Lately I am contributing to a repository on github which contains several test-scripts for DNS & DNSSEC Monitoring to verify the functionality of your authoritative nameserver or rather your nameserver configuration…
I’m working with nftables lately, here’s an example for disabling connection tracking of UDP DNS packets with it. Nftables is a replacement for iptables, ip6tables, arptables and ebtables – and once you get used to it does a pretty nice job.
Conntrack (or rather connection tracking) is a pretty useful thing; That’s however not necessarily the case with udp dns packets. Here’s how to disable it with iptables.
Assuming you do have an authoritative and a resolving nameserver. The resolving nameserver (my-resolver in the following) runs Unbound. If your resolver has jeanbruenn.info in it’s cache resolving is pretty fast:
In fact I am an ISC-Fanboy and so I’ve been using BIND since I can remember. Never taken a look at different Nameservers up until a few weeks ago. A few weeks ago I did setup Unbound as resolver to take a look on how it performs and how easy it is to set it up. However, this post is just about how to setup that stuff and make sure it does DNSSEC.
I’ve just noticed that my domain-registrar published, alongside with a new interface, a form to upload DNSSEC data to the parent. Which means that I am finally able to setup DNSSEC as well. I was waiting for that for two years now.
Part of my job are system administrative tasks at Accelerated IT Services, the company I work for. In case of emergencies I need a secure connection from home to the office. Our usual network equipment is from Juniper (awesome CLI really love that stuff!) though for testing/evaluation and our bureaus our network department bought an Ubiquiti EdgeRouter Pro (haven’t had time to take a closer look, yet) and configured IPsec/L2TP for me. This post is about setting a client connection up for that.
Getting the above error when trying to play around with zdb in zfs on linux? Just take a look at the FAQ and set the cachefile. My pool is called storage, so it’s as simple as issuing: zpool set cachefile=/etc/zfs/zpool.cache storage and everything works like a charm.
Just some playing around with zdb to get if there are differences between a filesystem or volume and a snapshot.
root@christine:~# zpool status
status: One or more devices are faulted in response to persistent errors.
Sufficient replicas exist for the pool to continue functioning in a
action: Replace the faulted device, or use 'zpool clear' to mark the device
scan: scrub repaired 0 in 2h1m with 0 errors on Mon Mar 13 22:41:57 2017
NAME STATE READ WRITE CKSUM
storage DEGRADED 0 0 0
raidz1-0 ONLINE 0 0 0
WD-WCC4N2AJ9T7E ONLINE 0 0 0
SG-W6A12G2H ONLINE 0 0 0
WD-WCC4N6VCK2TD ONLINE 0 0 0
SG-Z5020FXJ ONLINE 0 0 0
raidz1-1 ONLINE 0 0 0
WD-WCC4N6SXZ3PF ONLINE 0 0 0
SG-W6A12F14 ONLINE 0 0 0
WD-WCC4N4NNTF1P ONLINE 0 0 0
SG-W6A12FMB ONLINE 0 0 0
raidz1-2 DEGRADED 0 0 0
SG-W6A12G0B ONLINE 0 0 0
WD-WCC4N6KV534N ONLINE 0 0 0
SG-W6A12FXS ONLINE 0 0 0
SG-Z5020G18 FAULTED 0 6 0 too many errors
raidz1-3 ONLINE 0 0 0
WD-WCAWZ2194067 ONLINE 0 0 0
SG-Z501ZYA5 ONLINE 0 0 0
WD-WCAWZ2194120 ONLINE 0 0 0
SG-Z5020G17 ONLINE 0 0 0
mirror-4 ONLINE 0 0 0
zil1 ONLINE 0 0 0
zil2 ONLINE 0 0 0
cache1 ONLINE 0 0 0
cache2 ONLINE 0 0 0
errors: No known data errors
root@christine:~# zpool status
scan: scrub repaired 0 in 4h36m with 0 errors on Sun Apr 9 05:00:44 2017