blog/self-hosting-dns-for-no-fun-but-a-little-profit/

regarding AWS' outages yesterady

If it's not DNS, it's usually a race condition.
AWS: wheeeeee, we had both!
#AWS #AWSoutage

Heute hat die Welt mal wieder gemerkt, wie das so ist, wenn man von US-amerikanischer IT abhängig ist, oder?
Wie hoch ist die Chance, dass die Welt nach diesem zichsten Ausfall von großen Anbietern endlich mal etwas lernt?
#Cloud #DNS

On Website Technicals (2025-10) - Tech updates: Sitebulb AdSense fails, RSS description, lite ads, ISSN lookup, micro-opts, DNS broke intensity, SVG inline URL-encoded, CO2 pcm, flock. - https://m.earth.org.uk/note-on-site-technicals-101.html

»DNS0 ist abgeschaltet. Ein Rückblick auf das kurze Leben des EU-finanzierten DNS-Resolvers.
DNS0 ist Geschichte. Betreiber war eine französische Non-Profit-Organisation, 2022 gegründet von Romain Cointepas und Olivier Poitrey.«
Das in Europa ein freier & offener DNS Dienst was wichtiges ist nimmt so gut wie niemensch ernst. Selbst IT-Techniker ist es mMn dem nicht wirklich bewusst.
🔌

@… hey, just reaching out to let you know that https://b.diasp.org seems to go to some spam blog now (i assume DNS records were never updated)
side note: is there an activitypub plu…

@… hey, just reaching out to let you know that https://b.diasp.org seems to go to some spam blog now (i assume DNS records were never updated)
side note: is there an activitypub plu…

Have you noticed that when the blame #DNS meme starts flying the root is perfectly operational, there is rarely a mention of the big registry operators, BIND, Unbound, Knot, and PowerDNS are absent the conversation, and many who can craft a reasonable dig query are getting responses from local and public resolvers to debug?
Even with all the misconfiguration, added complexity on top of it, a…

Started migrating services off of the RPis and onto the new #Proxmox server. The initial install went fairly smoothly, got the VLANs configured, and then setup the new primary DNS server. That took longer than it should have, but I will say this: the VM is so much more snappy than the Pi. Next up is the secondary DNS server.

Beschwerde: Karlsruhe stoppt umstrittene DNS-Überwachung einstweilig
Das Verfassungsgericht hat die Anordnung eines Amtsgerichts zur Überwachung von DNS-Anfragen auf eine bestimmte Domain nach Beschwerde des Providers ausgesetzt.

how to use standard DNS UPDATE in a manner that avoids causing outages like AWS us-east-1 https://lobste.rs/s/mw0pus/summary_amazon_dynamodb_service#c_ux4xlb

It's never a good sign when your Monday morning feed is full of #dns and #aws memes. Monday's eh? 🤷

It's always DNS.
If it isn't, it's BGP. Which is just fancy DNS.
#awsdown #aws

AWS says "the underlying DNS issue" is mitigated and most "operations are succeeding normally" after a huge US-EAST-1 outage; some services are still "impacted" (Jess Weatherbed/The Verge)
https://www.theverge.com/news/802486/aws-o

ASRock Rack giving me some 500 in a popup... funny.
Edit: That was on my laptop, but fine on my phone, and also not occurring to someone else on the same Wi-Fi. It may have been one of those DNS whoopsies.

Many #Terraform providers using SSH do not check the SSH host key... they just run with ssh.InsecureIgnoreHostKey...
And to be honest, it is partly the fault of the SSH standard library which makes it super easy to ignore the host key and does not provide any useful builtin key verification function. People are lazy. ssh.FixedHostKey is niche.
So I implemented a small library to v…

3 days ago the RSS feed of planet.ubuntu.com stopped working due to a TLS cert error.
I THINK it's due to them overhauling & moving it to a github-hosted replacement, but as this was done just by redirecting DNS the new host doesn't have a TLS cert with the correct name. If so, this means that people following the old RSS feed can't do so any more and they got no notice that this was going to happen.
I don't know for sure though because my query remains unansw…

> The underlying problem today was a malfunction at Amazon Web Services, where something called "DNS resolution" was not working
BBC putting quotes around "DNS resolution" there, like it's indecipherable Gen-Z slang.
https://www.bbc.co.uk/news/live/c5y8k7k6v1rt

@… Mam na samym routerze zainstalowany AdGuard Home, jak się podpinam pod WiFi u znajomych to mam taki mindfuck jak wygląda teraz internet zawsze - bez adblockera na DNS nie da się go używać.

