Press "Enter" to skip to content

Posts published in March 2021

rDNS (Reverse DNS) explained

By Bob on March 24, 2021

So you have set up your Forward DNS. You are happy that you added all the needed DNS records, and you think you are done. Guess again! What are you missing? Just try to send an email from the domain, and immediately you will notice a problem. Your emails are going missing or to the SPAM folder because you haven’t set up a rDNS (Reverse DNS)! Luckily, now you will learn all about it.

What does rDNS mean?

The Reverse DNS is a service, a part of your typical managed DNS plan, and it allows reverse lookups. It lets you create a Reverse DNS zone, where you can add PTR records and use them as proof that the IP addresses and the domain name matches.

The Reverse DNS works with both IPv4 addresses and IPv6 addresses. You can use it with one or the other or both at the same time.

You will need proof that the PTR records provide so servers of other companies can backtrack the IP address to the domain name, and that way, to be sure that it is not a scam.

You will need the combination of A (IPv4), or AAAA (IPv6) records that map domain names and IP addresses and PTR records that have the opposite purpose, IP addresses to a domain name.

Why should we care about rDNS?

You should care about rDNS if:

  • You want your emails to arrive at their destination and check of the incoming mail server to finish successfully. You will most probably need a few more records than the PTR, like SPF, DMARC, and DKIM records.
  • If you are an IP network owner, you will need it to be able to do reverse lookups.

How to start using Reverse DNS?

  1. Get a DNS plan with Reverse DNS. The rDNS is a service that is usually missing from the free DNS plans. So, first, you will need to get a paid plan with Reverse DNS included and other parameters that you will need for your Forward DNS.
  1. Create a Primary Forward DNS zone. You will need to add the A or AAAA record that links your domain name to the IP addresses first.
  2. Create a Primary Reverse DNS zone. You can do it from the control panel of your provider. There you find the add Reverse DNS zone. Pay attention to the instruction. Usually, you will need to add a range of IP addresses in reverse.
  3. Add the PTR records. They must link the IP addresses to A or AAAA records in the Froward DNS zone. If they don’t make a match, it won’t function.

Can you check your Reverse DNS?

Yes, you can check your Reverse DNS by probing the IP addresses and see if they lead to the hostname. The easiest way to do it on most of the OSes (Linux, macOS, Windows, etc.) is to use the Nslookup command:

nslookup 192.169.1.2

Just change the IP address, in this case, is 192.169.1.2, with the one you want to verify. This one is an IPv4 address, but you can put an IPv6 address too.

If you need more information I recommend you this article: What is Reverse DNS?

Conclusion:

The Reverse DNS is a must-have when we are talking about sending emails. If you don’t set it up correctly, you might have emails that don’t arrive at the destination. That can cause missing opportunities, problems, and extra costs. You don’t want to lose money just because you didn’t set up your rDNS, do you?

What is the MTR command, and how to use it?

By Bob on March 17, 2021

What is the MTR command?

MTR command is a type of traceroute command developed by Matt Kimball in 1997 that allows both traceroute and ping in the same software. Originally the name MTR was an abbreviation of Matt’s traceroute, but in 1998, his colleague Roger Wolff worked on it too and changed the name to My traceroute.

Why is the MTR command better than the traditional Traceroute or Tracert?

The MTR command is better because it combines the Ping and the Traceroute command and gives additional information (statistics about time, packet loss, and round-trip time, too) about each hop on the way from the computer to the host.

MTR will send ICMP ECHOs (pings) and wait for them to return.

How can you get the MTR command?

To get it, you will need a few commands to download it and install it. You can do it on Ubuntu, other Linux distros, macOS, or BSD and its derivates. Sorry, but the command is not available on Windows.

Ubuntu

  1. Log in to your server, or start the Terminal application
  2. Write the command:

sudo apt update

this will update the list of all packages available

  1. Install with the following command:

sudo apt -y install mtr

macOS

  1. Open the Terminal app
  2. Install first the Homebrew with the following command:

/bin/bash -c “$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install.sh)”

  1. Now, you can install the MTR command with:

brew install mtr

BSD

  1. Log into your server, or start the Terminal application
  2. Use the following command

pkg install mtr

You can install the MTR command on most Linux distros like Arch Linux, CentOS, Fedora, RedHat, Debian, and more.

Suggested article: What is Traceroute command and how to use it?

How to use the MTR command?

You can use it through the Terminal application. You have two basic ways to use the MTR command:

mtr + hostname – This one will show you the route to a particular hostname / domain name.

mtr +IP address – This will trace the route to a particular IP address. It could be IPv4 or IPv6 address.

