That is not currently planned. We primarily want our services within Europe to run on European infrastructure with a view to digital independence, greater control and as little vendor lock-in as possible.
not moving off US tech infra completely. Yet, European services on European infra is the goal. The nameserver infra is global, they say, so is that the carve-out, or are there other US vendors with EU datacenters in play?
The most crucial services run redundantly, both within AWS and in a Belgian data centre. In the event of a serious incident at AWS, zone signing, zone distribution and the database can be deployed immediately.
They have a redundant set-up. Meaning they could leave anytime, just need a new redundancy plan then. Makes it more realistic they will move next year.
Everything related to registering and managing the .be, .vlaanderen and .brussels domains runs within AWS, except for the name servers. The latter are the “GPS” servers that ensure that when you type in a domain name, you are sent to the correct IP address. These are spread across the globe.
Client facing interfaces run on AWS, registration, management of domains etc. Name servers are a global network. Makes it quite a bit less dramatic (both the before and after)
It is important that the nameserver infrastructure, which has never run on AWS, is not interrupted
the nameserver infra never ran on AWS.
Peter Vergote, legal advisor at DNS Belgium: "Our data and processes at AWS are located on European soil, spread across multiple data centres. This is perfectly in line with European legislation such as GDPR and NIS2 .
That is technically true, but not in practice. The 2018 Cloud Act makes all EU reg moot points from the US perspective. That makes any American involvement in your stack by def a breach of NIS2, GDPR and other digital and data related regs.
The migration away from AWS is still in its early stages. The market is currently being surveyed. The transition will begin in 2027 and is expected to be completed in the second half of 2027.
The decision is made, but transition still in early planning phases. To be completed 2027. Market survey ongoing, meaning there's no new contractor in sight as yet.
Beltug Priorities Compass, where sovereignty and the search for European alternatives are among the ten most important topics for Belgian CIOs and digital leaders.
European digital sovereignty and autonomy in the top ten concerns of Belgian CIOs
At the same time, DNS Belgium wants to inspire other organisations in Belgium and Europe with its AWS exit. Technological dependence on, or possible access and influence by non-European players, is a growing concern among Belgian companies.
DNS Belgium wants to set an example. It is also responding to concerns of their customers.
Since 2017, the system that processes the registrations of .be domain names has been located in AWS's European data centres.
DNS Belgium is on AWS since 2017, in EU data centers but that means nothing, definitely not since 2018
https://web.archive.org/web/20260106135449/https://www.dnsbelgium.be/en/news/dns-belgium-leaves-aws
DNS Belgium runs on AWS currently. Decided to leave AWS. Out of geopolitical concern.
How I block all online ads
List of DNS resolvers other than Google -[ ] explore and pick a new default DNS resolver that is EU based. #webbeheer #15mins
The host itself does not handle the actual FQDN. That is handled by the DNS. FQDN (Fully Qualified Domain Name) is handled by DNS translating names into IP addresses. Using the /etc/hosts file, you are essentially overriding the DNS server.
By default the pure Go resolver is used, because a blocked DNS request consumes only a goroutine, while a blocked C call consumes an operating system thread. When cgo is available, the cgo-based resolver is used instead under a variety of conditions: on systems that do not let programs make direct DNS requests (OS X), when the LOCALDOMAIN environment variable is present (even if empty), when the RES_OPTIONS or HOSTALIASES environment variable is non-empty, when the ASR_CONFIG environment variable is non-empty (OpenBSD only), when /etc/resolv.conf or /etc/nsswitch.conf specify the use of features that the Go resolver does not implement, and when the name being looked up ends in .local or is an mDNS name.
Whenever go detects an attempt has been made by the sysadmin to customize the behaviour of the DNS resolver, by setting the given ENV variables such ad RES_OPTIONS, it uses the resolver provided by the OS or sysadmin instead of the pure Go resolver.
The Inflexibility of DNS Traditionally, the root record of a domain needed to point to an IP address (known as an A -- for "address" -- Record). While it may not seem like a big deal, tying a service to an IP address can be extremely limiting.