Maybe all of those people that were laid off were doing some work?
https://www.theregister.com/2025/10/20/aws_outage_amazon_brain_drain_corey_quinn/

NetBSD mail server with Postfix, BIND (for DNS), Dovecot, Pigeonhole (Sieve), SSL, DKIM and SPF
#email

from my link log —
Behind the complaints: investigating the suspicious pressure against archive.today.
https://adguard-dns.io/en/blog/archive-today-adguard-dns-block-demand.html
saved 2025-11-15

German ministry renames itself, domain expires, is bought by SEO-spammer, expires again, is bought by domain grabber, then later bought by itsec company who now learns that apparently plenty of internal systems of the ministry still try to connect to the domain...
I don't even know where to start how terrible that is and what it tells us about government IT security practices...

No, it's not DNS! It can't be!

you can bring down 20% of the internet with a single-character typo in a regex, but you can also destroy a nearly 50 year old bridge with a single incorrectly placed piece of heatshrink
isn't technology beautiful
https://blog.cloudflare.com/details-of-t…

Jag kanske inte ska ropa hej. Något verkar ha ändrats i deras DNS den här morgonen. Jag snubblade över det av en slump(!), tro det eller ej. Kanske har de bara tillfälligt klantat till det så att det kommer tillbaka om några timmar.

Spännande ändå. Och faktiskt helt galet att jag upptäckte det. Satt och pillade med ett eget verktyg för att visa kortlänks-destinationer utan att behöva klicka på kortlänken. Kom ihåg QR-kodlänken och testade med den. Fick felmeddelande direkt. Trodde verk…

from my link log —
trustydns: DNS Over HTTPS proxy, server and query programs.
https://github.com/markdingo/trustydns
saved 2019-06-28 https://do…

LLUAD: Low-Latency User-Anonymized DNS
Philip Sj\"osv\"ard, Hongyu Jin, Panos Papadimitratos
https://arxiv.org/abs/2509.24174 https://arxiv.org/p…

https://defend612.com has been blocked at the domain name level for me and at least two other people over T-Mobile networks (which includes GoogleFi, MetroPCS, and… wait for it… Trump Mobile). For at least all day today.
Seems unlikely to be a technical problem but instead to be Actual Censorship (unless its not …

Looks like Cloudflare DNS is still fine but the proxy that's supposed to protect against DDoS stuff is what's causing everything to be down.

from my link log —
Fuzzing DNS zone parsers.
https://www.cambus.net/fuzzing-dns-zone-parsers/
saved 2019-07-12 https://dotat.at…

I find it really amuzing that IT-departments around the world is just plainly copying the example DNS-records in my blog-posts about DMARC.
Resulting in me getting reports about their domain to my inbox
#dmarc #email

TIL my beloved `dog` DNS client has been unmaintained for a few years and there's a community-based fork called `doge` (the name was chosen before it became a synonym for chainsaw politics): https://dog.ramfield.net

In the recent ICANN Registrations Operation Workshop 30th September 2025, the
following data was shared about DNSSEC Validation Rates
- Region / Rate / Increase since 2023
- Asia 32% 4%
- Oceania 54% 11%
- Africa 46% 15%
- Americas 37% 4%
- Europe 48% 8%
#dns #dnssec

The penultimate talk at #12Clouds is Akshay M talking about Agent Name Service (ANS), a DNS-like trust layer for AI agent deployments

Wrong.
#google #ai #slop

Our friends at tinfoil-factory recently made the initial release of netfoil - a severely hardended minimal filtering dns proxy written in #golang - Seems very useful for reducing the attack surface of your services. #security https://github.com/tinfoil-factory/netfoil/releases/tag/v0.1.0

