I am monitoring a domain for when it expires. I am familiar with the expiring domain process: grace period, redemption period and then deleted.
What has me baffled is when I search for this particular domain in any WhoIs database (NetworkSolution, ICANN, etc). The result is:
No match for "<domain name>" in the registrar database.
From NetworkSolutions:
The previous information has been obtained either directly from the registrant or a registrar of the domain name other than Network Solutions. Network Solutions, therefore, does not guarantee its accuracy or completeness.
Show underlying registry data for this record
The last line is a link to some brief information that was in the registry. Most notable information is the WhoIs server name and the registrar (GoDaddy).
Here is the output from that link
Domain Name: <domain name>
Registrar: GODADDY.COM, LLC
Sponsoring Registrar IANA ID: 146
Whois Server: whois.godaddy.com
Referral URL: http://www.godaddy.com
Name Server: No nameserver
Status: redemptionPeriod https://www.icann.org/epp#redemptionPeriod
Updated Date: <date>
Creation Date: <date>
Expiration Date: <date>
From ICANN WhoIs Search
The requested second-level domain was not found in the Registry or Registrar’s WHOIS Server.
Now, ICANN does not provide any information on the registry.
So, if there is no match, technically wouldn't it be available for purchase? How is this possible? Shouldn't there always be information in the registrar even in redemptionPeriod.
Your question is not explicit enough, and of course without a domain name it is difficult to help you.
Some points though:
ICANN is not a registrar, and as such does not have a whois service that could help you, you should contact the registries whois server directly
for the same reason, first contact registries whois servers before registrars one; registries are authoritative on their data
As for the discrepancies you may see, I would refer you to my other extensive reply that deals with the subject: https://unix.stackexchange.com/a/407030/211833
You should then understand that a registry may have deleted a domain name and hence making it not showing anymore through its whois server while the sponsoring registrar may not have updated its database and hence its own whois server would display something else. There are also no obligations for them to be updated in real time while on the field they may be.
Related
I want to identify the Public IP address of a local company. More specific, i need the IP address where the offices are located. Because it's a small company, i assume they only have 1 public IP. The only thing i had, was the domain name. But i already did some investigation in DNS based on that domain name.
Result of the investigation based on domain name:
The company has 1 website, hosted by a hosting company. In DNS i did a lookup and i fetched the IP address of the website (A record), but it's the IP of the hosting company.
I found the domain name and IP address of 2 DNS servers registered for the domain, but they both are DNS servers of the hosting company which hosts the domain (NS records).
I found the domain name and IP address for 1 mail server registered for the domain (MX record). it seems that the company uses outlook as a mail server because the (MX record) is: domainname.com01c.mail.protection.outlook.com.
As you can see the results i already got are useless because they all point to services that are not hosted in the company's local offices but elsewhere.
Is there another way or method that i can use to identify the public IP used from the company's local offices? Or can i do more investigation based on the results i already found in DNS?
Use their Domain name to do a Whois Lookup:
https://whois.domaintools.com/
For example, with Google:
https://whois.domaintools.com/google.co.uk
You can also Use Maltego for more in-depth information on this but this is probably a question for https://security.stackexchange.com/
Maltego: https://www.paterva.com/web7/
I have an account with an internet provider, the majority of my company is based on the mail server they provide which is a bog standard UX style server from what I can tell. They offer the ability to edit the DNS records in the admin login, and you can edit the MX records.
What I want to do is introduce a subset of email accounts that are managed by a second mail server, this being an MS Exchange server. So what I want, I think, is to configure the Authoritative server as the 1and1 server, and configure the Exchange server as a non-Authoritative server and have the Authoritative server forward all non local addresses, or specified addresses, on to the Exchange server. Thus all addresses would look the same old_mx#ab.com and exchange#ab.com, but they would be resolved by different mail servers, working in tandem. My assumption had been you could specify a destination for unresolved e-mail addresses before they are declared void and bounced.
