FamilyShield is a special service offered by OpenDNS distinct from our standard packages. Meant for home users who want to keep their children from seeing inappropriate images on their computers, FamilyShield will always block domains categorized in our system as Tasteless, Proxy/Anonymizer, Sexuality, or Pornography. Unlike our standard Home service, you don't need a registered network to use FamilyShield, and it's just as easy to configure. If you have any questions on FamilyShield not answered here, feel free to open up a support ticket or ask in the forums.

To use FamilyShield, you should set your DNS server entries as: 208.67.222.123 and 208.67.220.123.  On our website, you may notice that OpenDNS' DNS servers are 208.67.222.222 and 208.67.220.220, but these do not apply to FamilyShield customers. 

Migrating didn’t hurt as much as I thought it would—and dynamic DNS still works!

When the British government announced last week that it was transferring sovereignty of an island in the Indian Ocean to the country of Mauritius, Gareth immediately realized its online implications: the end of the .io domain suffix. In this piece, he explores how geopolitical changes can unexpectedly disrupt the digital world. His exploration of historical precedents—such as the fall of the Soviet Union and the breakup of Yugoslavia—offers valuable context for tech founders, users, and observers. //

On October 3, the British government announced that it was giving up sovereignty over a small tropical atoll in the Indian Ocean known as the Chagos Islands. The islands would be handed over to the neighboring island country of Mauritius, about 1,100 miles off the southeastern coast of Africa.

The story did not make the tech press, but perhaps it should have. The decision to transfer the islands to their new owner will result in the loss of one of the tech and gaming industry’s preferred top-level domains: .io. //

Once this treaty is signed, the British Indian Ocean Territory will cease to exist. Various international bodies will update their records. In particular, the International Standard for Organization (ISO) will remove country code “IO” from its specification. The Internet Assigned Numbers Authority (IANA), which creates and delegates top-level domains, uses this specification to determine which top-level country domains should exist. Once IO is removed, the IANA will refuse to allow any new registrations with a .io domain. It will also automatically begin the process of retiring existing ones. (There is no official count of the number of extant .io domains.)

Officially, .io—and countless websites—will disappear. At a time when domains can go for millions of dollars, it’s a shocking reminder that there are forces outside of the internet that still affect our digital lives. //

.io has become popular with startups, particularly those involved in crypto. These are businesses that often identify with one of the original principles of the internet—that cyberspace grants a form of independence to those who use it. Yet it is the long tail of real-world history that might force on them a major change.

The IANA may fudge its own rules and allow .io to continue to exist. Money talks, and there is a lot of it tied up in .io domains. However, the history of the USSR and Yugoslavia still looms large, and the IANA may feel that playing fast and loose with top-level domains will only come back to haunt it.

Whatever happens, the warning for future tech founders is clear: Be careful when picking your top-level domain. Physical history is never as separate from our digital future as we like to think.

This article describes which SRV records should be created for a domain. These SRV records allow clients to automatically detect which host and port should be used for relevant domain services.

setup autoconfig for Outlook

Enter NS Record Values:
In the Add NS Records popup window, enter the following values:

Name: The name of the subdomain you are delegating. For example purposes, we are using “subdomain.”

Value: Enter the nameserver information followed by a dot.

Duck DNS
free dynamic DNS hosted on AWS

Our dynamic DNS service will allow you to update the IPv4 and IPv6 address of your A and AAAA records of domains that you manage using dns.he.net through the use of a simple web request or using any dyndns compatible client. We do not currently charge for this service. it is included for free with your dns.he.net account.

Look My DNS - Check Latest DNS Propagation Status

Lookmydns.com allows you to check various DNS records like NS, A, TXT, MX, CNAME, PTR, AAAA etc. You can check the whole list by clicking on the dropdown option.

To generate a Wildcard certificate, I found the way to do it is by adding an NS type record for _acme-challenge.domain pointing to the domain, and this way it takes the TXT record from Plesk.

Host Type Record Value
_acme-challenge NS yourdomain.com

NextDNS protects you from all kinds of security threats, blocks ads and trackers on websites and in apps and provides a safe and supervised Internet for kids — on all devices and on all networks.
Try it now
No signup required.
Sign up later to save your settings.

exampleadultsite.com
is only a demonstration site.
If you were using OpenDNS Parental Controls or Web Filtering for business, this demo and real adult sites would be blocked.

We can redirect dns requests on Mikrotik to the IP address on the LAN interface of the Mikrotik router, assuming we want the Mikrotik router to serve as the dns server for all connected LAN users, or to the IP address of a locally hosted dns server. There are many reasons for doing this; top most on the list is security.

A. Force Redirect to OPENDNS (without PI hole)
/ip dns
set allow-remote-requests=yes servers=208.67.222.222,208.67.220.220

/ip nat
add action=redirect chain=dstnat dst-port=53 in-interface-list=LAN protocol=tcp
add action=redirect chain=dstnat dst-port=53 in-interface-list=LAN protocol=udp

B. Force OPEN DNS (via PI hole)
/ip firewall nat
add chain=dstnat in-interface-list=LAN protocol=tcp dst-port=53 action=dst-nat to-addresses=10.0.0.31 to-ports=53
add chain=dstnat in-interface-list=LAN protocol=udp dst-port=53 action=dst-nat to-addresses=10.0.0.31 to-ports=53
add chain=srcnat src-address=10.0.0.0/24 dst-address=10.0.0.0/24 action=masquerade

potential problems can arise when a domain’s DNS records are “lame,” meaning the authoritative name server does not have enough information about the domain and can’t resolve queries to find it. A domain can become lame in a variety of ways, such as when it is not assigned an Internet address, or because the name servers in the domain’s authoritative record are misconfigured or missing.

The reason lame domains are problematic is that a number of Web hosting and DNS providers allow users to claim control over a domain without accessing the true owner’s account at their DNS provider or registrar. //

In the 2019 campaign, the spammers created accounts on GoDaddy and were able to take over vulnerable domains simply by registering a free account at GoDaddy and being assigned the same DNS servers as the hijacked domain. //

How does one know whether a DNS provider is exploitable? There is a frequently updated list published on GitHub called “Can I take over DNS,” which has been documenting exploitability by DNS provider over the past several years. The list includes examples for each of the named DNS providers.

CHECK DNS PROPAGATION
Whether you have recently changed your DNS records, switched web host, or started a new website - checking whether the DNS records are propagated globally is essential.

Check DNS, Urls + Redirects, Certificates and Content of your Website

Use this server to make DNS queries against an Unbound instance and get logs. The Unbound instance is configured very similarly to Let's Encrypt's production servers, and is started fresh for each query so there are no caching effects.

ICANN has picked the TLD string that it will recommend for safe use behind corporate firewalls on the basis that it will never, ever be delegated.

The string is .internal, and the choice is now open for public comment.

It’s being called a “private use” TLD. Organizations would be able to use it behind their firewalls safe in the knowledge that it will never appear in the public DNS, mitigating the risk of public/private name collisions and data leakage.

.internal beat fellow short-lister .private to ICANN’s selection because it was felt that .private might lure people into a false sense of security.

While it’s unlikely that anyone was planning to apply for .internal as a commercial or brand gTLD in future, it’s important to note that when it makes it to the ICANN reserved list all confusingly similar strings will also be banned, un

FreeBSD 10 now has unbound for DNS lookups, which is a lot better than bind (the zone server, nsd, is not in FreeBSD base), but I was confused when my favourite DNS tools dig(1) was MIA.

So, what can we use now?