Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
docker_notes:docker-dns [2025-12-29 Mon wk01 08:11] – [DNS over TLS (DoT)] baumkpdocker_notes:docker-dns [2026-02-15 Sun wk07 08:37] (current) – [Testing DNS] baumkp
Line 425: Line 425:
 DNS over TLS encrypts the DNS data so others can not see the specific DNS query and response.  DNSSEC does not prevent viewing of the DNS data, but rather ensure prevent man in the middle attacks. DNS over TLS encrypts the DNS data so others can not see the specific DNS query and response.  DNSSEC does not prevent viewing of the DNS data, but rather ensure prevent man in the middle attacks.
  
 +Bind9 circa version 9.20 allows used of TLS forwarders, e.g.
 ++++/etc/named.conf| ++++/etc/named.conf|
 <code>tls cloudflare-tls { remote-hostname "one.one.one.one"; }; <code>tls cloudflare-tls { remote-hostname "one.one.one.one"; };
Line 465: Line 465:
   *[[https://dnsprivacy.org/dns_privacy_clients/|DNS Privacy Project - DNS Privacy Clients]]   *[[https://dnsprivacy.org/dns_privacy_clients/|DNS Privacy Project - DNS Privacy Clients]]
   *[[https://www.internetsociety.org/blog/2018/12/dns-privacy-in-linux-systemd/|DNS-over-TLS in Linux (systemd)]]   *[[https://www.internetsociety.org/blog/2018/12/dns-privacy-in-linux-systemd/|DNS-over-TLS in Linux (systemd)]]
-  *+  *[[https://www.mytinydc.com/en/dns-provisioning/|Datacenter provisioning - Installing DNS Bind9 - [Raspberry PI/Rock64]]] 
 +  *[[https://crc.id.au/2024/10/06/secure-dns-with-bind-and-dot/|Secure DNS with bind and DoT]] 
 +  *DNS Web Check Sites 
 +    *[[https://on.quad9.net/|quad9]] 
 +    *[[https://one.one.one.one/help/|1.1.1.1(Cloudflare)]]
 =====Testing DNS===== =====Testing DNS=====
 My local recursive servers are ''ns1.local.kptree.net'' and ''ns2.local.kptree.net'', which are on separate serves on the local network.  These DNS servers are for local LAN use only and cannot and should not be accessible from outside the LAN. My local recursive servers are ''ns1.local.kptree.net'' and ''ns2.local.kptree.net'', which are on separate serves on the local network.  These DNS servers are for local LAN use only and cannot and should not be accessible from outside the LAN.
   *Using ''host'' command:   *Using ''host'' command:
-    *''host -t A ns1.local.kptree.net ns2.local.kptree.net'' - if both local name servers are running to cross check +    *''host ns1.local.kptree.net ns2.local.kptree.net'' - if both local name servers are running to cross check 
-    *''host -t A ns2.local.kptree.net ns1.local.kptree.net'' - if both local name servers are running to cross check +    *''host ns2.local.kptree.net ns1.local.kptree.net'' - if both local name servers are running to cross check 
-    *''host -t A google.com ns1.local.kptree.net'' - an external services via local name server+    *''host google.com ns1.local.kptree.net'' - an external services via local name server
     *''host -t A mail.kptree.net 9.9.9.9'' - remote address to local hosted external services via an external name server     *''host -t A mail.kptree.net 9.9.9.9'' - remote address to local hosted external services via an external name server
 +    *use flag ''-t A'' or ''-t AAAA'' to only return IP4 or IP6 results only respectively.  Otherwise both are returned.
   *Using ''delv'':   *Using ''delv'':
     *''delv @ns2.local.kptree.net ns1.local.kptree.net'' - if both local name servers are running to cross check     *''delv @ns2.local.kptree.net ns1.local.kptree.net'' - if both local name servers are running to cross check