In fact I am an ISC-Fanboy and so I’ve been using BIND since I can remember. Never taken a look at different Nameservers up until a few weeks ago. A few weeks ago I did setup Unbound as resolver to take a look on how it performs and how easy it is to set it up. However, this post is just about how to setup that stuff and make sure it does DNSSEC.
Continue Reading
DNSSEC with an authoritative nameserver running BIND
I’ve just noticed that my domain-registrar published, alongside with a new interface, a form to upload DNSSEC data to the parent. Which means that I am finally able to setup DNSSEC as well. I was waiting for that for two years now.
Continue Reading
StrongSwan / L2TP using xl2tpd
Part of my job are system administrative tasks at Accelerated IT Services, the company I work for. In case of emergencies I need a secure connection from home to the office. Our usual network equipment is from Juniper (awesome CLI really love that stuff!) though for testing/evaluation and our bureaus our network department bought an Ubiquiti EdgeRouter Pro (haven’t had time to take a closer look, yet) and configured IPsec/L2TP for me. This post is about setting a client connection up for that.
Continue Reading
zdb cannot open ‚/etc/zfs/zpool.cache‘: No such file or directory
Getting the above error when trying to play around with zdb in zfs on linux? Just take a look at the FAQ and set the cachefile. My pool is called storage, so it’s as simple as issuing: zpool set cachefile=/etc/zfs/zpool.cache storage and everything works like a charm.
Playing around with zdb
Just some playing around with zdb to get if there are differences between a filesystem or volume and a snapshot.
Continue Reading
IPv6 with Strongswan/IPSEC
Assume that you have two nodes one with two IPv4 networks and one with one IPv4 network and each with one IPv6 network and we’d like to have a separate connection for the IPv6 stuff
Trouble with IPv6 and a bridge?
While trying to debug some really weird issue, I’ve noticed that you really really really should use bridge_hw or a pre-up/up/post-up whatever rule to assign a permanent MAC to your bridge.
Continue Reading
disable_policy within VE when using OpenVZ with hostside IPSEC
I had a hard time finding why my OpenVZ containers wouldn’t respond to ping-packets which came in through IPSEC. Some guides suggested to use disable_policy – I did without success. A few days later by accident I realized that you need to do that within the VM.
Continue Reading
IPsec public ip networks between two hosts using StrongSwan
In one of my previous articles I wrote about an IPSEC transport between two hosts. That was pretty easy to set up (you might take that as basis if you do use this post). All traffic between those two IPs had been encrypted. Now let’s do that for public IP networks instead of just two IPs.
Continue Reading
Benchmarks using a SSD to speed up ext4 with external journal and enhanceio
I’ve just made some tests to see how EnhanceIO performs and to see how data=journal and data=ordered perform when using a SSD as external journal device..
Continue Reading