Dns
The other day, I used FreeBSD on a Raspberry Pi card to get a redundant DHCP server and DNS resolver working together with an OpenBSD server.
It works great. But another FreeBSD server is available and I don’t really need yet another gadget powered on. So I moved both the DHCP and DNS services to this machine. While I was there, I took the opportunity to put them into their own jails. Because, you know, privilege escalation…Continue reading...
Some time ago, I set up Redundant DHCP server and DNS Resolver using OpenBSD . Time has past and one of the Raspberry Pi board I own is now running FreeBSD while the ODROID HC4 is running OpenBSD .
I secured both my DHCP server and DNS resolver services running on those boards so that I can perform maintenance on one machine without turning down the whole services set.Continue reading...
One of my OpenBSD server provides DHCP and DNS resolving for my home LAN. But it sometimes has to go into maintenance mode. And if an IoT or phone requires an IP address or an FQDN at the precise moment, I hear screaming throughout the whole house.
So I decided to have fully redundant network services using two OpenBSD servers.Continue reading...
The Internet is full of Ads and Trackers. Some of them are useful to monetize free content. Some are used in a non-ethical manner. Savvy users will configure Ad-Blocker on their Web browser. Others won’t. Most Appliance and IoT modules won’t allow third-party blocking addons.
Here’s how to add an extra layer of privacy using OpenBSD and its unbound(8) DNS resolver.Continue reading...
I’ve enabled an OpenBSD unbound(8) daemon that is used as a central DNS cache resolver. Now I needed to know what it was doing and how it performed. The question was answered grabbing statistics from unbound and render them using Grafana.
The whole monitoring stack is composed of Net-SNMP, Telegraf and InfluxDB for the metrics part ; and syslogd(8), Logstash and Elasticsearch for the logs part. Of course, most of those run on OpenBSD (6.3) ; except Telegraf, which is not available (yet).Continue reading...