• @Telodzrum@lemmy.world
    link
    fedilink
    20911 months ago

    If you can’t remember the IP address of every site you’d like to visit, you don’t deserve the internet.

    • @CaptDust@sh.itjust.works
      link
      fedilink
      119
      edit-2
      11 months ago

      Pro tip, You don’t have to remember it. I have all my favorite IPs in a nice address book, keep it in my drawer next to my passwords

      • @snaggen@programming.dev
        link
        fedilink
        811 months ago

        My company actually used a whiteboard instead of a DNS for our internal network. We used it as a temp solution during setup, then 5 years later it was still in use. It worked quite well.

      • @Synthuir@lemmy.ml
        link
        fedilink
        64
        edit-2
        11 months ago

        I know this one! All credit goes to FauxPseudo@lemmy.world

        "^\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])(\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])(\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])(\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])(\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])(\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])(\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])(\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])){3}))|:)))(%.+)?\s*$"
        
      • @hihellobyeoh@lemmy.world
        link
        fedilink
        611 months ago

        I remember 1 of the Google dns ones, only because when trouble shooting network issues it is my go to ip to ping so I know the instant I am connected again.

        • u/lukmly013 💾 (lemmy.sdf.org)
          link
          fedilink
          English
          811 months ago

          Oh, I forgot about DNS servers. Then I remember:
          8.8.8.8 - Google
          9.9.9.9 - Quad9
          1.1.1.1 and 1.0.0.1 - Regular Cloudflare
          1.1.1.2 and 1.0.0.2 - Cloudflare “Malware blocking”
          1.1.1.3 and 1.0.0.3 - Cloudflare “Malware and adult content blocking”
          45.90.30.180 and 45.90.28.180 - NextDNS

          And I think 2960:fe::fe is also Quad9, but I’ll have to check. Nope, it’s 2620:fe::fe. So just the ones above.

  • @RegalPotoo@lemmy.world
    link
    fedilink
    English
    3911 months ago

    Tbh, if you can’t tap out Ethernet frames with a Morse key and decode the response by watching the blinking of an LED wired to the RX pair then you really don’t deserve to be on the internet. Git Gud.

    • @Inucune@lemmy.world
      link
      fedilink
      1411 months ago

      When it breaks, it isn’t always obvious or easy to fix, but can cause problems for anything that has to talk to anything else. The biggest thorn it puts in my side is that short names [ThisPC] are served differently than fqdn [ThisPC.MyDomain.com]. Does NotMyApp use short or FQDN to resolve other machines? I don’t find out until the Wireshark.

      • @smileyhead@discuss.tchncs.de
        link
        fedilink
        411 months ago

        Okey, I understand this is fundamental and when not working can cause the service to stop working. But I don’t yet know how does it break or is not easy to troubleshoot?

        Haven’t hosted anything big yet, so I always just had to check the records via “dig” command if they are served correctly.

        • @Chobbes@lemmy.world
          link
          fedilink
          611 months ago

          DNS setups can get fairly complicated with enterprise VPNs and stuff, but the main thing is probably just that DNS is built entirely around caching, so when something does go wrong or you’re trying to update something it’s easy for there to be a stale value somewhere. It’s also really fundamental, so when it breaks it can break anything.

          Overall, though, DNS isn’t terribly complex. It’s mostly just a key-value store with some caching. Running your own nameservers is pretty cool and will give you a much better understanding of how it all fits together and scales.

        • @evranch@lemmy.ca
          link
          fedilink
          511 months ago

          Really annoying is when recent devices don’t respect the DNS you’re advertising or allow configuration (Android…)

          My site is behind CGNAT on IPv4 with recently added fully routed IPv6. There are legacy control devices all over it that don’t speak IPv6, with local DNS records that allow them to be readily accessed while walking around with a mobile device… Allowed them to be accessed that is, until IPv6.

          The Android IPv6 stack ignores the RA for my local DNS and also resolves via v6 by default, forwarding local queries upstream and returning no results. Then it doesn’t bother to fall back to v4. Unrooted Android has no exposed configuration for IPv6 of any sort to modify its behaviour, no hosts file to override or any way I can see to fix this. I can’t even disable IPv6 on my phone.

          So to access my local devices from Android I need to use their full IPv4 address or VPN back into my own network… Oh wait, the stack is so broken that despite setting DNS in Wireguard, it still tries to resolve through upstream v6 first!

          Apparently recent smart TVs are doing similar even on IPv4, hard-coded to 1.1.1.1 or 8.8.8.8 to dodge ad blocking, which is plain malicious and ignores all standards…

          So anyways this is why DNS is dragon #3

  • @jbk@discuss.tchncs.de
    link
    fedilink
    2211 months ago

    My prediction is that we’ll go DNSSEC globally when IPv6 gets mainstream adoption. It sucks how many just don’t care enough.

    • Domi
      link
      fedilink
      2811 months ago

      when IPv6 gets mainstream adoption

      At the current speed that would approximately be in 2087.

    • @Chobbes@lemmy.world
      link
      fedilink
      811 months ago

      The abysmal adoption of DNSSEC is just embarrassing, and I haven’t heard any good arguments for why we shouldn’t do it. There’s one blog post that gets passed around as justification for not adopting DNSSEC, but it doesn’t really go into any technical detail and is mostly just the author saying “I’m scared of governments and TLDs”… which is maybe fair, but you still have to trust them for regular CA certs and everything, so why not make thr base secure?

