Hacker News new | ask | show | jobs
by PinguTS 1769 days ago
Wondering why I can't query the DNS directly.

  $ dig posts-2021-08-17-serving-blog-content-over-dns-md.hod.experiments.jacobkiers.net TXT
  
  ; <<>> DiG 9.8.3-P1 <<>> posts-2021-08-17-serving-blog-content-over-dns-md.hod.experiments.jacobkiers.net TXT
  ;; global options: +cmd
  ;; Got answer:
  ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49067
  ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
  
  ;; QUESTION SECTION:
  ;posts-2021-08-17-serving-blog-content-over-dns-md.hod.experiments.jacobkiers.net. IN TXT
  
  ;; AUTHORITY SECTION:
  hod.experiments.jacobkiers.net. 292 IN SOA home.kie.rs. postmaster.kie.rs. 2021081903 3600 900 604800 3600
3 comments
jacobkiers 1769 days ago
That's weird, it should work. I'll investigate when I get home.
link
PinguTS 1769 days ago
Just tried it again, now it works like magic. Don't know what was wrong.
link
bqmjjx0kac 1768 days ago
Spooky, maybe you were MITMed.
link
IncRnd 1768 days ago
You can look at this line.

> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

That says that the DNS server didn't answer - for whatever reason - despite the address of that server being determined. It could have been a form of HN's "hug of death" where the website temporarily goes down when many people start to view it in a short period of time.

link
masklinn 1769 days ago
Apparently uses DoH. I don't think dig(1) talks DoH, you'd have to use curl or kdig.
link
PinguTS 1769 days ago
DNS is DNS. You should be able to talk to the NS with DNS over UDP, TCP, or HTTP(s). The protocol used should not matter. The information received should be always the same.
link
ignoramous 1769 days ago
...in an ideal world
link