@scottmiller42@mstdn.socialMy #CenturyLink DSL Internet is down... except for one computer where I'd previously configured DNS to use Google's Public DNS. I'm assuming this is somehow key to why it still works. I've tried to reproduce this onto another computer, but no luck so far.
@lukem@hachyderm.ioI was wondering why my SMTP configuration wouldn't work. DNS zone looked fine, SSL/TLS settings correct, authentication enabled, yet it wouldn't budge.
Then I had a moment of enlightenment about the mail subdomain having one lone A record instead of two NS records as it should have been.
It's. ALWAYS. DNS. Dammit.
@beyondwatts@beyondwatts.socialWell that was an interesting one to debug... My blocky DNS service was down after a cluster restart
A given #metallb speaker won’t advertise the service if:
- the service has externalTrafficPolicy=local and there are no running endpoints on the speaker’s node
To use externalTrafficPolicy=local, the tolerations on metallb pods must match the tolerations on the destination pods…
@AthanSpod@social.linux.pizzaMy main bugbear with OVH is that they *still* don't offer "failover IP" (where you can fairly quickly move an IP between different dedicated servers) for IPv4, not IPV6.
And, no, they don't offer "Bring Your Own IP" for IPv6 either, only for IPv4.
So when I recently migrated us to a new server I had to do the DNS TTL dance with the IPv6 side of things.
Oh, and it's still only a /64 per server. Not that anything stops you from just using <…
@fluchtkapsel@nerdculture.deToday, I got notified about spamhaus not responding anymore to requests from our mailserver due to using an "open resolver".
Huh?
I found the command `dig short test.openresolver.com TXT @<ip_of_dns_server_to_test>` to test if my DNS server is deemed an open resolver. And yes, the mailserver uses a DNS server that got recognized as an open resolver.
Out of curiosity, I tried the same in my local network where I have a dnsmasq serving DHCP and DNS for my cli…
@jtk@infosec.exchangeTake note my #DNS friends
https://mastodon.social/@pid_eins/114556401535348313
@chrysn@chaos.socialsystemd definitely does get many things right. My current favorite is how it sets the system resolver to loopback and provides an own DNS server.
Common Linux tradition was to tell processes to use getaddrinfo, where nsswitch then provides configurable backends. That means that every process goes through loading /etc/nsswitch.conf, but worse, it reduces DNS to a terrible subset. Query SVCB records? tough luck, you're on your own.
@wfryer@mastodon.cloudHelpful showing all data websites / trackers can gather about you:
https://ipleak.net/
via my new browser experiment: LibreWolf (custom version of FireFox)
https://librewolf.net/
@samir@functional.computer@… I can think of ways you might do it by getting people to set a DNS CNAME, for example, so they own the domain *but* authentication is controlled by a service. In theory, this allows ownership because you can replace it with a competitor.
AP is probably harder, but I don't think it's impossible, based on my cursory reading of the …