The MTR syntax

mtr [-hvrctglspni46] [–help] [–version] [–report] [–report-cycles COUNT] [–curses] [–split] [–raw] [–no-dns] [–gtk] [–address IP.ADD.RE.SS [–interval SECONDS] [–psize BYTES | -s BYTES] HOSTNAME [PACKETSIZE]

But to see it more clearly, imagine it like this:

mtr OPTION OPTION’S VALUE hostname / IP address

  • mtr – my traceroute command.
  • OPTION – additional option for more precise probes. You can see the table below.
  • OPTION’S VALUE – sets the time or repetition. It depends on the option you have chosen. 
  • Hostname / IP address – You can put one of the two to trace the route to it.

We recommend you to read also about NSlookup command and DIg command

MTR command’s options

-h-helpHelp
-v-versionMTR’s version
-r-reportReport mode needs -c to specific the cycles before showing statistics at the end.
-w-report-wideExtended report mode.  
-c COUNT–report-cycles COUNTThe number of pings that must be sent.
-s BYTES–psize BYTES PACKETSIZEChoose the size of packets. If you chose a negative value, they would have a random size. 
-t–cursesCurses-based terminal interface
-n–no-dnsShow IP address, don’t resolve the hostname.
-g–gtkGTK+ interface.
-p–splitSplit-user interface.
-l–rawRaw output format. 
-a IP.ADD.RE.SS–address IP.ADD.RE.SSLink packets’ sockets to a specific interface
-i SECONDS–interval SECONDSSeconds between pings.
-u Use UDP.
-4IPv4 address only.
-6IPv6 address only.

The MTR command is a nifty tool for network diagnostic. Try it out! 

Secondary DNS (Slave DNS) explained

By Bob on March 11, 2021

You probably came to this article because you want to improve your DNS’s reliability, and you heard about Secondary DNS. Yes, Secondary DNS definitely useful to provide redundancy, and peace of mind, especially in this world, constantly full of DDoS attacks and other DNS problems.

Secondary DNS explained?

Secondary DNS, also known as Slave DNS or Backup DNS, is a service that provides a network of DNS servers that are secondary to the Primary DNS server. They can automatically copy the Primary DNS zone file and provide more points in the world where your DNS records are available even in case of downtime with your Primary DNS.

Your DNS is managed inside the Primary DNS. There you can add, remove or edit DNS records. The Secondary DNS could be a service that the same DNS provider offers, or it could be with another DNS provider. Even multiple Secondary providers, if you really want to back up that Primary DNS.

There is a mechanism for copying the zone data, usually through an API.

That way, the Secondary DNS receives the changes that happen in the Primary DNS.

Why should you consider a Secondary DNS service?

  • The main point why you would like a Secondary DNS service is redundancy. If, or most likely when your Primary DNS goes down, your Secondary DNS will continue to answer queries. No problems! It will reduce the risk of downtime significantly. Your customers will be able to reach your site or use your app undisturbed.
  • Lower the weight of your Primary DNS. You can use the Secondary to reduce the stress on the Primary. It can load balance and answer queries, too, so not all queries must be answers straight from the Primary DNS. It will reduce the stress and lower the chance of single-point failure.
  • Hide the Primary DNS. You can also completely hide the Primary and make it look like your Secondary DNS is your primary. This way, the most valuable for you server will be hidden from the eyes of your attackers. You can bullet-prove your Primary DNS with a firewall too.
  • Have a backup. If something bad happens to your Primary DNS, you still will have a complete backup of the zone file. All your DNS records will be available, and you can save them and later use them again for the Primary. It is not often that you lose all your data from the Primary, but it is nice to be relaxed knowing you have a complete backup.
  • It is easy to use. You won’t need to tweak many settings. Just find the mechanism for the zone transfer, probably through an API, and set it up. It usually takes very little time, and little to no knowledge is needed to connect the Secondary.
  • Easy migration. If you are going from one DNS provider to another, the Secondary DNS could be a good first step. You can see how well the new provider’s service works and how to use their control panel. When your DNS records are there already, it will be an easy step to go to any of their other plans.

Conclusion

The Secondary DNS is an easy way of backing up your Primary DNS and provide redundancy. It is easy to set up and deploy. It has one big flaw. It can’t work with DNSSEC. If the fast and easy way it works attracts you more than the problem, go for it. If no, don’t worry. There are other methods to provide excellent DNS, like Anycast or GeoDNS loading balance.