WELCOME TO THE OLDFOLIO GOPHER SERVER!

DNS NOTES

Public DNS Resolvers

View performance statistics for public DNS resolvers at DNSPerf.
The statistics reported at DNSPerf tend to be very similar to
the results I get using the namebench tool.
DNSPerf: https://www.dnsperf.com/#!dns-resolvers

CloudFlare

1.1.1.1
1.0.0.1
2606:4700:4700::1111
2606:4700:4700::1001

Dyn

216.146.35.35
216.146.36.36

FreeDNS.zone

172.104.237.57  (Frankfurt, Germany)
172.104.49.100  (Singapore)
37.235.1.174    (Vienna, Austria)
37.235.1.177    (Vienna, Austria)
45.33.97.5      (Atlanta, GA, USA)

Google

8.8.8.8
8.8.4.4
2001:4860:4860::8888
2001:4860:4860::8844

Hurricane Electric

74.82.42.42
2001:470:20::2

OpenDNS

208.67.222.222
208.67.220.220
2620:0:ccc::2
2620:0:ccd::2

OpenNIC Project

Go to https://www.opennic.org to see which of their DNS resolvers
are closest to you. OpenNIC servers periodically go down and
occasionally just disappear. Servers that have worked for me (in
North America) are:

66.187.76.168
50.116.17.96
192.52.166.110
158.69.239.167

Of course, keep in mind what I noted above, that OpenNIC servers
periodically go down and occasionally just disappear. Yes, I
thought that point needed to be repeated.

Quad9

9.9.9.9
149.112.112.112
2620:fe::fe

Yandex Basic

77.88.8.8
77.88.8.1
2a02:6b8::feed:0ff
2a02:6b8:0:1::feed:0ff

Yandex Safe

77.88.8.88
77.88.8.2
2a02:6b8::feed:bad
2a02:6b8:0:1::feed:bad

I sometimes mix DNS resolvers from different providers:

nameserver 45.33.97.5  # FreeDNS.zone
nameserver 74.82.42.42 # Hurricane Electric

For more public DNS resolvers, see Public DNS.
https://www.publicdns.xyz/

Free DNS Hosting

1984: Unlimited zones; cannot find limits on records per zone or
lookups. Supports DNSSEC

Cloudflare: Unlimited lookups; 3500 records per zone; cannot find
limit on number of zones. Supports DNSSEC

ClouDNS: 3 free zones; unlimited records and lookups; no control
over TTL on free plans.

Hurricane Electric: 50 free zones; cannot find limits on records
per zone or lookups.

Selectel: Unlimited zones; cannot find limits on records per
zone or lookups.

Veesp: DNS hosting is available free if you are paying for
other services there.

Vultr: DNS hosting is available free if you are paying for other
services there. They allow vanity name servers pointed at their
own name servers.

Yandex: 50 free zones; cannot find limits on records per zone
or lookups. No CAA records. (Although this service is aimed at
people using Yandex to host their email, Yandex support
explicitly states that you are free to host DNS without also
hosting your email.)

DNSSEC

Enabling DNSSEC:

* Generate DNSSEC keys and DS records at your DNS host.

* Add the DS records at your domain registrar.

Disabling DNSSEC:

* Remove the DS records at your domain registrar.

* Wait 24 hours for most domains, but 48 hours for domains
registered through EU.org. Do a "dig ds" check for the DS TTL
on whatever domain from which you are removing DNSSEC.

* Remove or disable DNSSEC at your DNS host.

Examples of DS records:

debian.org. 10762 IN DS 6487 8 2 A9528F2409C5F6A95AE6E0F8A6C5A223AC4EFD54B45884CB855F044E 82F7F4C6

yandex.com. 9595 IN DS 31456 5 1 593F529E8942948DE9D6646AC5F9E2208F49D606

DMARC Records

_dmarc.domain.tld. IN TXT "v=DMARC1; p=none; rua=mailto:[email protected]"
DMARC action to take if either SPF or DKIM fail:

p=none; - take no action
p=quarantine; - mark message as spam
p=reject; - reject message outright

To send DMARC reports to an address outside the email sending
domain, create a TXT record in the DNS of the receiving domain:

email-sending-domain.tld._report._dmarc.receiving-domain.tld.  IN TXT "v=DMARC1"

Of course, you will still need to create the basic DMARC record
in the DNS of the email sending domain:

_dmarc.email-sending-domain.tld. IN TXT "v=DMARC1; p=none; rua=mailto:[email protected]"

MX Records

Fastmail

IN MX 10 in1-smtp.messagingengine.com.
IN MX 20 in2-smtp.messagingengine.com.

Gandi

IN MX 10 spool.mail.gandi.net.
IN MX 50 fb.mail.gandi.net.

Google

IN MX 1 aspmx.l.google.com.
IN MX 5 alt1.aspmx.l.google.com.
IN MX 5 alt2.aspmx.l.google.com.
IN MX 10 alt3.aspmx.l.google.com.
IN MX 10 alt4.aspmx.l.google.com.

Runbox

IN MX 10 mx.runbox.com.

Yandex

IN MX 10 mx.yandex.net.

SPF Records

v=spf1 -all # Do not accept mail from this domain
v=spf1 include:server.com -all # Accept mail sent by server.com, but no one else
v=spf1 a mx -all # Accept mail sent by the servers specified in the domain's A and MX records

Fastmail

include:spf.messagingengine.com

Gandi

include:_mailcust.gandi.net

Google

include:_spf.google.com

Runbox

include:spf.runbox.com

Yandex

include:_spf.yandex.net

Multiple "include" example:

domain.tld. IN TXT "v=spf1 include:_spf.yandex.net include:spf.messagingengine.com -all"

Multiple servers: Accept mail from the server specified in the
mail server's A record as well as from any server specified by
the SPF record for Yandex.

domain.tld. IN TXT "v=spf1 a:mail-server.domain.tld include:_spf.yandex.net ~all"

MISCELLANEOUS

Disable IPv6 in Firefox by changing

network.dns.disableIPv6

from false to true in about:config.

============================ The End ============================

You are viewing proxied material from sdf.org. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.