I spoke to a support engineer at 1and1 who said it was possible but they needed the exchange server address. Seemed reasonable, MS seem to think it's possible and provided an address. I just phoned the ISP back with the Exchange server details as provided by MS... and the next engineer says it isn't possible.
Can we confirm this is possible firstly, and how would I go about configuring it?
Not much help has been forthcoming on this question, but I do have some leads on answers myself. It would seem that there is no DNS record solution to the problem, not one commonly supported anyway. The DNS can only really be used for primary and secondary MX definition.
The only way to set this form of triaged MX server seems to rely on the MS Exchange server being defined as the first link in a chain of mail servers. i.e. The DNS referenced server. Once this is done the MS Exchange server can be configured as a non-Authoritative reference, within the server. Once that is done the MS Exchange is then provided with the subsequent servers to reference. On receipt of an e-mail that the MSE server doesn't recognise it will then forward the mail to another server that might be another non-authoritative MSE or an authoritative server of any description. The end server would then be responsible for returning any error messages back to the sender.
If anyone finds a better solution that doesn't involve redefining the master mail MX records I would be very interested, as I don't really want the MSE setup as the primary MX record.
I'm in the process of moving my DNS to Google Cloud Platform and wish to set up vanity nameservers.
Is this possible with gloud?
I have two domains currently in my project
abc-net.co.uk (vanity)
abc.co.uk (company domain)
I have set 4 records of
ns1.abc-net.co.uk A -> 216.239.32.109 (ns-cloud-d1.googledomains.com)
ns2.abc-net.co.uk A -> 216.239.34.109 (ns-cloud-d2.googledomains.com)
ns3.abc-net.co.uk A -> 216.239.36.109 (ns-cloud-d3.googledomains.com)
ns4.abc-net.co.uk A -> 216.239.38.109 (ns-cloud-d4.googledomains.com)
I have compiled all records in my project for abc.co.uk but when I run a dig against #ns1.abc-net.co.uk it tells me recursion is not allowed
Can I not set up vanity nameservers?
NS Specification
NS records must point to address records (e.g. A and AAAA) and not to alias records (e.g. CNAME).
- see RFC 2181 section 10.3
Summary
Correctly creating Google Cloud vanity nameservers is possible, but does require the risk of future server down-time if Google changes any nameserver IP addresses associated with your vanity nameservers. If such a risk does not bother you, use the following directions to create them.
Directions
Note: The following directions were provided at a time when IPv4 A and IPv6 AAAA records ruled the web.
Get each nameserver's IPv4 and IPv6 address.
``` $ host ns-cloud-x0.googledomains.com ```<br/><br/>
Create A and AAAA records for each vanity nameserver at your domain's local DNS zone.
Register each vanity nameserver's FQDN, IPv4, and IPv6 with your domain's registrar (e.g. Enom and GoDaddy).
Wait for your registrar to confirm the addition of your vanity nameservers.
Wait 24-72 hours to allow the new DNS records time to propagate.
Update the NS and SOA records of your domains to point to your vanity servers.
Yes, it is perfectly doable with Google Domains.
In the Custom resource records section, create A records and point them to Google DNS servers (ns1.abc-net.co.uk A -> 216.239.32.109, etc.), exactly as you did above
In the Registered hosts section, create glue records (ns1.abc-net.co.uk, etc.), pointing them to the same Google servers
In the Nameservers section, enter your custom name servers (ns1.abc-net.co.uk, etc.).
Wait for DNS propagation (it will be near instant if you use Google or Cloudflare DNS resolver).
Note that you won't be able to have DNSSEC active.
Hope this helps.
Instead of A records hardcoding the IPv4 address of ns-cloud-d#.googledomains.com, create 4 CNAME records, ns#.abc-net.co.uk, pointing to the ns-cloud-d#.googledomains.com servers. Then, your NS record would be all four of the ns#.abc-net.co.uk names that you made CNAME records for. I just did this with my domain and it is working great.
This allows the IP addresses of Google's resolver servers to change without breaking your DNS functionality. Additionally, IPv6 clients will resolve over IPv6.
