What is a hidden DNS master? If you need to ask that, this is not the blog post for you. This post assumes you already know how to configure DNS and just want ideas for your own hidden master. It also assumes the networking, VPN, and firewall are pre-configured for this. This blog post is mostly about named/BIND. For the record, I am using bind99-9.9.10P1. In my previous blog post, you’ll see how […]
I’m in the process of designing my own centralized Let’s Encrypt solution. It was Peter Wemm’s blog post about Let’s Encrypt in the FreeBSD cluster which got me started down this road. My rough notes are this this gist. This blog post assumes you are already familiar with Let’s Encrypt and especially with the dns-01 challenge. This previous post might also be useful. In this post, I’ll show you have to generate a
Creating a TXT only nsupdate connection for Let’s Encrypt Read More »
NOTE: I found out these settings do not persist after a reboot. Annoying. I’ll get back to that soon for a fix. EDIT 2021-05-05: On more recent FreeBSD, say 12.2, to disable resolvconf.conf, do this, as provided by [dvl@r720-02:~] $ cat /etc/resolvconf.conf resolvconf=NO [dvl@r720-02:~] $ The above is documented in man 8 resolvconf.conf (search for disable). I now return you to the original article. Today I was setting up my new server, varm,
Configuring unbound on FreeBSD 10.x Read More »
Running dhcpd with dynamic DNS? Seeing messages like this? Dec 20 17:16:18 toiler dhcpd: Unable to add reverse map from 8.2.5.10.in-addr.arpa. to Apple-TV.example.org: not found But that IP address is static/fixed? If so, you can to add an option to that host. Make it look like this: # Apple-TV host Apple-TV { hardware ethernet 14:99:e2:0f:48:23; fixed-address appletv.int.example.org; ddns-updates off; } The answer is the ddns-updates off;. It tells dhcpd to not send a
dhcpd: Unable to add reverse map – not found Read More »
In this post, I’m using bind98-9.8.8 from ports on FreeBSD 9.3, in case that helps you. Today, I was adjusting the pgcon.org domain as part of the move from the old server to the new server. This move would also see the website updated to PGCon 2015 and the use of Ansible for configuring that new server. Reloading named When I restarted named, this error appeared: $ sudo service named reload rndc: neither
rndc: neither /usr/local/etc/rndc.conf nor /usr/local/etc/rndc.key was found Read More »
I don’t yet have IPv6 native at home. Perhaps Verizon FiOS will provide it soon. In the meantime, I make use of Hurricane Electric, which seems to be everyone’s go-to ISP for tunnels. This post isn’t about creating an IPv6 tunnel. It’s about making sure that tunnel is rebuilt after you have an IP address change. At home, my Verizon FiOS connection has a dynamic IP address. It changes from time to time,
Updating your IPv6 tunnel after an IP address change Read More »
If you see this: Dec 28 12:48:07 toiler dhcpd: Forward map from dent.unixathome.org to 10.55.0.60 FAILED: REFUSED Perhaps you forgot to unfreeze a domain. In my case: rndc unfreeze 1.8.10.in-addr.arpa. For more info, see this blog post on dynamic dns.
dhcpd: Forward map FAILED: REFUSED Read More »
My laptop’s hostname is dent. I want my DNS records to point to that laptop whether I’m connected to my LAN directly (via WIFI or ethernet cable) or via OpenVPN (my VPN of choice). SIDE NOTE: You will see references to nsupdate -k below. Note that in recent versions of this program, the option you want has changed to nsupdate -y. You will find an example of the new format later in this
OpenVPN and dynamic DNS Read More »
In your named.conf, you will find this: I have always turned that on. I like to use my upstream hosts. Today, I turned it of, because of this: $ host lkjsdf lkjsdf has address 199.101.28.20 Host lkjsdf not found: 3(NXDOMAIN) What’s that IP address? That’s not relevant, but it is important. It’s the hostname of a web assistant engine. My upstream has decided to implement what I think is a dirty hack. I
named and forwarding Read More »
I’m in the process of setting up a new gateway/firewall. The new hardware will be faster and have more space. At present, the old firewall is also providing DHCP and DNS services. I want to move those off the gateway and onto another server. Why? I want the gateway to run only services that are related to gateway/firewall services. That keeps things simple. At present, the new firewall has just 43 packages installed.
Creating a FreeBSD jail to run DHCP and DNS Read More »