Sign up to save your podcasts
Or
Share 045 - Why is It ALWAYS DNS?!?
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
045 - Why is It ALWAYS DNS?!?
It's always DNS. Every SysAdmin has said it, usually at the worst possible moment. This episode is the explanation for why that joke is only half a joke.
Andy and Eric walk through how DNS actually works from first request to final answer: recursive resolvers, root servers, authoritative name servers, TTLs, and caching. From there they get into Windows Server and Active Directory DNS integration, covering SRV records, dynamic registration, and scavenging.
The back half covers DNS security: DNSSEC, DNS over HTTPS, Encrypted Client Hello, DNS-based content filtering, and how attackers use DNS for C2 traffic and exfiltration. Throughout, the guys pull from real war stories, including a ticketing system that silently failed every few weeks because one of four DNS servers had a stale record, and a BIND config that refused to load because of a trailing space.
---
## Show Notes and Resources
### News React
- Cloudflare DNS filtering tiers: https://blog.cloudflare.com/introducing-1-1-1-1-for-families/
- AI token costs exceeding replacement labor costs: https://fortune.com/2026/04/28/nvidia-executive-cost-of-ai-is-greater-than-cost-of-employees/
- Claude deleting company data and backups: https://www.tomshardware.com/tech-industry/artificial-intelligence/claude-powered-ai-coding-agent-deletes-entire-company-database-in-9-seconds-backups-zapped-after-cursor-tool-powered-by-anthropics-claude-goes-rogue
- Backyard RAM manufacturing: https://www.theregister.com/2026/04/23/youtuber_builds_working_dram/
### Nerd Hour
- Andy's PomoCLI app: https://github.com/asyrewicze/pomocli
### Main Segment Resources
- Cloudflare: What is DNS?: https://www.cloudflare.com/learning/dns/what-is-dns/
- MXToolbox: https://mxtoolbox.com
- DNS over TLS vs. DNS over HTTPS - Cloudflare Learning: https://www.cloudflare.com/learning/dns/dns-over-tls/
- Encrypted Client Hello - the last puzzle piece to privacy: https://blog.cloudflare.com/announcing-encrypted-client-hello/
### Community
- GitHub Discussions: Friends and family IT support stories: https://github.com/ProjectRunspace/sysadmin-weekly/discussions/15.
## Chapters
12:45 - Understanding DNS: The Final Boss
25:49 - The DNS Resolution Process
38:43 - Exploring DNS Services and Tools
39:45 - Managing DNS: Windows vs. BIND
43:36 - Active Directory and DNS Integration
48:38 - Dynamic Registration and Scavenging in DNS
52:42 - Understanding DNS Record Types
54:44 - Common DNS Tools and Their Uses
59:28 - DNS Security: Threats and Protections
01:06:27 - DNS Filtering and Content Control
01:12:36 - Should You Run Your Own DNS?
View all episodes
By Andy Syrewicze and Eric SironIt's always DNS. Every SysAdmin has said it, usually at the worst possible moment. This episode is the explanation for why that joke is only half a joke.
Andy and Eric walk through how DNS actually works from first request to final answer: recursive resolvers, root servers, authoritative name servers, TTLs, and caching. From there they get into Windows Server and Active Directory DNS integration, covering SRV records, dynamic registration, and scavenging.
The back half covers DNS security: DNSSEC, DNS over HTTPS, Encrypted Client Hello, DNS-based content filtering, and how attackers use DNS for C2 traffic and exfiltration. Throughout, the guys pull from real war stories, including a ticketing system that silently failed every few weeks because one of four DNS servers had a stale record, and a BIND config that refused to load because of a trailing space.
---
## Show Notes and Resources
### News React
- Cloudflare DNS filtering tiers: https://blog.cloudflare.com/introducing-1-1-1-1-for-families/
- AI token costs exceeding replacement labor costs: https://fortune.com/2026/04/28/nvidia-executive-cost-of-ai-is-greater-than-cost-of-employees/
- Claude deleting company data and backups: https://www.tomshardware.com/tech-industry/artificial-intelligence/claude-powered-ai-coding-agent-deletes-entire-company-database-in-9-seconds-backups-zapped-after-cursor-tool-powered-by-anthropics-claude-goes-rogue
- Backyard RAM manufacturing: https://www.theregister.com/2026/04/23/youtuber_builds_working_dram/
### Nerd Hour
- Andy's PomoCLI app: https://github.com/asyrewicze/pomocli
### Main Segment Resources
- Cloudflare: What is DNS?: https://www.cloudflare.com/learning/dns/what-is-dns/
- MXToolbox: https://mxtoolbox.com
- DNS over TLS vs. DNS over HTTPS - Cloudflare Learning: https://www.cloudflare.com/learning/dns/dns-over-tls/
- Encrypted Client Hello - the last puzzle piece to privacy: https://blog.cloudflare.com/announcing-encrypted-client-hello/
### Community
- GitHub Discussions: Friends and family IT support stories: https://github.com/ProjectRunspace/sysadmin-weekly/discussions/15.
## Chapters
12:45 - Understanding DNS: The Final Boss
25:49 - The DNS Resolution Process
38:43 - Exploring DNS Services and Tools
39:45 - Managing DNS: Windows vs. BIND
43:36 - Active Directory and DNS Integration
48:38 - Dynamic Registration and Scavenging in DNS
52:42 - Understanding DNS Record Types
54:44 - Common DNS Tools and Their Uses
59:28 - DNS Security: Threats and Protections
01:06:27 - DNS Filtering and Content Control
01:12:36 - Should You Run Your Own DNS?