Question about setting up a recursive DNS server. youtu.be/FnFtWsZ8IP0?t=69…
πŸ‘︎ 4
πŸ’¬︎
πŸ‘€︎ u/pastaMac
πŸ“…︎ Jan 10 2022
🚨︎ report
Should servers listed on the public hub really have names like this?
πŸ‘︎ 139
πŸ’¬︎
πŸ‘€︎ u/deprevino
πŸ“…︎ Oct 18 2021
🚨︎ report
PiHole with Unbound Recursive Server - Am I doing this wrong?

So I setup PiHole on Raspbian, and installed Unbound with the intention of it acting as a recursive DNS server, using the example configruation from the PiHole website.

Problem: It doesn't appear to be doing recursive lookups, and is instead forwarding to 1.1.1.1 / 1.0.0.1 as far as I can tell.

If I run sudo unbound-control forward in an SSH session, it shows those two IP addresses. Doing unbound-control lookup someweirdsubdomain.site.com shows that it's talking to 1.1.1.1/1.0.0.1. If I run sudo unbound-control off and then try again, it shows it going through the root hints to get the answer.

But now here's what's weird - if I do a dig trace, both with forward on and off, it shows it going through the root hint servers.

So I'm a bit confused - what's actually going on here? Did unbound change from being recursive default to just forwarding requests to whatever server is configured in dhcpcd.conf? How do I know for a fact that it's doing recursive lookups when a client on my network is performing a DNS request?

TIA.....

πŸ‘︎ 8
πŸ’¬︎
πŸ‘€︎ u/mywarthog
πŸ“…︎ Dec 10 2021
🚨︎ report
Should I run my own recursive caching name servers or just use 8.8.8.8?

Most of our servers are configured 8.8.8.8 and 8.8.4.4 Which I'm sure is more reliable than anything I can build, can be reached with 4ms latency and consumes negligible bandwidth. It still feels wrong to use and external service, my instinct is to set up my own caching DNS servers (answering only to our own IP range of course). Taking on a business critical system with no obvious benefit is hard to justify though.
Does anyone have any thoughts on this?

πŸ‘︎ 20
πŸ’¬︎
πŸ‘€︎ u/ollybee
πŸ“…︎ Aug 06 2015
🚨︎ report
Need help setting up a recursive DNS server on my PiHole installed through HomeBridge.

Hello everyone, I have installed PiHole through a HomeBridge helper script (also Unbound) and did all the necessary groundwork to get recursive DNS up and running according to this video. For some reason when I swap my DNS settings inside the PiHole from Cloudflare's DNS to Custom 1 (IPv4) 127.0.0.1#5335 and I go on and try it, the addresses are not resolved so my internet stops working.

Here are some details about my internet setup:

I have my ISP modem with its wireless connection turned off. I have a TP-Link router with wireless connection enabled, getting internet connection through ethernet cable from the modem. My HomeBridge (Raspberry Pi) is connected through ethernet cable onto my TP-Link wireless router. Since all of my home devices are connected wirelessly I set my DNS on my TP-Link router directly.

My Homebridge address is 192.168.0.160:8581

My PiHole is running on 192.168.0.160:80

My TP-link DHCP server is pointed towards 192.168.0.160 (which should be correct)

EDIT: The issue was resolved with the help of the PiHole team. Thank you!

πŸ‘︎ 8
πŸ’¬︎
πŸ‘€︎ u/unknownharris
πŸ“…︎ Dec 02 2021
🚨︎ report
CTE, Recursive CTE, Table Variable, Local and Global Temp tables in SQL Server youtu.be/zFhI0Ft3trY
πŸ‘︎ 5
πŸ’¬︎
πŸ‘€︎ u/develstacker
πŸ“…︎ Nov 16 2021
🚨︎ report
Check out this new domain lookup service and give feedback. One of the good feature is Recursive Query Via Root Servers which does recursion to query to the authoritative name servers. The source code for the dns client is available too. dnsclient.net/
πŸ‘︎ 3
πŸ’¬︎
πŸ‘€︎ u/shreyasonline
πŸ“…︎ Feb 03 2017
🚨︎ report
Going to start an anarchy private server since we can't have public servers I have no idea what to call it so you can think of a name for the "server" no rules what so ever so do what ever. username: Pixel Beast reddit.com/gallery/pixvwj
πŸ‘︎ 7
πŸ’¬︎
πŸ‘€︎ u/Beasty_Pixel145
πŸ“…︎ Sep 06 2021
🚨︎ report
Month names recursive CTE

I'd like to know other ways to arrive at this, but this approach is "zero indexed" in a way, which I like.

with cte as (
	select 0 as m
	union all
	select m + 1
	from cte
	where m < 11
)
select
	m + 1 as [MonthNumber]
	,format(dateadd(month, m, '1900-01-01'), 'MMMM') as [MonthName]
from cte

Maybe there is a way to get the month name format with functions that are more backward compatible.

πŸ‘︎ 10
πŸ’¬︎
πŸ‘€︎ u/motsanciens
πŸ“…︎ Sep 08 2021
🚨︎ report
How I Converted My Chromebook Flip (C100PA) to be a PiHole Server With Recursive DNS to Block Ads (x-post from /r/PiHole)

I hate ads. I also have an old Chromebook Flip (C100PA) that has reached end of life over a year ago. I decided to do a little project to convert this nice low-powered device into an ad-blocking server for my entire network. While working on this project, I documented all of my steps. Everything I did is within a single script. This script, once executed, will only perform one step of the process, which is to migrate Debian 10 (Buster) from your SDCard to the internal EMMC, replacing Chrome OS. All other steps are in the comments in the script and have to be manually run/performed.