@… This is me again 😅
Using DoH, I get a weird EOF error during the dnshttp.Response conversion of the HTTP response.
The response was sent using the dnshttp.ResponseWriter implementation.
Digging into the implementation of the ResponseWriter, I see that you truncate the two leading bytes (response size) of TCP answers:

China-aligned threat actor is conducting widespread cyberespionage campaigns https://therecord.media/china-aligned-threat-actor-espionage-network-devices

i should put some weird shit into DNS. no, weirder than that

Run DNS speed tests and compare different DNS resolvers in your browser.
https://codeberg.org/Stomata/DNSspeedtest
Forked from:https://

I can help but feel this "feature" should raise more concerns than it does alleviate them.
"Accelerated recovery for managing public DNS records addresses this need by targeting DNS changes that customers can make within 60 minutes of a service disruption in the US East (N. Virginia) Region."

If you're using Pi-hole with Sky Broadband, you can't directly change the DNS settings for the router (in my case a Sky Hub).
However, if you save the settings as a file, edit the file to add the Pi-hole's address in the DNS field, and re-import it, it appears to work.
https://www.pistonheads.co…

PSA: Use the "accounturi" feature of Let's Encrypt CAA!
If you're hosting a safety/security-critical service, there's a way too unknown feature called "accounturi", that allows you to restrict TLS certificate issuance to a single Let's Encrypt account (and account private key).
You simply create a CAA record on your domain and put your LE account ID into it.
This means that attackers cannot issue TLS certificates and pull man-in-the-middle…

»Exploit-Code verfügbar — DNS-Einträge unzähliger Bind-Server manipulierbar:
Angreifer können via Cache-Poisoning Datenverkehr auf eigene Domains umleiten. Allein in Deutschland sind laut BSI rund 40.000 DNS-Server anfällig.«
Mist aber auch, dem muss ich wohl nun nachgehen ob ich und/oder Kunden davon ebenfalls betroffen sind und wie behebt mensch das?
🔓

Sweet next year letsencrypt will support a persisting DNS record so these tools don’t need access to DNS for renewal

DNS. It's always DNS. Nextcloud server down? No... It's just DNS. *sigh*
#homelab

>Me: *setups secondary DNS server in case primary fails*
>Primary: *fails*
>Hosts: *pretend that secondary doesn't exist*
I sure love DNS...

Huh… CIRA runs the .ca TLD. Not high-profile but… seem to be OK?
[Tl;dr: They’re offering a free DNS resolver, Canadian-built and -run.]
https://cosocial.ca/@kgw/115503438874192927

DNS in the Time of Curiosity: A Tale of Collaborative User Privacy Protection
Philip Sj\"osv\"ard, Hongyu Jin, Panos Papadimitratos
https://arxiv.org/abs/2509.24153 ht…

Microsoft didn't want to be left out of showing everyone why having everyone and everything depend on the same 3 companies is a bad idea 😂
https://www.bleepingcomputer.com/news/microsoft/microsoft-dns-outage-impacts-azure-and-microsoft-365-services/

DNS stands for “DO NOT meSs with this or you’re going to have a bad time”

I had to migrate my #DNS today, and Hurricane Electric is such a pleasurable return to 90s.
Website obviously designed by a backend engineer. Has only tables and buttons. Buttons work and do things. It's fast. It support features fancy sites do not support. On top of it, free.
12/10

@… and this is why I ran ad blocking on the DNS level. And browser addons that deal with most of these crappy modals

See, not always DNS! Sometimes it's BGP.

Hey #askfedi one of my family members android device is making these DNS quarries. I can't fine the culprit. I don't see any weird property apps install on it. Any idea who could be doing this?
Edit: I found syncthing is doing this. But why? Why syncthing needs this? And what is stun?
#DNS

Tao Te Ching: The tao that can be told is not the eternal Tao. The name that can be named is not the eternal Name.
Paul Mockapetris: that's going to make it really hard to issue you a DNS address

.gov #DNS notes
On 2025-01-19 there were two "biden" names, bidenlibrary and bidenwhitehouse. Not so unusual. Associated names for Obama and Trump were also there and remain still. These are exec branch names but the agency responsible for them is the National Archives and Records Administration (NARA).
As of today, there are four additional "trump" labels in the …