      Honestly, I might care slightly more about DNSSEC than IPv6 adoption… IPv4 exhaustion and NATing everywhere sucks, but the fact that you can’t trust DNS is like… insane.

  • Mactan
    link
    fedilink
    2111 months ago

    I have no doubt in my mind that there’s some subset of the suckless crowd that thinks dns is bloat

    • Kuhelika
      link
      fedilink
      4
      edit-2
      11 months ago

      No you don’t understand bro. DNS is a useless service that serves no purpose other than increasing attack surface for hackers. Who needs dns when you can just type ip address?

    • Snot Flickerman
      link
      fedilink
      English
      41
      edit-2
      11 months ago

      CC BY-NC-SA 4.0

      This might be funnier than all those Facebook accounts with warnings about “I do not authorize anyone to use my photos!”

      Because they’re trying to copyright an internet comment that they posted on a service hosted by someone else, with a creative commons license attached. It’s like a step up in knowing how shit works, but still not knowing enough.

      If you really want ownership over what you say… don’t post it on the fucking internet.

      • @leopold@lemmy.kde.social
        link
        fedilink
        English
        2011 months ago

        I mean, not really. You own the stuff you create regardless of who’s hosting it. Microsoft doesn’t own the copyright for the millions of projects hosted on GitHub either.

        • Snot Flickerman
          link
          fedilink
          English
          1311 months ago

          I use pigeons and let the wind tell me where to send them.

          So is other guy gonna sue me now and win because I just copy and pasted what they said? This is a joke.

          • @leopold@lemmy.kde.social
            link
            fedilink
            English
            1611 months ago

            I mean, probably not. That’s such a short post, chances are courts wouldn’t find it copyrightable. And obviously attaching a license at the end of your comments is useless in practice, because no one on the internet actually properly engages with copyright law. Plus suing over copy-pasting someone’s social media post is dumb as hell and no one does that, tho I do think you could technically do it and win, because current copyright laws make zero sense if you actually stop and think about it for any amount of time.

            • Snot Flickerman
              link
              fedilink
              English
              811 months ago

              current copyright laws make zero sense if you actually stop and think about it for any amount of time.

              So true.

              • kbal
                link
                fedilink
                1111 months ago

                My lawyers will argue that this willful infringement of my rights as the orignal author of the famous 1997 Internet comment “So true” means that you now owe me $4000000 in damages, but I’ll settle for one bitcoin.

        • lemmyvore
          link
          fedilink
          English
          611 months ago

          And yet Microsoft made Copilot, and there are currently lots of clueless programmers out there using it to inject code with god knows what licenses into their company’s software.

          • @leopold@lemmy.kde.social
            link
            fedilink
            English
            511 months ago

            Which hasn’t been free of legal challenges. Current copyright law doesn’t account for machine learning, which is what allows them to do this. This could soon change.

        • lemmyvore
          link
          fedilink
          English
          411 months ago

          You own the original, which you’ve written on your pc or phone. But the one that ends up on the website is a copy, on which you’ve granted the website owner a non-revokable license to do with as they please ie. a copy-right.

          • @leopold@lemmy.kde.social
            link
            fedilink
            English
            511 months ago

            Not really. You’ve granted the owner some rights, such as the right to host your content and present it to any user on the platform, but they don’t own it. Twitter can’t start using any art hosted on their platform for their branding, because it’s no theirs.

            • lemmyvore
              link
              fedilink
              English
              311 months ago

              They can if the license you granted them says they can. Read it. These platforms usually make you grant then extensive rights. Yes they don’t own the content but given such broad permissions it makes very little practical difference.

      • @averyminya@beehaw.org
        link
        fedilink
        1211 months ago

        Wait lol are people posting that to their comments to use it as claimed ownership? I did not realize that was the intent there

  • @mvirts@lemmy.world
    link
    fedilink
    1911 months ago

    Lol … DNS is one of the pillars upon which the internets tands, a crumbling mess of a pillar but I’m sure glad we don’t have a name system built on hosts files 😹

  • @iopq@lemmy.world
    link
    fedilink
    1511 months ago

    It’s insecure, which lets governments like China poison it. They straight up block encrypted DNS

    • @knfrmity@lemmygrad.ml
      link
      fedilink
      1011 months ago

      The EU regularly forces DNS server operators to remove entries or redirect certain domains. It’s super easy to circumvent but most users don’t know that.

        • @knfrmity@lemmygrad.ml
          link
          fedilink
          211 months ago

          The sites I’m thinking of never had their IPs completely blocked, the DNS entries for the domains were just removed. If you were to switch to a non-EU or self-hosted DNS server you’d get to the site.

          But the domains in question are generally ones the US/EU/NATO propaganda machine has told people are bad, so there’s no outrage when they’re blocked. In many cases there are often cheers.

      • @uiiiq@lemm.ee
        link
        fedilink
        111 months ago

        As long as there is an oversight and rules, I don’t have a problem with that

    • cum
      link
      fedilink
      English
      111 months ago

      It’s not insecure at all, quite the opposite. Also with DoH, it blends into regular traffic.

      • @iopq@lemmy.world
        link
        fedilink
        210 months ago

        DoH is blocked in China, they cut any TLS connection to a known DNS server (1.1.1.1, 8.8.8.8, 9.9.9.9, etc.)