• Cousin Mose@lemmy.hogru.ch
        7·
        2 days ago

        I blocked outgoing ports 53 and 853 (other than to my resolver) due to this; unfortunately this doesn’t help with DoH.

        But one of my favorite things is that you can block Apple News ads by blocking doh.apple.com: that’s right, the app gets the IP address of the DoH server using the current nameserver before switching to that specified in the DNS record. 😆

    • thefartographer@lemm.ee
      48·
      2 days ago

      Dominic Nolan Sebastian. The slippery two-faced bastard looks at the url people type in their browser and then connects their internet to the internet of the url they typed in; just like old phone operators.

      But if too many people try to type in the same url at a time, Dominic gets upset and acts like a dick, preventing anyone from accessing that site. Then people call him Dick Dominic Nolan Sebastian, or DDNS.

    • Dave@lemmy.nz
      35·
      2 days ago

      When you access something on the internet, you are accessing something on someone else’s computer.

      Computers have (effectively) postal addresses. When you want to access content on another computer, you type in its address.

      But computer addresses don’t look like “fedia.io” they look like “123.122.1.111”.

      When you type “fedia.io” your computer needs to go and ask what the computer’s address is.

      That’s DNS. The Domain Name System. The system for finding the computer address from a domain name.

      The above is very simplified and doesn’t cover all scenarios, but I hope it’s enough to get the idea.

      • HKPiax@lemmy.world
        9·
        2 days ago

        Thanks for the explanation! How does this “break”? Seems like once it’s set up, you don’t have to fiddle with it again so I was wondering how it can suddenly stop working.

        • groet@feddit.org
          26·
          2 days ago

          Addresses change all the time. Especially big websites will have many addresses for the same name and depending who (or from where) someone is asking for the name, they will tell them a different address. That way someone from Europe will connect to a server in europe and someone in the US to an american server. And cloud providers will have hundreds of addresses that they reuse and rotate for many customers.

          Also to reduce the number of name request, the DNS system will cache answeres (save the answer and use it again later). If I ask for the address of Lemmy.org, they then change their address and I ask my DNS server again, I will get the old outdated address again.

          There is also the question of who is actually in charge of answering DNS requests to a specific name.

          All in all there are a lot of moving parts and for some reason people seem to be bad at managing their DNS records so when something breaks, very often it is because of DNS. (But also because DNS is very fundament so any problem with DNS will have a big effect so it is more noticeable)

        • brian@lemmy.ca
          3·
          2 days ago

          The DNS system is still just computers/servers, so anything from overloading a server to outright man-in-the-middle type attacks can compromise the DNS (though this is where you’d get into how the DNS communicates, propagates, and distributes trust, which is a topic that I have little knowledge on)

        • Dave@lemmy.nz
          1·
          2 days ago

          I’m not sure what others see as the context of the meme, but in my experience it’s normally when you are fiddling with it, but you never expect it to be the problem because it seems so simple.

          There are many reasons you might need to fiddle with is. The most obvious is when you move your server to a new computer, it might get a new IP address. But your browser might cache the old address. Your computer might cache it. Your DNS server might cache it (like the rest of the internet, there is not one big DNS server but many smaller ones - most non-technical people would be using one provided by their internet provider). It might not be working and you presume it’s a problem with the new server but actually it’s the DNS.

          But also DNS as a system is also used for things that are not directly related to looking up a domain name. For example, when sending an email, there are many checks on the receiving side to ensure that the email is actually coming from somewhere that is allowed to send an email from that domain name. I can send an email to you from [email protected], but it would go straight to spam because it would fail those checks. DNS records are used to authorise servers that can send email on behalf of that domain. And just generally DNS is used for proving domain ownership (for example, it’s one method to get a certificate from Let’s Encrypt to allow secure connections to your website).