@… I am using dnsv2 to develop a "mock" DNS server for my unit tests.
I noticed that when specifying Server.Listener or Server.PacketConn, you also need to specify Server.Net or you end up with a "bad network" error when calling ListenAndServe.
Specifying the Net property seems redundant when the PacketConn/Listener properties are specifie…

Roon Discovery erfolgreich von mDNS auf DNS-basierte Erkennung migriert – lokale Overrides in Unbound definiert, Firewall-Regeln angepasst, Logging aktiviert. Multicast eliminiert, DNS-Transparenz und Segmentkontrolle sichergestellt. Portöffnungen auf ein Mindestmaß reduziert. ROON Server und alle Endpoints werden nun ohne mDNS zuverlässig erkannt und das Streaming funktioniert reibungslos in Richtung aller Endpoints.

from my link log —
Async DNS with Mac OS getaddrinfo_async_start and Rust smol.
https://fnordig.de/2025/11/07/async-dns-in-smol/
saved 2025-11-08 htt…

De novo peptide sequencing rescoring and FDR estimation with Winnow
Amandla Mabona, Jemma Daniel, Henrik Servais Janssen Knudsen, Rachel Catzel, Kevin Michael Eloff, Erwin M. Schoof, Nicolas Lopez Carranza, Timothy P. Jenkins, Jeroen Van Goey, Konstantinos Kalogeropoulos
https://arxiv.org/abs/2509.24952

oRANS: Online optimisation of RANS machine learning models with embedded DNS data generation
Daniel Dehtyriov, Jonathan F. MacArt, Justin Sirignano
https://arxiv.org/abs/2510.02982

Our certificate provider just told me I have to make my internal DNS server public, and share all my RFC1918 DNS enteries, otherwise they wont issue me certs. WTF is this shit? We have run split horizon for YEARS with no issues.

Boah ey, ich glaube ich gehe mett.
Seit Monaten nehme ich mir vor meinen alten Raspi 3 durch einen 5er zu ersetzen.
Bisher macht der nicht viel außer piHole DNS blocking.
Der Plan war nun unter anderem Home Assistant zu installieren.
Warum? Weil ich diverses ioT Gedöns habe, von diversen Herstellern. Ich hätte das aber gerne mit nur einer App steuerbar.
Gleichzeitig will ich den Pi noch für andere Dinge nutzen,z.B. TimeMachine für Mac Backups, LUKS-Verschlüsselte Ne…

Nice, if you use DNS via Tailscale AdGuard/pihole can work even if you have Private Relay turned on!!

I really dislike the "it's always DNS" trope because frequently it's something else, but #Kroger's shit was fucked all day and it was definitely #DNS. I think they have it loosely functional now, though there are so many nested CNAMEs the

chat, what's your favorite DNS-over-HTTPS library on npm that can use fetch() as a backend?

There is an ActivityPub proposal that involves the #DNS.
I have only just discovered it and have not considered it deeply so I am reluctant to make any grand statements. It is not obvious to me why this is useful or better than alternative approaches. It appears to involve the use of TXT RRs, any new de facto use of which makes me skeptical.

#AWS goes down due to DNS.
#Azure: hold my beer

Brief Starlink outage (our second ever). Strange that throughout I could ping 1.1.1.1 but not 9.9.9.9 or any other Internet host for which I have the IP saved. I reckon this means Cloudflare has a DNS instance in the same DC/on a peering fabric adjacent to the Starlink "Dublin" (LDNGBR) ground station.

This was very welcome news from Let's Encrypt today and more interesting than cert lifetimes.
"This means you can set up the DNS entry once and begin automatically renewing certificates without needing a way to automatically update DNS."
I already do DNS-01 but not having to do the dynamic updates will be appreciated.

