Things I learnt about DNS:
1. You can't "redirect" an entire domain with CNAME, only subdomains, which is why my website has been broken.
2. You can't specify an AAAA record and use a wildcard for the A record. You have to explicitly put both.
If the IP changes, you have to change it everywhere. I wonder if there is a modern DNS server which lets you avoid this sort of data duplication.
What's the least #evil #DNS provider?
I've put some of my properties on #Cloudflare, and I can still hear the boo's.
#Google cloud DNS and #AWS are no better.
I can put #Bind9 on my own #FOSS stacks, but I probably lack the uptime for reliability.
I'm moving away from my CPanel provider into my own #Selfhosting on a #VPS.
I'm thinking one NS on something reliable and one on my own stack.
What does #masodon hivemind recommend?
Adventures getting #Netflix to work in a somewhat complex home #network 
I decided to give their plan with ads a chance, sounding like a somewhat fair deal. First issue was, I couldn't even register. It only offered me US plans. Figured that's because my #IPv6 connectivity is tunnelled through #HE (for reasons, different story). Of course using an endpoint here in Germany, but nevertheless, Netflix seemed to think it's a US located address.
Running my own #bind9 instance, I found a way to hide relevant AAAA records (netflix' own domain and also amazonws) by adding a view only operating on local loopback and filtering out ALL AAAA records, and then adding forward-only zones for these domains to this local view. Horrible, but works, now I could register, forcing #IPv4.
One particularly cheap "smart-tv" still couldn't connect to netflix, always showing me an error that I was using some "VPN". 
No way to analyze what exactly was happening there, but I finally found a solution for that as well: I created an entirely new network segment (with its own #vlan on the switch). I don't offer IPv6 in this segment at all, and only allow it to access the internet as well as my local #dns server. Putting all tv sets and my #minidlna instance into this segment, everything finally works.
The nice thing is, I always wanted to isolate the tv sets anyways, and this is now finally done, they're unable to see the rest of my home network! 
Still a bit sad I have to restrict them to IPv4 for now, just to work around netflix' geolocation stuff... 
@bortzmeyer @draeath @Shamar it depends. No stable #bind9 release can forward over DoT (yet). None of them can forward over #DoH even on the latest commit afaik.
Doing DNS and DHCP for your LAN the old way—the way that works - Enlarge / All shall tremble before your fully functional forward and re... - https://arstechnica.com/?p=2001156 #domainnamesystem #weekendprojects #itprojects #features #projects #feature #homelab #biz #bind9 #dhcpd #bind #dns
@JerryMouse@infosec.place @JerryMouse@infosec.exchange @mypdns @Alonely0 @floppy_bv no, I mean #IXFR. That is incremental zone transfer. #Bind9 can do it, not sure #Unbound has that too. Allows to just receiving changes compared to previous version, but need to store journal containing each change at primary and secondary server. Using AXFR is similar to downloading hosts file over http. I think PiHole uses own modified dnsmasq build, which provides webui integration.
How to completely disable DNSSEC in bind9 for exactly one zone?
