r/dns

▲ 1 r/dns

Cloudflare has been having issues the last couple days. Who should I temporarily switch to?

Just curious as I've always used cloudflare and never had issues. My ping has been fine and network speed is fine, but looked it up and starting july 3rd cloudflare has been having issues.

reddit.com
u/TDSRage97 — 10 hours ago
▲ 4 r/dns+2 crossposts

DNS Propagation for VPS

So, I have a VPS, and I have both an internal and external domain for the same site in the VPS. The internal domain is successfully connected to the website without any hassle. I have pointed the A records to the VPS's IP, and they were added with ease. But I have added the external domain to the VPS and then to the domain section "gazab.com.au". I pointed the nameserver from ventraIP to Hostinger's. This means Hostinger is the authoritative server now. But, somehow, when I open the domain manager, it shows pending,

https://preview.redd.it/jv8clauozfbh1.png?width=1408&format=png&auto=webp&s=cfe34b9273c25d0a8bd2aea3633b3c0d5ebced45

SO, the NS record in the DNS checker does show Hostinger, but A records aren't added. When I try to add a record in the domain manager, it says "Domain not found".

Am I doing something wrong here? So, I did add the domain to the VPS like 3 days ago, but didn't change the nameservers in VentraIP until like 5 hours ago. But 5 hrs is a long time. The NS record has already been propagated, but somehow the domain isn't connected to Hostinger.

https://preview.redd.it/w6u975yf0gbh1.png?width=1392&format=png&auto=webp&s=f73e126228e71067ffd85fe5e1c5a8c711eaa5ac

reddit.com
u/spikeystona — 18 hours ago
▲ 3 r/dns

Website only loads on mobile?

A certain website doesn't load if I use my ISP's and any of the public DNS. When I use a mobile network, the site loads fine (site won't load on mobile network if using public DNS). If I use a VPN on mobile and PC, the site won't load either. It looks like a website issue but I tried all the fixes I can Google anyway to no avail. I get ERR_CONNECTION_CLOSED (PC/Phone + ISP/Public DNS) or ERR_NAME_NOT_RESOLVED (mobile network + public DNS).

What causes this issue, something about the site not working on non-mobile network DNS? I would appreciate it if you guys can confirm if this is true.

reddit.com
u/Cade_Silver — 1 day ago
▲ 4 r/dns+3 crossposts

Rust DNS server with policy controls, Prometheus metrics, and an MCP endpoint

I’ve been working on TitaniumGuard DNS, an open-source Rust DNS server focused on operational control rather than being just a toy resolver.

It currently supports:

- DNS over UDP and TCP

- Optional DoT, DoH, DoQ, and DoH3 builds

- Authoritative zones for internal DNS

- Recursive resolution gated by trusted client CIDRs

- Policy enforcement across authoritative, cache, and recursive paths

- Memory or Redis-backed DNS caching

- Audit logging

- /live, /ready, and /metrics endpoints

- Prometheus-formatted metrics

- Docker

- A local-only MCP endpoint for status, metrics, zones, config summaries, and perform controlled DNS resolution through the same policy path

The MCP part is intentionally loopback-only right now. If someone wants to use it on a cloud host, the intended setup is SSH/VPN/proxy into the local MCP listener, not exposing it directly to the internet.

The project is still early, but the goal is to make DNS operations easier to reason about: explicit recursion authorization, policy-aware responses, scrapeable health/metrics, and container-friendly deployment.

I’m looking for feedback from folks who operate DNS infrastructure or write network services in Rust

github.com
u/munukutla — 2 days ago
▲ 11 r/dns+2 crossposts

StreamNoAds - New Premium Streaming Ad Blocklist

Hey folks! 👋

I just released StreamNoAds - a specialized ad blocklist for AdGuard Home & Pi-hole

✨ Features:

- 250+ domains optimized for streaming

- Works on Netflix, YouTube, Prime Video, Disney+, Twitch & 20+ services

- Professional README with detailed guides

- Community-maintained

📍 GitHub: https://github.com/tammo2701/StreamNoAds

Happy to answer questions!

u/tammo_2701 — 3 days ago
▲ 1 r/dns+1 crossposts

Is this a good idea? Has it been tried before?

I once dreamed of a new domain name system.

Each human gets 1 domain.

To get your domain you had to meet a domain holder IRL and do a welcome ceremony.

Then you could also give domains.

Who welcomed who is logged.

In less than a year everyone could have one.