I wish there were a DNS-like solution to simply drop all links to the closed web. If someone sends me a link I can’t see without opening an app or an account, I don’t really care to see it.

if i would buy a new Phone, with the full freedom what to install and completely without google or Apple bloat, my phone will have the following apps and the size of an iPhone SE 2022. #bringbacknormalsizedphones
Filen - cloud
Ente - auth
Next DNS - DNS
Ice cubes - Mastodon
Proton - Cal, Mail, pass
Deepl - Translation
DuckDuckGO and Fire…

Is it#DNS?
Microsoft Azure outage: Heathrow, Xbox and Minecraft among sites down
https://www.bbc.co.uk/news/articles/c3rj45n4x5eo

from my link log —
Discovering the discovery of designated resolvers (DNS DDR).
https://labs.ripe.net/author/yevheniya-nosyk/discovering-the-discovery-of-designated-resolvers/
saved 2025-11-09

On Website Technicals (2025-10) - Tech updates: Sitebulb AdSense fails, RSS description, lite ads, ISSN lookup, micro-opts, DNS broke intensity, SVG inline URL-encoded, CO2 pcm, flock... - https://m.earth.org.uk/note-on-site-technicals-101.html

Tu sais que t'es en train d'aller trop loin quand pour tester une fonctionnalité de ton programme (un client SSH), tu te retrouves Š implémenter un serveur SSH, un serveur DNS et un serveur HTTP et une PKI pour ton test E2E.
Heureusement, c'est facile Š faire en Go 😅

#DNS trivia, especially for those have ever used the "It was DNS" meme. What is wrong with this (real) dig response and what is the likely cause? AI probably won't help you.

dig @1.1.1.1 foobar.gov  norecurse  nocmd  noquestion  noauthority  nostats
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1808
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, A…

Sensitivity dependence of the Navier-Stokes turbulence of a two-dimensional Rayleigh-B\'{e}nard convection on time-step
Shijie Qin, Kun Xu, Shijun Liao
https://arxiv.org/abs/2510.11220

back when i was still in school i asked a classmate sitting next to me what should i be calling my machines. being a reenactor (I think? or something adjacent at least, it's been too long) she suggested Elder Futhark runes.
it was at least 5-10 years that passed between that and a realization that someone looking at my DNS zone without context would probably go "hm... is she secretly a nazi". anyway I phased the naming scheme out

Why am I smelling #DNS again :mortysmile:

Physics-Informed Machine Learning Approach in Augmenting RANS Models Using DNS Data and DeepInsight Method on FDA Nozzle
Hossein Geshani, Mehrdad Raisee Dehkordi, Masoud Shariat Panahi
https://arxiv.org/abs/2510.01091

from my link log —
Route 53 DNS: Amazon’s premier AWS database.
https://www.lastweekinaws.com/blog/route-53-amazons-premier-database/
saved 2021-02-18

This is not the first time for #Microsoft #DNS-related problems. As I recall, the first one I remember from 2001 had something to do with their authoritative name servers residing on the same IP4 /24 that had an access or availability problem.
It was a rookie mistake even then, and they were …

from my link log —
Can I use HTTPS RRs?
https://www.netmeister.org/blog/https-caniuse.html
saved 2025-12-12 https://dotat.at/…

Oh my, @… is fast ! Faster than Cloudflare or Google. With average response time of 12 ms.
Where cloudflare was 22 ms
And Google shited with 232 ms 😆
#dns

some things that make DNS hard https://lobste.rs/c/3ahld4
https://mastodon.bsd.cafe/@nuintari/115467761984…

Smart navigation of a gravity-driven glider with adjustable centre-of-mass
X. Jiang, J. Qiu, K. Gustavsson, B. Mehlig, L. Zhao
https://arxiv.org/abs/2510.09250 https://

Weekend Reads
* EDNS client subnet in practice
https://farrokhi.net/posts/2025/10/edns-client-subnet-in-practice-evaluating-public-resolver-behaviors/
* BGP-based DDoS scrubbing services survey

from my link log —
Eon: a programmable effects-based OCaml DNS server.
https://ryan.freumh.org/eon.html
saved 2025-10-11 https://dotat.at/:/R4QXU.html

Whoops, trying to browse to mastometrics.com results in a Cloudflare "Error 1000 DNS points to prohibited IP".
Not sure anyone uses that much anymore, but I know @icecubesapp has built-in capability to integrate with it.
cc: @…