DNS

how-does-dns-work.gmi

host your own zones

recursive server for your clients

Bedtime Reading

• RFC 952 "DOD INTERNET HOST TABLE SPECIFICATION"
• RFC 1035 "DOMAIN NAMES - IMPLEMENTATION AND SPECIFICATION"
• RFC 1123 "Requirements for Internet Hosts -- Application and Support"
• RFC 2181 "Clarifications to the DNS Specification"
• RFC 5890 "IDNA: Definitions and Document Framework"
• RFC 5891 "IDNA: Protocol"
• RFC 5892 "The Unicode Code Points and IDNA"
• RFC 5893 "Right-to-Left Scripts for IDNA"
• RFC 5894 "IDNA: Background, Explanation, and Rationale"
• RFC 5895 "Mapping Characters for IDNA 2008"

External

tunnel IPv4 through DNS

DNSSEC is perhaps too complicated, though one can workaround the issue by first doing sanity checks on the input. So much for "be permissive in what you accept":

DNSSEC packet DoS

Details Matter

From June 30, 2020 until January 14, 2025, one of the core Internet servers that MasterCard uses to direct traffic for portions of the mastercard.com network was misnamed. MasterCard.com relies on five shared Domain Name System (DNS) servers at the Internet infrastructure provider Akamai [DNS acts as a kind of Internet phone book, by translating website names to numeric Internet addresses that are easier for computers to manage].

All of the Akamai DNS server names that MasterCard uses are supposed to end in “akam.net” but one of them was misconfigured to rely on the domain “akam.ne.”

https://krebsonsecurity.com/2025/01/mastercard-dns-error-went-unnoticed-for-years/