this post was submitted on 30 Dec 2023
2 points (100.0% liked)

Linux

48700 readers
1351 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
 
top 50 comments
sorted by: hot top controversial new old
[–] [email protected] 0 points 1 year ago
[–] [email protected] 0 points 1 year ago (1 children)

I have no doubt in my mind that there's some subset of the suckless crowd that thinks dns is bloat

[–] [email protected] 0 points 1 year ago* (last edited 1 year ago)

We should remove all those useless microservices! /s

[–] [email protected] 0 points 1 year ago

Tbh, if you can't tap out Ethernet frames with a Morse key and decode the response by watching the blinking of an LED wired to the RX pair then you really don't deserve to be on the internet. Git Gud.

[–] [email protected] 0 points 1 year ago

Lol ... DNS is one of the pillars upon which the internets tands, a crumbling mess of a pillar but I'm sure glad we don't have a name system built on hosts files 😹

[–] [email protected] 0 points 1 year ago (2 children)

Okey, I don't get it. What's wrong with DNS?

[–] [email protected] 0 points 1 year ago (1 children)

When it breaks, it isn't always obvious or easy to fix, but can cause problems for anything that has to talk to anything else. The biggest thorn it puts in my side is that short names [ThisPC] are served differently than fqdn [ThisPC.MyDomain.com]. Does NotMyApp use short or FQDN to resolve other machines? I don't find out until the Wireshark.

[–] [email protected] 0 points 1 year ago (2 children)

Okey, I understand this is fundamental and when not working can cause the service to stop working. But I don't yet know how does it break or is not easy to troubleshoot?

Haven't hosted anything big yet, so I always just had to check the records via "dig" command if they are served correctly.

[–] [email protected] 0 points 1 year ago

Really annoying is when recent devices don't respect the DNS you're advertising or allow configuration (Android...)

My site is behind CGNAT on IPv4 with recently added fully routed IPv6. There are legacy control devices all over it that don't speak IPv6, with local DNS records that allow them to be readily accessed while walking around with a mobile device... Allowed them to be accessed that is, until IPv6.

The Android IPv6 stack ignores the RA for my local DNS and also resolves via v6 by default, forwarding local queries upstream and returning no results. Then it doesn't bother to fall back to v4. Unrooted Android has no exposed configuration for IPv6 of any sort to modify its behaviour, no hosts file to override or any way I can see to fix this. I can't even disable IPv6 on my phone.

So to access my local devices from Android I need to use their full IPv4 address or VPN back into my own network... Oh wait, the stack is so broken that despite setting DNS in Wireguard, it still tries to resolve through upstream v6 first!

Apparently recent smart TVs are doing similar even on IPv4, hard-coded to 1.1.1.1 or 8.8.8.8 to dodge ad blocking, which is plain malicious and ignores all standards...

So anyways this is why DNS is dragon #3

[–] [email protected] 0 points 1 year ago

DNS setups can get fairly complicated with enterprise VPNs and stuff, but the main thing is probably just that DNS is built entirely around caching, so when something does go wrong or you’re trying to update something it’s easy for there to be a stale value somewhere. It’s also really fundamental, so when it breaks it can break anything.

Overall, though, DNS isn’t terribly complex. It’s mostly just a key-value store with some caching. Running your own nameservers is pretty cool and will give you a much better understanding of how it all fits together and scales.

[–] [email protected] 0 points 1 year ago (3 children)
[–] [email protected] 0 points 1 year ago

It's d-bussin yoo

[–] [email protected] 0 points 1 year ago

Uh... Please enlighten me on what DBUS has to do with DNS...

[–] [email protected] 0 points 1 year ago

Is the fact that that link couldn't resolve your answer to that question haha?

[–] [email protected] 0 points 1 year ago

@scroll_responsibly Laughing in my self-hosted services, on my VPS which use only IP address :blobcatjoy:​

*Currently every service is also available via IPv6 :3

[–] [email protected] 0 points 1 year ago (3 children)

My prediction is that we'll go DNSSEC globally when IPv6 gets mainstream adoption. It sucks how many just don't care enough.

[–] [email protected] 0 points 1 year ago

when IPv6 gets mainstream adoption.

After my death then. Alright, carry on.

[–] [email protected] 0 points 1 year ago

The abysmal adoption of DNSSEC is just embarrassing, and I haven’t heard any good arguments for why we shouldn’t do it. There’s one blog post that gets passed around as justification for not adopting DNSSEC, but it doesn’t really go into any technical detail and is mostly just the author saying “I’m scared of governments and TLDs”… which is maybe fair, but you still have to trust them for regular CA certs and everything, so why not make thr base secure?

Honestly, I might care slightly more about DNSSEC than IPv6 adoption… IPv4 exhaustion and NATing everywhere sucks, but the fact that you can’t trust DNS is like… insane.

[–] [email protected] 0 points 1 year ago (1 children)

when IPv6 gets mainstream adoption

At the current speed that would approximately be in 2087.

[–] [email protected] 0 points 1 year ago

Whoa there, let's not get ahead of ourselves.

[–] [email protected] 0 points 1 year ago

As we all know, it's always DNS.

[–] [email protected] 0 points 1 year ago (1 children)

It's insecure, which lets governments like China poison it. They straight up block encrypted DNS

[–] [email protected] 0 points 1 year ago (1 children)

It's not insecure at all, quite the opposite. Also with DoH, it blends into regular traffic.

[–] [email protected] 0 points 11 months ago

DoH is blocked in China, they cut any TLS connection to a known DNS server (1.1.1.1, 8.8.8.8, 9.9.9.9, etc.)

load more comments
view more: next ›