Ever wondered how to modify/override a systemd script in Debian?
Continue Reading
Parallel DNS lookup using dnsmasq
Well up until now I did believe that a DNS query would cause all nameserver in /etc/resolv.conf to be queried in parallel and the first (and hence fastest) answer would be taken. Just noticed I’m wrong.
Continue Reading
dns monitoring scripts
Lately I am contributing to a repository on github which contains several test-scripts for DNS & DNSSEC Monitoring to verify the functionality of your authoritative nameserver or rather your nameserver configuration…
Continue Reading
Connection Tracking and UDP DNS with nftables
I’m working with nftables lately, here’s an example for disabling connection tracking of UDP DNS packets with it. Nftables is a replacement for iptables, ip6tables, arptables and ebtables – and once you get used to it does a pretty nice job.
Continue Reading
Conntrack and UDP DNS with iptables
Conntrack (or rather connection tracking) is a pretty useful thing; That’s however not necessarily the case with udp dns packets. Here’s how to disable it with iptables.
Continue Reading
Reducing initial latency in your resolver using stub zones with Unbound
Assuming you do have an authoritative and a resolving nameserver. The resolving nameserver (my-resolver in the following) runs Unbound. If your resolver has jeanbruenn.info in it’s cache resolving is pretty fast:
DNSSEC resolver using BIND or Unbound
In fact I am an ISC-Fanboy and so I’ve been using BIND since I can remember. Never taken a look at different Nameservers up until a few weeks ago. A few weeks ago I did setup Unbound as resolver to take a look on how it performs and how easy it is to set it up. However, this post is just about how to setup that stuff and make sure it does DNSSEC.
Continue Reading
DNSSEC with an authoritative nameserver running BIND
I’ve just noticed that my domain-registrar published, alongside with a new interface, a form to upload DNSSEC data to the parent. Which means that I am finally able to setup DNSSEC as well. I was waiting for that for two years now.
Continue Reading
StrongSwan / L2TP using xl2tpd
Part of my job are system administrative tasks at Accelerated IT Services, the company I work for. In case of emergencies I need a secure connection from home to the office. Our usual network equipment is from Juniper (awesome CLI really love that stuff!) though for testing/evaluation and our bureaus our network department bought an Ubiquiti EdgeRouter Pro (haven’t had time to take a closer look, yet) and configured IPsec/L2TP for me. This post is about setting a client connection up for that.
Continue Reading
zdb cannot open ‚/etc/zfs/zpool.cache‘: No such file or directory
Getting the above error when trying to play around with zdb in zfs on linux? Just take a look at the FAQ and set the cachefile. My pool is called storage, so it’s as simple as issuing: zpool set cachefile=/etc/zfs/zpool.cache storage and everything works like a charm.