grandkaiser @ grandkaiser @lemmy.world

Posts

0

Comments

153

Joined

2 yr. ago

To answer your other question: most likely, www.cakefarts.com is now accessible from cakefarts.com for one of three reasons:

1. Your web browser automatically checks the A record "www" if "cakefarts.com" doesn't have an A record. A records are the records in a DNS server that says "this domain goes here"
2. The site cakefarts.com put their website on cakefarts.com and placed a CNAME record called "www" that points to cakefarts.com
3. cakefarts.com has an APEX record that points to www.cakefarts.com

For the 'record', www is just a really common record name. There's nothing special about it. You could have dudebro.cakefarts.com or wwwwwww.cakefarts.com. It's up to the domain owner.

Btw, .com is owned by the US Department of COMmerce. .org is owned by a non-profit organization called "Public Internet Registry"

Also, if you're genuinely interested in this field, first you should enter the world of enterprise network engineering. Get Security +, CCNA, and PCNSA. With those certs in hand (and knowledge in your brain), apply to jobs as a network support engineer. Do the work for a few years. Learn BIND. Learn Infoblox. Focus on learning DHCP and subnetting. Learn DNSSEC & IPv6. Experiment with a Pi Hole. Set up a home lab. Apply to jobs with DNS. Start living the good life. This takes about 10 years if you learn fast and are good at interviews.

Ah, thanks for the info! I have no idea how Lemmy stuff works. I only became aware of Lemmy last month.

An alternative DNS root is where someone other than IANA sets up a root zone. At the end of the day, root zone authority is technically not "hard coded". It's a terrible idea to set up an alt root or to use one for these reasons:

1. Security. This is the biggest one. DNSSEC works via setting up Trust Anchors with the root zone and chaining down the tree all the way to the recursive DNS server. DNSSEC doesn't work if anyone in there doesn't have a trust anchor for the root zone. Additionally, if that root zone is untrustworthy, you can effectively have DNS poisoning happen at the root level. Imagine having two google.com's based on which root zone (and therefore walking two separate trees) you ask.
2. It encourages dividing the internet. The two largest Alt zones are Russia's (RNDNS) and China's (.chn). RNDNS exists as a continuity plan in case the rest of the world decides to cut them off of the internet. China's is part of a hare-brained plan to "reinvent the internet under IPv9" (an idiotic plan that sounds even more crazy than Iran's supposed "quantum computer")
3. Pointing to a different root zone can cause a lot of headaches for diagnosing DNS issues when they aren't coming down from the same root zone. It can cause different answers (and a parallel tree).

To answer your second question, they are not good for acting as a way to mitigate DNS failures. No domain servers are going to be asking them in the first place, meaning no one can get there even if it does have the "correct" answer. If all 13 root servers went down simultaneously, the results would be catastrophic. But that's also why they're physically located around the world in many different countries in heavily secure facilities with many High-Availability servers (clone servers that instantly take over if there's a failure, the ultimate "hot" server)

You wouldn't want to have a DNS server ask two root zones anyway. If it can't reach the root zones, then that needs to be addressed. You can't just ask a "less secure" server in case the primary doesn't work. That's just begging for a security breach via cutting off access to the primary root zones so that they "fail over" to the less secure ones.

So here's the thing about TLD's, ownership of them is determined by IANA (Internet Assigned Numbers Authority). They're basically my career's gods. If they tell me to jump, I ask "how high". They control the DNS root zone. Effectively, that's the actual top-level of ALL domains. If they decide to remove a TLD or reassign it, all you can do is lodge a complaint straight to their shredder. They're owned and operated by ICANN, a non-profit organization.

Back in 2013, Mali allowed a private Netherlands company to "manage" (rent) their TLD, .ML Recently, that company (Freenom) got sued by Meta. Even though I don't really like Meta, as a network engineer, I don't like Freenom even more. They turn a blind eye to bad actors on the internet, refuse to investigate hackers/scammers/DDOSers, and generally refuse to play ball. They are a huge pain in the ass. Due to the lawsuit, IANA reassigned ML to Mali since they asked for it. At the end of the day you "cant" sell a country-level TLD. Mali was renting it to Freenom under the table. This happens a lot and IANA usually just looks the other way. .io for example is the freakin' Indian Ocean.

So yeah, Mali didn't "snatch" it. They just asked IANA to reassign it and there isn't shit Freenom can do about it since they never "really" owned it in the first place.

Because it's the least-likely position to be staffed by a company. It's the "least important" person to have.... until it breaks. Often a company relies on routing-switching engineers to do DNS instead of hiring a dedicated DDI engineer (DNS, DHCP, IPAM). It saves money in the short term, but when shit hits the fan... no one knows how to fix it because DNS is really easy until it's not. DNS is super simple at a basic level. But it goes way deeper than most people realize.

Hi, professional DNS engineer here! if anyone has any questions about the inner workings of DNS or top level domains, ask away! (THIS IS MY MOMENT)

We are in an ice age right now.

I can't find anything about waymov cars killing people. Not saying it didn't happen, but id like to see your sources on some (assuming more than one since it's plural) of the deaths.

Regardless, the technologies existence is what is being debated here. Not the moved goalposts of "operable in all weather" or "has never killed someone" using those same goalposts I could claim that passenger aircraft isn't here yet since you can't take off in bad weather & they have killed people

Nah. In the military, you aren't "men and women" you are "soldiers" (or sailors, Marines, or airmen). If you are referring specifically to a specific gender such as a "female" soldier, then that's what you call them.

No one says "women soldiers" except maybe a civilian.

Except that in this case, one might prevent/reduce the other. There is a certain amount of mutual exclusivity here. We can't take drivers licenses away from old people, but we might be able to get them in an autonomous car.

It already exists... https://youtu.be/ilcrMz_hWz8

And sponsorblock