124
Why is DNS often joked about in the I.T. Industry?
(lemmy.world)
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 13 Aug 2024
124 points (97.7% liked)
No Stupid Questions
35251 readers
1145 users here now
No such thing. Ask away!
!nostupidquestions is a community dedicated to being helpful and answering each others' questions on various topics.
The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:
Rules (interactive)
Rule 1- All posts must be legitimate questions. All post titles must include a question.
All posts must be legitimate questions, and all post titles must include a question. Questions that are joke or trolling questions, memes, song lyrics as title, etc. are not allowed here. See Rule 6 for all exceptions.
Rule 2- Your question subject cannot be illegal or NSFW material.
Your question subject cannot be illegal or NSFW material. You will be warned first, banned second.
Rule 3- Do not seek mental, medical and professional help here.
Do not seek mental, medical and professional help here. Breaking this rule will not get you or your post removed, but it will put you at risk, and possibly in danger.
Rule 4- No self promotion or upvote-farming of any kind.
That's it.
Rule 5- No baiting or sealioning or promoting an agenda.
Questions which, instead of being of an innocuous nature, are specifically intended (based on reports and in the opinion of our crack moderation team) to bait users into ideological wars on charged political topics will be removed and the authors warned - or banned - depending on severity.
Rule 6- Regarding META posts and joke questions.
Provided it is about the community itself, you may post non-question posts using the [META] tag on your post title.
On fridays, you are allowed to post meme and troll questions, on the condition that it's in text format only, and conforms with our other rules. These posts MUST include the [NSQ Friday] tag in their title.
If you post a serious question on friday and are looking only for legitimate answers, then please include the [Serious] tag on your post. Irrelevant replies will then be removed by moderators.
Rule 7- You can't intentionally annoy, mock, or harass other members.
If you intentionally annoy, mock, harass, or discriminate against any individual member, you will be removed.
Likewise, if you are a member, sympathiser or a resemblant of a movement that is known to largely hate, mock, discriminate against, and/or want to take lives of a group of people, and you were provably vocal about your hate, then you will be banned on sight.
Rule 8- All comments should try to stay relevant to their parent content.
Rule 9- Reposts from other platforms are not allowed.
Let everyone have their own content.
Rule 10- Majority of bots aren't allowed to participate here.
Credits
Our breathtaking icon was bestowed upon us by @Cevilia!
The greatest banner of all time: by @TheOneWithTheHair!
founded 1 year ago
MODERATORS
100% of the internet depends on it, and 90% of technical people can't be bothered to learn how it works and understand it. Partly because they only touch it once every 5 years. They get what they need done but don't understand why it worked, so it ends up feeling like black magic to them.
The worst part isn't even that they don't understand it, but that they think they know everything about it after learning the basics. Suddenly you get people blocking port 53/udp "because DNS uses UDP" and people using .dev and .local as internal domain names.
Still not as misunderstood as NTP, though.
what's wrong with .local?
It's fine to use if you're using it for Bonjour/mDNS (which is enabled by default on basically everything these days). If not, any computer in your network can take on a .local domain of their choosing and your computers will happily resolve it before hitting the DNS server, or you may end up in a race between normal DNS and mDNS. Or you can manually disable mDNS on every machine and hope nothing else causes conflicts, I guess.
If you need a TLD for fake internal domains, use .internal; that has recently been reserved for internal use and won't end up in any standard protocols. There's also a weaker blacklist list that's part of the gTLD application process which includes .local, but that's not necessarily set in stone.
If anyone you know claims to have expertise in the computer field and doesn’t know everything about DNS (there’s not much to know) then those people are clueless and by no means are they experts.
But there is. Between DNSSEC and EDNS you need to stay on top of stuff or your assumptions may be wrong. many supposed facts about DNS were assumptions by textbook authors that were invalidated years later, and that's with the stuff that complies with the standards.
DNS from the 20th century was simple modern DNS really isn't.
used to feel this way about dns until I setup my pihole. I love how dns controls so much behind the scenes.
DNS isn’t supposed to control that much PIhole is a hack, it would be more accurate to say PIhole controls so much behind the scenes. DNS is supposed to do exactly this domain.com->1.2.3.4 nothing more and nothing less anything else is a hack when cloud flair runs all your traffic traffic through a proxy that is them hacking the system domain.com->change-1.2.3.4
Does Pi Hole do anything Ad Guard's Public DNS servers can't? https://adguard-dns.io/en/public-dns.html seems easier this way which is why I ask.
what do you think is pointing adservers to a black hole and not being able to reach my home network?
The actual answer is a hosts list file that Unbound is augmenting within PiHole as a daemon. The entire core function of PiHole is leveraging Unbound. Without it, PiHole remains a useless GUI and minimal linux OS.
In fact, you can completely ditch PiHole, if you know what you're doing, and simply run Unbound as a daemon in a minimal container and do exactly what PiHole does, or run it bare-metal on your own hardware instead of buying their overpriced devices.
I think I can spare the 55mb of ram my pihole container takes up
It's crazy to read that when my Unbound has a 1.6 million host size block-list with regex filtered domains and uses at less than half that amount of RAM.
I'll keep that in mind for the next time I need to run a DNS server on a Pentium II system
Or you can leverage that extra RAM to generate more of that weird AI furry porn you enjoy so much.
I tried that but it doesn't run very well on the Pentium II
So happy to see someone explaining this because it’s always driven me crazy the amount of people pushing PiHole when you can do it so much more simply.
Is Pihole not the simpler way, since it configures Unbound for you?
Yes it's simple but not the simplest way.
Does this block the ads itself or do I need additional configs?
PiHole blocks ad by using Unbound. Additional configs for what?
Like, when I install uBlock it comes with everything it needs. If I run Unbound does it block ads out of the box or do I need to point it to some list?
Unbound is a high-level DNS server. It needs you to provide it hosts in a list or provide it with regex scripts (for dynamic and more efficient blocking). It can block ads at the DNS level just like PiHole (because that's literally what PiHole and AdGuard use under the hood, but add their fancy GUIs)
I would avoid it unless you know what you're doing, and recommend reading the docs on their website and testing/breaking it within a Docker container.
It's the difference between buying a car from a dealership (PiHole, AdGuard, etc) or building your own from scratch (Unbound). One is very limited, whereas building it and running it yourself you get to do way more than what's spoon fed to you.
Ah okay. Unbound is arch, pi hole is Ubuntu. I have gripes with pi hole but it's never not worked for me. I might just do that instead (if I ever get around to it lmao)
More like: Unbound = Gentoo, PiHole = Arch, AdGuard = Ubuntu
Playing real fast and loose with the term “technical people.” If you mean just in general people familiar with and comfortable with tech, yeah that’s fine. If you mean those who work or hobby in the IT industry, well then they’re not very good at their jobs and probably should not have those jobs.