I should clarify I wasn’t a upper level sys admin managing those servers, I just used them or maintained accounts being a rank and file technician

While I get the fundamental concept of DNS as a phonebook for your IPs. I am not sure why it is joked around if something goes haywire or someone breaks something.

Is it because if you get no DNS, people can’t log in through their AD accounts, browse the Internet?

Afaik DNS is a bit of a rabbit hole topic, maybe that’s why people joke about it due to DNS being this “No one really knows how this magic name matching box works”?

Please correct me, I’d genuinely like to know why this is prevalent from you guys.

  • Shadow@lemmy.ca
    link
    fedilink
    arrow-up
    5
    ·
    4 months ago

    100% of the internet depends on it, and 90% of technical people can’t be bothered to learn how it works and understand it. Partly because they only touch it once every 5 years. They get what they need done but don’t understand why it worked, so it ends up feeling like black magic to them.

    • Skull giver@popplesburger.hilciferous.nl
      link
      fedilink
      arrow-up
      3
      ·
      edit-2
      4 months ago

      The worst part isn’t even that they don’t understand it, but that they think they know everything about it after learning the basics. Suddenly you get people blocking port 53/udp “because DNS uses UDP” and people using .dev and .local as internal domain names.

      Still not as misunderstood as NTP, though.

        • Skull giver@popplesburger.hilciferous.nl
          link
          fedilink
          arrow-up
          3
          ·
          4 months ago

          It’s fine to use if you’re using it for Bonjour/mDNS (which is enabled by default on basically everything these days). If not, any computer in your network can take on a .local domain of their choosing and your computers will happily resolve it before hitting the DNS server, or you may end up in a race between normal DNS and mDNS. Or you can manually disable mDNS on every machine and hope nothing else causes conflicts, I guess.

          If you need a TLD for fake internal domains, use .internal; that has recently been reserved for internal use and won’t end up in any standard protocols. There’s also a weaker blacklist list that’s part of the gTLD application process which includes .local, but that’s not necessarily set in stone.

      • AndrewZabar@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        arrow-down
        1
        ·
        4 months ago

        If anyone you know claims to have expertise in the computer field and doesn’t know everything about DNS (there’s not much to know) then those people are clueless and by no means are they experts.

        • Skull giver@popplesburger.hilciferous.nl
          link
          fedilink
          arrow-up
          2
          ·
          4 months ago

          there’s not much to know

          But there is. Between DNSSEC and EDNS you need to stay on top of stuff or your assumptions may be wrong. many supposed facts about DNS were assumptions by textbook authors that were invalidated years later, and that’s with the stuff that complies with the standards.

          DNS from the 20th century was simple modern DNS really isn’t.

    • AndrewZabar@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      arrow-down
      1
      ·
      4 months ago

      90% of technical people can’t be bothered to learn how it works and understand it

      Playing real fast and loose with the term “technical people.” If you mean just in general people familiar with and comfortable with tech, yeah that’s fine. If you mean those who work or hobby in the IT industry, well then they’re not very good at their jobs and probably should not have those jobs.

    • thermal_shock@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      edit-2
      4 months ago

      used to feel this way about dns until I setup my pihole. I love how dns controls so much behind the scenes.

      • stupidcasey@lemmy.world
        link
        fedilink
        arrow-up
        0
        ·
        4 months ago

        DNS isn’t supposed to control that much PIhole is a hack, it would be more accurate to say PIhole controls so much behind the scenes. DNS is supposed to do exactly this domain.com->1.2.3.4 nothing more and nothing less anything else is a hack when cloud flair runs all your traffic traffic through a proxy that is them hacking the system domain.com->change-1.2.3.4

          • BaroqueInMind@lemmy.one
            link
            fedilink
            arrow-up
            0
            ·
            edit-2
            4 months ago

            what do you think is pointing adservers to a black hole and not being able to reach my home network?

            The actual answer is a hosts list file that Unbound is augmenting within PiHole as a daemon. The entire core function of PiHole is leveraging Unbound. Without it, PiHole remains a useless GUI and minimal linux OS.

            In fact, you can completely ditch PiHole, if you know what you’re doing, and simply run Unbound as a daemon in a minimal container and do exactly what PiHole does, or run it bare-metal on your own hardware instead of buying their overpriced devices.

              • BaroqueInMind@lemmy.one
                link
                fedilink
                arrow-up
                0
                ·
                edit-2
                4 months ago

                It’s crazy to read that when my Unbound has a 1.6 million host size block-list with regex filtered domains and uses at less than half that amount of RAM.

                • trafficnab@lemmy.ca
                  link
                  fedilink
                  arrow-up
                  1
                  ·
                  4 months ago

                  I’ll keep that in mind for the next time I need to run a DNS server on a Pentium II system

            • undefined@links.hackliberty.org
              link
              fedilink
              arrow-up
              0
              ·
              4 months ago

              So happy to see someone explaining this because it’s always driven me crazy the amount of people pushing PiHole when you can do it so much more simply.

                • JackbyDev@programming.dev
                  link
                  fedilink
                  English
                  arrow-up
                  0
                  ·
                  edit-2
                  4 months ago

                  Like, when I install uBlock it comes with everything it needs. If I run Unbound does it block ads out of the box or do I need to point it to some list?

                  • BaroqueInMind@lemmy.one
                    link
                    fedilink
                    arrow-up
                    2
                    ·
                    4 months ago

                    Unbound is a high-level DNS server. It needs you to provide it hosts in a list or provide it with regex scripts (for dynamic and more efficient blocking). It can block ads at the DNS level just like PiHole (because that’s literally what PiHole and AdGuard use under the hood, but add their fancy GUIs)

                    I would avoid it unless you know what you’re doing, and recommend reading the docs on their website and testing/breaking it within a Docker container.

                    It’s the difference between buying a car from a dealership (PiHole, AdGuard, etc) or building your own from scratch (Unbound). One is very limited, whereas building it and running it yourself you get to do way more than what’s spoon fed to you.