A #DNSdist configuration example to blacklist IP addresses with DNS UPDATE control and dynamic blocking duration. #powerdns #lua #dns #dnsdist #security

https://dmachard.github.io/posts/0052-dnsdist-ip-blacklisting/

A DNSdist configuration example to block or unblock domains temporarily and in a dynamic way with DNS notify. #powerdns #lua #dns

https://dmachard.github.io/posts/0051-dnsdist-blocklist-domains/

A #DNSdist configuration example to map any IP address to a hostname for development purpose. #powerdns #lua #dns

https://dmachard.github.io/posts/0049-dnsdist-echoip/

I'm currently using #BIND as my authoritative and recursive #DNS, on 2 #freebsd servers. I manage a handful of zones.
Is there a better alternative, especially for simplicity of administration of #DNSSEC ?
I see some are going with #PowerDNS + #unbound (then why not powerdns-recursor?)
What about #NSD ? #Knot ?
#Share your thoughts :)

So #DNS gurus, currently I have a master server, with 2 slaves. All edits (obviously) are made on the master and then get collected by the slaves, pretty basic system. All 3 are running current version of bind on #RockyLinux servers.

I like the idea of switching to #powerDNS so that I can use powerAdmin to manage my zones. I like the idea of an sql backend instead of .db files.

Is this a good idea, or a waste of time to switch up the master to powerdns? The slaves should stay bind. Ideas?

#Gentoo

net-ns/bind が OpenRCを必要とするが、systemdとconflictするので
#PowerDNS を使ってみることにする。

lighttpdもIPv4でお話してくれるので、 #Hugo でコンテンツ作る。

Great story on the history of the #PowerDNS name. Who knew it was the product was called AhuDNS at first?

https://twitter.com/bert_hu_bert/status/1622635073852829696

Something weird going on with my #PowerDNS #pdns authoritative server. Checking the database directly shows all the records there, but the management interface has nothing.
I'm sure it used to though ...

In the end, they dropped their proprietary code for #PowerDNS.

#Ansible modules which manage content in a #PowerDNS authoritative server, by @kevin

https://github.com/kpfleming/ansible-powerdns-auth

Examples at https://galaxy.ansible.com/kpfleming/powerdns_auth

Anyone running #powerdns able to share their thoughts on hardware and performance? I need a rough estimate for how efficiently pdns scales horizontally and vertically. Some real world datapoints would help greatly.

Next in my series on how and what I #SelfHost: #DNS

I run #AdGuard on pfSense as a network-wide DNS service. Changed to AdGuard from PiHole a long time ago and haven't looked back. This does a couple things for me: provide basic DNS service, caching, blocking ads and trackers. From a privacy perspective, external queries are sent out using DNS-over-HTTPS to #Quad9, my preferred privacy-conscious resolver. For internal DNS zones, I run #PowerDNS and PowerDNS-Admin on my docker swarm, which AdGuard will forward the queries to, which includes DHCP forward and reverse DNS names.

AdGuard service also extends to clients on #Tailscale, so I still get the ad-free experience and can access internal DNS names and services from my phone away from home.

🏷️ #SelfHosting

"home made" split horizon DNS for the #HomeLab using #AdGuard + #PowerDNS + #CoreDNS.

Because using just one technology would be too simple 😆

Completed a bunch of things in the lab today, including a variety of failures which resulted in earned learning.

Netbox:
I have been wanting to use Netbox as an IPAM/DCIM solution in the lab. The main draw has been so I can organize my network. I was hoping to be able to use the Proxmox SDN IPAM functionality to automatically import VM's, IP's, etc.

I was able to get it spun up in Docker and configured a variety of CI's but after adding it to the SDN configuration I don't see any activity even when including the API. I also verified the API URL and it's working so I don't know if there's something else necessary to start getting new items in Netbox from Proxmox. I looked around in the forums and didn't see anything useful.

For now I am stuck with manual additions until I can figure out why Proxmox can't push updates over. I did see there is a specific plugin called netbox-proxbox but I would have to build that plugin into Netbox and I'm not ready to do that just yet. It looks like that plugin basically requests the data from Proxmox in more of a pull approach.

I'm posting more in the replies below so I don't spam the feeds. Read on if you'd like -->

#homelab #selfhosted #proxmox #docker #netbox #ipam #dcim #rancher #vscode #powerdnsadmin #powerdns #codimd #caddy #ghost #tinyproxy #keycloak

@dataliderlig 46 zones with an average of 17 records per zone hosted by three secondaries and one hidden primary. One could argue that it would be easier to use an external provider, but I'm a sentimental old #selfhosting bastard. #dns #powerdns

We're seeing a bit of inconsistency in our hosted DNS setup. It's backed by a rather old #PowerDNS setup based on #CockroachDB and for some odd reason, Cockroach is acting up a bit, which leads to timeouts when attempting to look up domains hosted here. A much improved solution based on DNSDIST, PowerDNS' in-memory BIND backend, a hidden primary server and proper primary/secondary domain propagation is nearly complete, but needs a bit of DNSSEC work. I hope to roll it out during the weekend. 🧑‍🏭🎄

Corriger des warnings de modernisation #cpp dans des projets historiques utiles c'est comme faire du tricot. #powerdns

Merci clangd + clang-tidy d'ailleurs. #clang

@seperis #BIND is evil, and you should really look at using something else if you can (#powerdns say). But your problem sounds like pebkac somewhere, possibly in your config, possibly somewhere else. Got a domain name to look at?

We all hate #DNS, as it is the root of all evil. But, I have a #PowerDNS server here at Home that is managing all my domains. Now I want you all to be able to use the amazing domains I own like ben-on-vms.com. Should I replicate the #PowerDNS backend using #MySQL or #AXFR. The primary server is here at my home and the secondaries will be connected over a #wireguard #vpn. #vExpert #vCommunity #Homelab

Are there any #Linux #cPanel and/or #PowerDNS #sysadmins which use #pdns with #DNSSec zones and external secondary/backup #nameservers ?

I'm having issues when the key rollover happens (it doesn't update the serial in the SOA nor does it seem to propagate to the secondaries). Using BIND as the PowerDNS backend which I suspect is the root cause, but #CloudDNS doesn't seem to like/pay attention to the "faked" serials pDNS is meant to send.