Oh my bad. They have probably have beefed up the automation since then.
idk? I haven’t actually set this up yet. I got a new switch so I’m immersed in that currently. I guess I’d just be sure that your current config handles everything through the entire life cycle of the ksk because relatively recently, it didn’t.
Also, btw, the current bind package in OpenBSD is 9.16.22
Sigh I’ll look into it but I shoved it under things in terms if priority
So many esoteric things
Anyways moved my recursive resolved to a linode close to where I’m at. The recursive resolver is far faster now since it no longer has to do any back tracking through a proxy.
Its actually much nicer this way. Anonymized logs and connection
I’d drop them man. Being a registrar is basically a license to print money. If they can’t provide the handful of services that are even possible to provide around domain registration, I’d go with something else.
Hope this one stays up for a VERY long time. Im digesting it in pieces to make sure, like you said (warned), I understand, not just can “do” it as I go. I’m revisiting how I setup recursive resolver on my Pi-hole with unbound. I hope to use my domain name to set up Bitwarden for my wife and myself I think is the current goal… but exposing a self-hosted version of Bitwarden make me leary of not having enough protection exposing a home server to the web for personal use without certs, vpn tunnel etc as I do not own a proxy to run through. May just have to pay for there service while I line these things up.
BIND is one of the oldest DNS servers. Its simple but needs a good bit more modernization still.
Its a ridiculously great way to understand this very critical piece of what you dont see going on in the background all the time. The internet is held together with spit & baling wire
Its a amazing article and seeing it ALL in one place versus peacing it all together really helps me understand it AND the importance of security at EACH step of the process. I really enjoyed it and will be reading it several times till my stupid TBI brain gets it LOL. All of this new stuff (coding and scripting) of reading different files IE (password protected ones) and script formatting is starting to make much more sense.
Just like firewall rules… it takes me much longer, but its still rewarding and I enjoy documenting my progress for future reference till I can really absorb it.
I rebuilt the home server cleanly on proxmox 7 with the new kernel, set up ZFS, samba shares, plex, gpu pass thru for plex transcoding, setting up networking card IE 10G and only really had to reference a few things and took me a hour or two. I remember the first time it took me a week lol. I also finally got around to setting up mail notification from proxmox and zed for zfs.
I hope to use cockpit in the future or grafana to visualize what’s happening in my system and network.
Thank you for the amazing content. You too @ThatGuyB and even though it’s beyond me often I appreciate @oO.o@SgtAwesomesauce and @Novasty. I hope I can make sense of some of your work as well on the future.
@PhaseLockedLoop I did have one question. Does OPNsense by default “block” all incomming traffic unless there is a established connection? I attempted to look up this information without much success.
I know @oO.o talked a ton in this thread about stuff. Personally I only see two true DNS server software that are the ones you want to learn. BIND or PowerDNS
I appreciate the feedback. I was super unsure how this would be recieved because of its sheer size and the depth I really dug into it with. I was initially quite excited to share it all but I do feel like BSD based stuff like BIND does fall into a Niche.
One of my principal problems with the modern web is how much we abstracted each kind of developer. They dont need to understand the systems they are building their systems on and everything is just in time delivered. Its a recipe for disaster in my opinion. @SgtAwesomesauce might have more input on his opinion about the dev and IT sector becoming both a place where you must know everything and know nothing.
Firewall rules take everyone longer. Its one of those things where digging in and understanding packet flow TRULLY helps you write them.
If there is demand ive thought abou ta thread similar to this one in depth about IPtables. Things you can with the basic firewalls. I wont be covering pftables as its similar but way way more esoteric.
Go with cockpit and avoid massive logging software. Its not worth it on a home lab. Its so cool to see but it takes so much power to run and maintain.
Yes sir thats how a firewall works.
CHAIN INCOMING DROP (excluding anti lockout rules and pregenerated ones by OPNSense on the mangle chain)
CHAIN OUTGOING ACCEPT
CHAIN FORWARDING DROP
The exact terminology is different but yeah. Theres stuff in the manual but its way to expansive. You can see it in the UI.
OPNsense is something I worked with @SgtAwesomesauce on and im sure he can attest to you its way easier to operate with someone over Voice to explain it. I recommend being on the L1 discord for explanations and walkthroughs of interfaces like OPNsense and PFsense
That’s okay. Try explaining Ohms law to a senior electrical engineer and they can’t even understand it anymore they are so out of practice and need a computer.
Traceback and exeception handling is fun. What was it throwing?
Just some? Actually I’ll correct my point of view. I hate how we are using and designing technology. I don’t hate tech.
But yeah it’s definitely a disaster.
So my programming was taught old school. Sketch it out and diagrams on paper then write the code.
I’ve noticed this isn’t done anymore or at the very least not minimally thought out which is bothersome.