DNS – Adrian Ng's Notes

It’s always DNS

For the longest time I’ve had this issue where I had to add a . (period) to the end of a hostname to ping it. Today was the day I put that to rest.

Reading online it has to do with how Windows handles hostnames via NetBIOS vs DNS (or lack thereof). What I could never figure out was why it was happening to only 1 of my 2 Windows servers.

On the first Windows Server, I can ping “lara” fine. On the second Windows Server, I have to ping “linah.” in order to get to it.

Fix

I went into my pihole and updated all the local DNS entries from hostname to fully qualified domain names. So lara became lara.local.adrianng.com and linah became linah.local.adrianng.com. Then I entered CNAME records pointing lara to lara.local.adrianng.com and linah to linah.local.adrianng.com. ipconfig /flushdns later and now everything works the way it should.

Including my domain name in there is probably not necessary. It might have even worked if I just entered lara.local as the hostname instead of just lara (although some posts advise against using .local because apple uses that for hello or something).

There are still weird observations… some hosts are still resolving lara to lara.local instead of lara.local.adrianng.com but at least they can ping it.

Edit:
Don’t think the CNAMEs have anything to do with it. It’s the Primary DNS suffix setting in windows and adding local.adrianng.com to the search list that’s making this work. Either specifying it in Computer Name, or adding it to the TCP/IP v4 advanced settings.

Certbot / SSL / LetsEncrypt

The WordPress healthcheck was complaining about REST API and curl error 7. I narrowed it down to a SSL problem based on the error msgs complaining about no response on port 443. Weird as I didn’t have this problem yesterday.

Despite setting up my DNS with cloudflare and having traffic proxied under their SSL tunnel, it is not a true SSL connection. I figured this out when I “curl https://localhost” or “curl https://adrianng.com” and it said connection refused. (The cloudflare proxy only encrypts the traffic between the client’s browser and cloudflare’s server. The traffic between cloudflare and my web server was still unencrypted.)

I ended up using cerbot / letsencrypt to install a SSL certificate on this web server:
sudo snap install core; sudo snap refresh core
sudo snap install –classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot
sudo certbot –apache

This successfully setup a certificate on the server and the site was SSL enabled. “curl https://adrianng.com” proved this as now I get a proper response. However on the web browser, I was getting too many redirects.

To fix this, I went into my cloudflare dashboard, SSL/TLS and found this screen:

Changing it from Flexible to Full (or even Full strict) made it work again.

WeekendHK news website, can’t close photo gallery after clicking on photo

When you click on the photos on this site, it opens a photo gallery where you can click left/right to move between photos, but the x to close the gallery to return to the article doesn’t work. Nothing happens when you tap the x.

Turns out my pihole DNS ad blocker was the culprit. I determined this because the site works fine when pihole is disabled or I bypass my network (LTE).

After many hours of troubleshooting, and with the help of my dev friend doing some Chrome dev tracing, it turns out the close button program is hidden in the ad that loads above the photo gallery. So if the ad is blocked then so is the function to close the gallery.

To fix this I had to whitelist the following domains on my DNS server:
www.googletagservices.com
securepubads.g.doubleclick.net

This does enable some ads but at least the site works again.

Update: the whitelist no longer works, had to update the whitelist to *.googletagservices.com instead of just www.googletagservices.com, even though logs on the DNS server was showing it was blocking www.googletagservices.com.