content/guide/stuff-about-dns-and-ip.md


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205

---
title: Stuff about DNS and IP
date: 2025-10-27T13:46:54+01:00
index: false
draft: false
#icon: ''
#copied: ["me", "/"]
table: true
---

## IP addresses

### What is this ?

An IP address is a numerical label assigned to a device on the internet. It is used to identify a device, and to address locations.

For example, the IP address of YOUR device, is known as 127.0.0.1 (or localhost) to your computer. But on your local network, to your Wi-Fi, you have a different IP address (for example 192.0.2.1). And for the _public_ internet, you have **another** IP address.

There are two kinds of IP addresses; IPv4 and IPv6.

```sh
23.215.0.136 #IPv4
2600:1406:bc00:53::b81e:94ce #IPv6
```

### What's your IP ?

Try to get your local IPv4 address in your local network :

```sh
ip a | grep "inet "

# You might get something like the following :
inet 127.0.0.1/8 .... # your localhost
inet 192.0.2.1/24 .... # your local ip
```

You can even ping yourself or other devices in your house that are connected to the Wi-Fi.

```sh
ping -c 2 192.0.2.1 # or localhost, ping yourself
```

You can get your public IPv4 by going to websites that tell you your IP like [whatismyipaddress.com](https://whatismyipaddress.com/) or [ifconfig.co](https://ifconfig.co)

You can also do it from the command line :

```sh
curl -6 ifconfig.co # gives IPv6
curl -4 ifconfig.co # gives IPv4
```

### What's your Wi-Fi router local IP ?

Just use the `ip` command again :

```sh
ip r | grep default

# You will get something like
default via IP_ADDRESS ...
```

If your ISP (Internet Service Provider) allows it, you can put the `IP_ADDRESS` in your browser and you can change some settings of your router (like open ports or whatever).

The password is probably the one you use to connect to Wi-Fi.

### Can't open ports in range (0, 32765)

I had this problem. It's a serious issue if you are trying to self host because the HTTP/HTTPS port and tons of others are in this range.

To open these ports, I just went to the website of my ISP and there was an option to get a "static, full stack IPv4 address". Just some _thing_ to enable for free. The mail ports were also closed, I had to open them through the same website.

Since then, I can open the ports I want (and send emails).

## DNS

### What is this ?

DNS (Domain Name System) is pretty cool, it's a fancy _alias_ for IP adresses.
So basically, you have a domain name that points to an IP address.

```txt
example.com -> 23.220.75.245
```

This is possible by setting DNS records. You set "A" record that bind the domain name to an IPv4 address. You set "AAAA" record that bind the domain name to an IPv6 address.

Domain names are cool and convenient. It would be a pain to remember the IP addresses of my favourite websites.

You also have subdomains. Like [dns.mielota.com](https://dns.mielota.com), `dns` is a subdomain of [mielota.com](/). With the help of a webserver like [NGINX](https://nginx.org) you can ask your server to serve different kind of content depending on the domain/subdomains.

You also have "CNAME" records, they act like _alias_. "MX" records are for _Mail Exchange_ and "TXT" store some data.

### DNS resolvers

A DNS resolver is a server that translates domain names into IP addresses. See it like some function :

```py
get_ip_from("example.com") # Returns 23.220.75.245
```

Commons DNS resolvers have really weird IP addresses. There's 1.1.1.1 (cloudflare), 8.8.8.8 (google), 9.9.9.9 (quad9). I wonder how they even got them.

Try one of them yourself. Send a DNS query to one of these DNS resolvers to get the IP of some domain name.

Install the `dig` command first.

```sh
sudo pacman -S bind # On Arch
sudo apt install dnsutils # On Debian
```

(Note that you can pass in the `+short` arg to the `dig` command if you don't like the verbose output)

Now you can query some DNS resolver :

```sh
dig example.com @1.1.1.1
```

> Note that some DNS resolvers are unsafe and/or log the IP of websites you connect to. Choose your DNS resolver carefully. Also know that using DNS over HTTPS or DNS over TLS doesn't make you invisible.

### Control the websites you can visit

You can filter the responses of DNS resolvers with programs like [blocky](https://0xerr0r.github.io/blocky/latest/).

You can ask `blocky` to redirect some domain names to the null IP 0.0.0.0. For example you can add `example.com` to your "blacklist" and you will get this :

```sh
dig example.com @your_custom_dns
# you will get 0.0.0.0
```

By doing so you can stop your computer/browser/phone from finding websites containing ads, malware, or [unwanted content](https://denshi.org/antiporn).

For example ask for the IP of `ads.google.com` to the 8.8.8.8 DNS server:

```sh
dig +short ads.google.com @8.8.8.8
```

You got the IP address right ? Now do the same with my DNS server:

```sh
dig +short ads.google.com @dns.mielota.com # or put the IPv4 of my server
```

You will get 0.0.0.0


Here are some useful links if you want to use blocky on your server/computer.

- [Blocky DNS](https://0xerr0r.github.io/blocky/latest/)
- [Comfy Guide to Blocky](https://comfy.guide/server/blocky)
- [Comfy Guide to Blocky (video)](https://www.youtube.com/watch?v=Uq6mafo9fEc)

Use this command to get the blacklists I use (if you want the same ones):

```sh
curl -fsSL "https://codeberg.org/mielota/dox/raw/branch/main/opt/blocky/blocky.yml" | grep -o "\- http.*"
```

### Get records of a domain name

You can see what DNS records are setup for domain names too. For example, ask for the A record of my domain name :

```sh
dig +short A mielota.com
```

You can get the MX records of let's say, GitHub :

```sh
dig +short MX github.com
```

You can of course ask for AAAA, TXT, CNAME etc.

### Reverse DNS

If you want to setup an email server, you have to setup `reverse DNS`, it's basically DNS but the other way around : Give an IP, get a domain name.

To setup r-DNS I had to go to my ISP's website. Some people say that they had to call their ISP. Some people are not allowed to have r-DNS. So it's just a matter of luck.

You can see if you have r-DNS with this command :

```sh
dig +short -x IP_ADDRESS_OF_YOUR_SERVER
```

For example you can see that Arch Linux has a working reverse DNS:

```sh
dig +short -x $(dig +short archlinux.org) # -> "archlinux.org."
```

## Conclusion ?

These were just some random infos.

More links :

- [Check if your DNS records are okay](https://intodns.com/)
- [Addr Tools](https://addr.tools/)