I'm very confused by the fundamentals of DNS records (in this case MX records). Right now I have registered a domain name (let's call it example.com). This domain is configured to my linode's IP via their nameservers.
The default MX record that is in the Domain Manager is 'mail.example.com'. Fair enough.
I followed this tutorial about setting up a exim server.
Exim Tutorial in Linode Library
and I'm kind of confused. My default hostname on the machine is 'antares' and thus the FQDN is 'antares.example.com'. In this tutorial I don't see how this 'mail.example.com' is coming into play? Where do I specify this? Or should I point the mail MX record to antares.example.com?
I'm very new to DNS records and even more new to mail records. Any hints to clarify my misunderstanding would be invaluable.
the DNS server for your domain will by default serve up the www or .domain.com entry to web browsers etc but it actually hosts a bunch of name pointers for other services, one of which is mail exchange.
Services which need your mx record value know how to look it up from your DNS server, so in this case they will find mail.domain.com when you supply the domain.com part.
If you need to set up a mail server you will need to change the mx record in your domain manager to point to your machine ip, this can be different from your default www host name/ip on the same domain as every service can be served by a different host (any ip).
I've recently setup my Ubuntu web server with exim4 so my PHP website applications can send email such as "thank you" and "confirmation" notices.
I've got it setup and working such that I can send email to gmail, Yahoo! and my work address. However, my work email gets caught up in our spam filter. I'm new to setting up mail servers so I'm not sure what I might need to look for in making this mail server more trusted, while keeping is secure.
Here are some details:
Server is NATed behind a firewall.
Firewall has port 25 open for outgoing SMTP traffic (from server to anywhere).
Server is virtual hosting a couple different of our websites
The server is running the following exim4 config:
dc_eximconfig_configtype='internet'
dc_other_hostnames='web-serv.example1.com;example2.com'
dc_local_interfacees='127.0.0.1'
dc_readhost=''
dc_relay_domains=''
dc_minimaldns='false'
dc_relay_nets='' dc_smarthost=''
CFILEMODE='644'
dc_use_split_config='false'
Questions:
Do I need to open port 25 to incoming SMTP mail (anywhere to server)? I wonder if other mail servers need to talk to my mail server to verify itself, in a sort of handshake attempt.
I have not created any MX records primarily because the server has different websites on it the mail server should send mail for all the websites. Do I need to pick/create a domain address and create MX records for it?
One thing of note is that the mail headers look like this:
Return-Path: <www-data#example2.com>
Received: from web-serv.example1.com ([Firewall public IP Address])
Received-SPF: neutral (google.com: [Firewall public IP Address] is neither permitted nor denied by best guess record for domain of www-data#example2.com)
"web-serv" is the host name of the server, such that you get this if you type it into the command line:
$ hostname
web-serv
and "www-data" is the account name for the Apache2 server that Ubuntu gave it as default.
Any other general advice would be appreciated. It's all new to me.
Cheers!
One item of note, since I posted this question time time ago (almost 10 months) is that I found out the biggest issue I had was with setting up the DNS for reverse DNS on our hosting providers side of things.
In other words, our hosting provider (the people who give us our IP address and manage our hardware) had to enter a record to match my server(s) hostname to whatever IP address it used.
There's a specific name for this. I believe it's a "PTR" record but the name escapes me at the moment, but you basically tell them "my server hostname is ..." and they do a quick update to the DNS for reverse DNS purposes.
When I asked this question, we had a different hosting provider who didn't really help explain this to me, and after switching providers, I got to talk to someone who was happy to help me understand that side of the equation.
And as I understand it, this is setup by the people who assign you the IP addresses. But there's probably more to it than that.
Once I got that setup properly, email had no problem getting through the spam filters and Gmail/Yahoo showed SPF as "passed". It was showing neutral before.
Our company email was set to drop any email that would not resolve reverse DNS, which is why I could not even receive the email or find it in the spam filter. Of course, that situation would be dependent on the company and what email policy and software they're using to manage spam. Some might just drop all email that does not reverse DNS and some might dump it in to spam filters instead.
Hope that might help some people with similar issues.
Cheers!