我有特别的 DNS 配置和使用技巧
dns做得负载均衡,为什么通过top命令查看每台机器负载相差很大?
DNS如何实现全局负载均衡?
Peter pointed me to (t)his 2009 blogpost of adding your location to a DNS record. At the time he configured it so that his Plazes location was written to his DNS. e.g. I could share my location by adding DNS LOC to ton.zijlstra.eu e.g.
On the internet today, it seems like it’s more common to use “absolute” domain names (like example.com).
Relative domain names are not as common these days.
The technical term for “THIS IS THE WHOLE THING” is “fully qualified domain name” or “FQDN”. So google.com. is a fully qualified domain name, and google.com isn’t.
Example of FQDN
So because domain names can actually be translated to something else in some cases, people like to put a "." at the end to communicate “THIS IS THE DOMAIN NAME, NOTHING GETS ADDED AT THE END, THIS IS THE WHOLE THING”.
Reason why one may put a . at the end of an address
zone files require a trailing dot at the end of a domain name (because otherwise they’re interpreted as being relative to the zone).
a fully qualified domain name is a domain with a “.” at the end!
Mais la justice fait face à un autre problème bien plus difficile à régler. Le blocage par les FAI n'est en effet efficace que si les internautes se servent des réglages DNS de base de leur fournisseur. Une simple modification permet donc de les contourner et de retrouver par conséquent un accès à la Z-Lib. Le seul moyen d'en couper définitivement l'accès serait donc d'en trouver les serveurs et de les désactiver. Une mission particulièrement ardue : ceux-ci sont disséminés dans de nombreux pays… dont la Russie, qui n'est peut-être pas encline à suivre les recommandations de la justice française actuellement.
Contourner blocage FAI
This is an example BIMI record that includes a VMC. This record includes 2 example URLs :
.
v=BIMI1;l=https://images.solarmora.com/brand/bimi-logo.svg;a=https://images.solarmora.com/brand/certificate.pemThis is an example BIMI record that doesn’t use a VMC. Make sure to replace the example URL with the URL for your own SVG file location.
one.one.one.one or 1dot1dot1dot1.cloudflare-dns.com and press Save.bash
curl --http2 -H 'accept: application/dns-json' https://1.1.1.1/dns-query?name=cloudflare.com --next --http2 -H 'accept: application/dns-json' https://1.1.1.1/dns-query?name=example.com
The bearerURI for a VHF/FM service is compiled as follows:fm:<gcc>.<pi>.<frequency>The <frequency> element may be replaced by the asterisk ("*") character to signify any frequency. In this case the PIcode alone shall be used by the device to locate the source
| GCC | PI | Frequency (MHz) | RadioDNS bearerURI | |-----|------|------------------|--------------------| | ce1 | c586 | 95,8 | fm:ce1.c586.09580 | | de0 | d1e0 | 103,9 | fm:de0.d1e0.10390 | | ce1 | c201 | many | fm:ce1.c201.* |
nslookup -type=CNAME 09880.c201.ce1.fm.radiodns.org
权威各种DNS有什么区别?比如帝恩思小编的电脑上配置的是DNS114.114.114.114,但是www.dns.com用的是帝恩思dns.com的DNS,这两种DNS有什么区别?这里就做一些解释。首先,DNS按功能(角色)的分类:1.权威DNS:权威DNS是经过上一级授权对域名进行解析的服务器,同时它可以把解析授权转授给其他人,如COM顶级服务器可以授权dns.com这个域名的的权威服务器为NS.ABC.COM,同时NS.ABC.COM还可以把授权转授给NS.DDD.COM,这样NS.DDD.COM就成了ABC.COM实际上的权威服务器了。平时我们解析域名的结果都源自权威DNS。比如dns.com的权威DNS服务器就是帝恩思的ns1.dns.com ns2.dns.com2.递归DNS:负责接受用户对任意域名查询,并返回结果给用户。递归DNS可以缓存结果以避免重复向上查询。我们平时使用最多的就是这类DNS,他对公众开放服务,一般由网络运营商提供,大家都自己可以架递归DNS提供服务。递归DNS一定要有可靠的互联网连接方可使用。比如谷歌的8.8.8.8和8.8.4.4以及114的114.114.114.114和114.114.115.115都属于这一类DNS。你本地电脑上设置的DNS就是这类DNS。3.转发DNS:负责接受用户查询,并返回结果给用户。但这个结果不是按标准的域名解析过程得到的,而是直接把递归DNS的结果转发给用户。它也具备缓存功能。他主要使用在没有直接的互联网连接,但可以连接到一个递归DNS那里,这时使用转发DNS就比较合适。其缺陷是:直接受递归DNS的影响,服务品质较差。比如我们用的路由器里面的DNS就是这一类,用路由器的朋友可以看下本地电脑的DNS一般都是192.168.1.1。
DNS 有几种类型
bash
$ host -t txt wd.ip.wtf