The idea is to create the infrastructure for a human-first web robust against AIs.

reddit.com
u/breck — 3 days ago
▲ 19 r/dns+4 crossposts

looks like China is still having trouble with VPNs

a report claimed that a Chinese company with ties to the defense sector briefly released a document explaining a system that could identify VPN traffic across university networks. The paper reportedly disappeared not long after it was noticed. The interesting part isn't that they're trying to monitor VPNs. That's been obvious for years. What's interesting is that they're apparently still building new ways to detect and analyze encrypted traffic, even after all the resources they've put into internet censorship. If VPNs had already been completely neutralized, it wouldn't make much sense to keep developing tools focused on finding them. It feels like this is another example of the ongoing back-and-forth between censorship systems and privacy technology. Every time detection improves, developers come up with new ways to disguise or hide VPN traffic. Kind of funny when you think about it a document describing VPN surveillance ends up reinforcing the idea that people still have reasons to use VPNs.

reddit.com
u/bigtigertitties — 3 days ago
▲ 50 r/dns+3 crossposts

pihole-dot: Native DNS-over-TLS in Pi-hole's FTL (no unbound/stubby sidecar needed)

I got tired of running a Pi-hole + unbound sidecar just to get encrypted upstream DNS (DoT), so I forked pi-hole/FTL and added native DNS-over-TLS support directly into the resolver (mbedTLS is already linked in for the web server, so I reused it). The result is pihole-dot a drop-in Pi-hole image with DoT built in.

What it is:

  • FTL-DoT: a fork of FTL with a native async DoT client built into dnsmasq's forwarder
  • pihole-dot: the Docker image that uses it same config, same env vars, just point FTLCONF_dns_upstreams at tls://ip#port#hostname
  • No unbound, no stubby, no extra container/hop

Architecture: each upstream server gets a small pool of pipelined TCP+TLS connections (RFC 7766-style multiple queries in flight per connection, demultiplexed by DNS transaction ID), instead of one query at a time per connection.

Screenshot from my own router running pihole-dot right now config is a normal, unlocked Pi-hole DNS Settings page

https://github.com/ismkdc/pihole-dot

u/HotPaleontologist268 — 5 days ago
▲ 49 r/dns+4 crossposts

Australia's new age check rules had an unexpected side effect: VPN usage exploded.

Australia's rollout of stricter online age verification has turned into a pretty interesting case study on digital privacy. Whether you support the policy or not, the reaction from users says a lot about how people respond when identity checks become mandatory. After the new verification measures started taking effect earlier this year, VPN apps climbed rapidly in Australia's App Store rankings. Several services that normally sit outside the top 100 suddenly appeared among the most downloaded utilities within days, suggesting a huge increase in people looking for ways to protect their online activity. Industry reports also showed a noticeable jump in VPN downloads immediately before the enforcement date. Instead of the usual download volume, providers experienced a sharp spike as users prepared for the new restrictions. Some adult websites introduced identity verification before allowing access, while others limited features or restricted Australian visitors altogether until verification requirements could be met. A few online communities also began discussing alternative ways to access content without providing personal identification. The interesting part is that this doesn't seem to be driven only by younger users trying to bypass restrictions. A lot of adults simply aren't comfortable uploading government-issued IDs, biometric information, or other sensitive personal data to private websites. For many, using a VPN is less about avoiding rules and more about maintaining a sense of privacy. We've seen similar reactions elsewhere whenever governments tighten online identity requirements. New verification policies often end up increasing interest in privacy-focused tools instead of reducing their use. Whether that's an intended consequence or not is another debate, but it's becoming a fairly consistent pattern.

reddit.com
u/bigtigertitties — 5 days ago
▲ 6 r/dns

Reducing response time

I have a bunch of web applications that use third party GeoIP services to find locations (city, state/county, country) for user IP addresses for user experience purpose like pre-fill some forms, show recommendations and so on.

After a while the bills started stacking up so I was paying more for GeoIP services than I was paying for my hosting.

So I've set up a micro service that uses a local copy of MM City Lite which is free, and falls back to a list of 3rd party providers if it can't resolve a query locally. Added memcached in front of it and my GeoIP service bills dropped by like 99%.

So now I'm trying to set up a DNS server to get the GeoIP data through txt queries, eg dig -t txt 123.123.123.123.geoip.mydomain.com and it would return a comma separated location eg London,SW11,London,UK

This works but it's so damn slow :( it takes about 200-250ms a second to get a response from the service (same LAN).

I was also hoping for subsequent queries to be faster as I set a TTL of 1 day for all records, but in reality no query gets cached, each query hits the backend.

I was briefly playing with a dnsmasq cache service in front of the actual DNS resolver but it got even slower, like 500 ms on average.

Does anyone have any tips on how to get this to work faster? the average REST request to a GeoIP service takes like 150ms not including any caching, if I can make that happen I'll set this up on a VPS and make it public for others to use too.

