DNS problems from outside with ru.nl   cpk

The central DNS servers for ru.nl for external requests had problems, because they received too many requests, which resulted in science.ru.nl and others not being found. DNS names within ru.nl then will not resolve to an IP address. We enlarged some TTLs (Time-To+lives) to try to lessen the problem. These small TTLs were meant to be able to move a service to a new server in case of problems, but now they just make the problem bigger....

Updated Sep 28, 2023  ·  Miek Gieben · Created Feb 21, 2021 · 

DNS broken for subdomains of ru.nl   cpk

DNS-servers for ru.nl did not serve information about subdomains such as science.ru.nl. Thus no DNS-name will resolve to an IP address at FNWI. A workaround is to use as DNS servers: 131.174.224.4 en 8.8.8.8. If you try to connect to a service for the first time after ca 11:15, you’ll get an error like: “No such domain” or “Cannot resolve”. Restarting RU DNS servers at 12:45 may have fixed the problem....

Secure DNS (DNSSEC) introduced   news

As a requisite for the RU project “Introduction Safe Email Standards” project, that deals with the list of mandatory open standards of the Pas-Toe-of-Leg-Uit list, C&CZ introduced DNSSEC for all mail domains within ru.nl administered by C&CZ (science.ru.nl, cs.ru.nl, astro.ru.nl, math.ru.nl, …).

Donation to free and open source software: ISC, FSF and OpenBSD   news

For the majority of the services C&CZ uses free software and open source software. Therefore, some time ago the idea emerged that the C&CZ employees would vote each year which projects would receive a donation of C&CZ. This year the Internet Systems Consortium, OpenBSD and the Free Software Foundation (FSF) were chosen. The Internet Systems Consortium develops a.o. BIND (DNS/nameserver) and ISC DHCP, both basic services of the network and the Internet....

Website certificates more secure with CAA in DNS   news

In all DNS zones C&CZ added DNS CAA Resource Records. As of September 8, 2017, we have more control over the SSL certificates for our domains. A hack at a random provider of certificates, like Diginotar in 2011 (Dutch only) can no longer be used to generate false certificates for our domains, because in the CAA records we noted that we only use certificates issued DigiCert.

Split-view DNS could influence Internet at home   news

Anyone using at home a science.ru.nl nameserver like ns1.science.ru.nl, should remove these DNS-servers from the list of DNS-servers, because we started using split-view DNS. With split-view DNS, we can give internal (RU on campus) pc’s answers differing from those given to external pc’s. The UCI introduced this a few months ago for e.g. the DNS zones ru.nl and heyendaal.net to increase IT security.