wd.ip.wtf descriptive text "Welcome to Wordle over DNS! Today's puzzle is #1: <guess>.1.wd.ip.wtf"
wd.ip.wtf descriptive text "This shell function makes it easier to play"
"wd() { dig +short txt $1.1.wd.ip.wtf | perl -pe's/\\\([0-9]{1,3})/chr$1/eg'; }"
bash
$ wd() { dig +short txt $1.example.wd.ip.wtf | perl -pe's/\\\([0-9]{1,3})/chr$1/eg'; }
$ wd crane
"⬜⬜🟨🟨🟨"
$ wd reads
"⬜🟨🟨⬜🟩"
$ wd sense
"🟨🟨🟨⬜⬜"
$ wd names
"🟩🟩🟩🟩🟩"
You can add custom domains to any Heroku app. Adding domains does not incur extra charges.
The point of DoH is to bypass any other DNS or censorship further down the line.If you want to use DoH AND your hosts file then you need to use DoH as your OS's DNS so it is after the hosts file.
.
And the latter (DHCP server) is great because it means that all machines connecting to your router will now have their DNS requests routed through your Pi-Hole.
This means that the request had pass to the external network but did not come back...
Good to know to check if it works well on proxy in this way: Run below command in one terminal: sudo tcpdump -n -i en0 host 8.8.8.8
And run below command in another terminal: dig @8.8.8.8 www.google.com
If you're already an admin for the zone in question, then the proper way to get that information is to log on to the DNS server or DNS control console and read it right from there. If you're not an admin for the zone, you're not supposed to have that information. Note that the person you are talking to on the phone is almost certainly not a DNS zone admin, so they also should not have that information. If they somehow did have it, they definitely shouldn't give it out over the phone. This is for your protection.
DNS zone information is sensitive. Many years ago it was possible for anyone to query a DNS server and literally get back all the records at once, but that was a security issue. Now you have to be an admin for the zone to get that info.
This is a cool little DNS and subdomain related tool. Who knew I had this many subdomains?!
CNAME RR
RR - resource record
CNAME A <domain-name> which specifies the canonical or primary name for the owner. The owner name is an alias.
The second sentence ruins understanding this definition for me. Does this mean that CNAME is basically an alias, but it is the highest priority one (hence the designation "primary")?
My next move will be to further lower my visibility to 3rd party tracking with a combination of pi-hole caching DNS blocker and wireguard VPN .
Authors of third-party tools should prefix each label key with the reverse DNS notation of a domain they own, such as com.example.some-label.
With a single source IP address it's possible to quickly determine the type of devices on their network, and the social networks they frequent – Google, YouTube, Facebook, Soichat.com, TikTok, Line (a chat application), among many other domains.
To add insult to injury I learn that when Cloudflare automatically detects an anomaly with your domain they permanently delete all DNS records. Mine won't be difficult to restore, but I'm not sure why this is necessary. Surely it would be possible for Cloudflare to mark a domain as disabled without irrevocably deleting it? Combined with the hacky audit log, I'm left with the opinion that for some reason Cloudflare decided to completely half-ass the part of their system that is responsible for deleting everything that matters to a user.
...and this is why some companies should not grow to become too big for the good of their customers.
Dynamic DNS
enter a forward to http://www.mydomain.com in the "Forward My Domain" section of the Domain Details tab, rather than setting up something in the Forwards tab