Thank you for reading my brick of text.

reddit.com
u/stickJ0ckey — 5 days ago
▲ 0 r/dns

If the US hates China so much why is the USPS delivering website via HongKong.

I just thought that to be odd that a government service wouldn't be delivering its own website from its own country.

I've blocked that Ip since it seems sketchy to me and now the page won't load. Oh well.

u/PineappleStudies — 5 days ago
▲ 2 r/dns

Using a Type A domain

Hello, I'm sorry if this topic has already been posted multiple times. I have a Type A subdomain in freedns that I want to use for a website that I am making, but I haven't figured out a way to do so. Any help would be appreciated, thanks.

reddit.com
u/temcomwex — 6 days ago
▲ 5 r/dns

Is ublockdns.com affiliated with the official uBlock Origin?

Hey guys, I found this website called ublockdns.com. Is this an official DNS service from the creators of uBlock Origin, or is it a third-party project using the name? I want to make sure it's trustworthy before configuring it on my router.

reddit.com
u/TurboX5656 — 7 days ago
▲ 4 r/dns

DNS conf for DKIM

Hi! I can’t figure this out for the love of god. I have domain name servers pointed at Dynadot. I need to enable DKIM on my mail, and for this Zoho requires me to enter a DKIM selector. But there is no place to put DKIM selector in the DNS record at Dynadot. The field “title” simply doesn’t exist. It only gives “record type” and destination. What do I do?

reddit.com
u/Silver-Sol — 7 days ago
▲ 1 r/dns

Built a DNS toolkit with a private resolver backend — propagation, DNSSEC, RBL, WHOIS/RDAP, health check

A few things that bugged me about existing DNS tools:

  1. They use 8.8.8.8 or 1.1.1.1 as resolvers. Fine for basic lookups, but for RBL checks this violates most operators' terms and gives unreliable results. I run a private Unbound instance.

  2. WHOIS via port 43 hangs constantly. I rewrote it to use RDAP (IANA bootstrap → per-TLD endpoint) with a 10s whois binary fallback.

  3. DNS propagation tools usually omit SERIAL, which is the most useful thing to check when you're waiting for a zone change to propagate. Mine includes it.

Tools: DNS lookup (all record types), propagation (with SERIAL), DNSSEC check, reverse DNS, DNS Health Check, WHOIS/RDAP, blacklist check across 50+ RBLs, SPF/DMARC/DKIM builders, TLS scanner.

https://marinadns.io

Feedback welcome, especially on resolver accuracy or missing record types.

u/RMasti — 7 days ago
▲ 19 r/dns+2 crossposts

DNS Idiot needs help

UPDATE: Thank you everyone who contributed to getting me online and the DNS fixed up. I appreciate all the help. If there are any other suggestions to try to make the site secure as possible, I am happy to try them out. Thanks again.

All, I am trying to or failing at getting my newly design site published. Long story short is I bought a domain in my phone (Iphone) and left it be for a good while >few months. I just finished up my website on readdy.ai. I like the site, in fact i am very very happy with it. Now I logged into Cloudflare as the readdy.ai instructs you too. The directions were as follows

  1. delete the A and AAAA (which I did)
  2. add an A and add a TXT

Mind you yesterday it said the font in red and I did that, but now I am getting this error. did I delete something yesterday I shouldn't? Is something else missing? I am completely lost, This is not the web I learned HTML on years ago. Please help me.

My domain emails are forwarded to my icloud.com as apple was the device i set it up on.

UPDATE Note: website host is cloudflare; site design location is readdy.ai; I am trying to setup the DNS records on cloudflare with the information provided by readdy.ai. As of last night and a lot of help for you guys, we thought it was fixed. But as of this morning, I am getting “no dns found” and a handshake error when I go to the domain.

u/medic54-1 — 11 days ago
▲ 3 r/dns

Asking for an open source DNS service

Hi every one,

I search for the best open source DNS server for privacy reason.

please give me some recommendation.

reddit.com
u/oussamaaitmoummad — 11 days ago
▲ 10 r/dns+1 crossposts

WiFi and DNS issue on Macbook Air M1 2020

Hi! I have Macbook Air M1, 2020. I updated it to the latest Tahoe 26.5 ver. After several weeks, my browsers (Google, brave, safari) suddenly stop responding to the wifi even though it's connected. Tried connecting it to my Mobile data via Hotspot and even public wifi but still nothing. Google says DNS probe finished everytime. my viber and every application that needs internet is not working. I've tried everything that was said in the internet from changing DNS to public, disable Falcon (VPN?) to using Guest profile but nothing work so far. My other devices are connected to wifi and showing no problem at all. Does anyone experience the same thing with their Macbooks?

Can you please help this girl out🙏

reddit.com
u/Quirky_Apartment6241 — 8 days ago