Overall, I'm quite happy with the results and am pretty amazed at how well it holds up against my actual Raspberry Pi 4 as an ad-blocking server, even though the Chromebook Flip is operating over WiFi. I'm so glad I did this as this terrific hardware was going to waste.

The caveats:

  • There is no way to run a newer linux kernel > 4.19.133 armv7l. It requires far more work than I'm willing to do at the moment and is tied to the final release of Chrome OS for this device.
    • Do not try to install a newer kernel in Debian, it's a waste of space as it will never boot.
  • The device will most likely be limited to Debian Buster (v10). That's fine for now since that is what PiHole is set up for at the moment.
  • The device will still rely on the default Chrome OS bootloader/kernel, but it can be tweaked to reduce the timer and to have it auto boot from internal storage.

Some more notes:

  • I set my Chromebook Flip up as a headless server, I have not tried the image with LXDE (image sources in the script comments).
  • Performance will not be great until you disable WiFi power-saving features and set the CPU Governor to Performance (instructions in the script comments).
  • Below is the script I wrote to replace Chrome OS on my Chromebook Flip (C100PA) with Debian Buster, then set up Unbound and PiHole for a recursive ad-blocking DNS server.
  • I TAKE ABSOLUTELY NO RESPONSIBILITY IF YOU BRICK YOUR DEVICE USING MY SCRIPT

What this script walks you through:

  1. Enabling developer mode
  2. Removing write protection (for overriding the BIOS flags)
  3. Reducing the timeout value for the developer boot screen
  4. Preparing an SDCard with a Debian 10 (Buster) image
  5. Booting the Chromebook Flip into Debian 10 (Buster) from the SDCard
  6. Replacing Chrome OS on your Chromebook Flip (C100PA) with the image from your SDCard (What the script itself actually performs)
  7. Extra comments
... keep reading on reddit ➑

πŸ‘︎ 16
πŸ’¬︎
πŸ‘€︎ u/kurmudgeon
πŸ“…︎ Aug 07 2021
🚨︎ report
Error setting up recursive dns server for pihole

I'm following Craft Computing's Video. At the 11:38 mark, I'm suppose to go into Settings>DNS>uncheck google's IPv4 upstream DNS servers and enter a custom one. I followed through that and after I hit save, it comes up with this:

>Error
>
>IP(127.0.01) is invalid!
>
>No DNS server has been selected.
>
>The settings have been reset to their previous values.

I checked google but all that I've found was addressing the semicolon to hash issue. I made sure by trying once more, but the same error comes up.

Any ideas/ tips?

πŸ‘︎ 4
πŸ’¬︎
πŸ‘€︎ u/kolkoin
πŸ“…︎ Sep 21 2021
🚨︎ report
Finished my base in a public survival server. rate my base (the axolotls names at the end are my fav) v.redd.it/km1vp5tu18l71
πŸ‘︎ 10
πŸ’¬︎
πŸ“…︎ Sep 03 2021
🚨︎ report
Can't resolve some sites using our internal recursive dns servers

We have an odd one where we can't resolve certain external records using our internal dns servers, but can resolve them when pointed to 8.8.8.8, etc.

I installed a fresh BIND 9.16.1 on an Ubuntu workstation, just to eliminate any possibly out-of-date packages on our organization's internal dns servers. Here's what we're seeing, when pointed at my workstation:

$ dig @localhost diamd-auth.usdoj.gov

; <<>> DiG 9.16.1-Ubuntu <<>> @localhost diamd-auth.usdoj.gov
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 55225
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: b6ec4a98e21cfcef01000000611c4d8710de6fcd8370fd99 (good)
;; QUESTION SECTION:
;diamd-auth.usdoj.gov.		IN	A

;; Query time: 131 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Aug 17 17:00:07 PDT 2021
;; MSG SIZE  rcvd: 77

Then from 8.8.8.8:

$ dig @8.8.8.8 diamd-auth.usdoj.gov

; <<>> DiG 9.16.1-Ubuntu <<>> @8.8.8.8 diamd-auth.usdoj.gov
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53633
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;diamd-auth.usdoj.gov.		IN	A

;; ANSWER SECTION:
diamd-auth.usdoj.gov.	30	IN	CNAME	diamd.customdomains.okta.com.
diamd.customdomains.okta.com. 30 IN	CNAME	ok5-custom-crtrs.okta.com.
ok5-custom-crtrs.okta.com. 30	IN	CNAME	ok5-crtr-custom-domains-f25d1212894ced23.elb.us-west-2.amazonaws.com.
ok5-crtr-custom-domains-f25d1212894ced23.elb.us-west-2.amazonaws.com. 30 IN A 34.223.206.17
ok5-crtr-custom-domains-f25d1212894ced23.elb.us-west-2.amazonaws.com. 30 IN A 34.223.206.19
ok5-crtr-custom-domains-f25d1212894ced23.elb.us-west-2.amazonaws.com. 30 IN A 34.223.206.18

;; Query time: 135 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Tue Aug 17 17:01:16 PDT 2021
;; MSG SIZE  rcvd: 249

When I add +trace to the options, I see some weird null-padded (\000) output in the answer sections. Not sure if that's significant:

$ dig @localhost +trace diamd-auth.usdoj.gov

; <<>> DiG 9.16.1-Ubunt
... keep reading on reddit ➑

πŸ‘︎ 4
πŸ’¬︎
πŸ‘€︎ u/dustin_allan
πŸ“…︎ Aug 18 2021
🚨︎ report
How To Check If Unbound Is Working As Recursive Server?

I'm new to this Pi-hole stuff and I'm not really that familiar with Linux but I was able to get PI-hole with Unbound working. All settings are the same with the instructions found in the Pi-hole website/github page. Upon checking the Pi-hole admin webpage, I can clearly see that DNS queries are being forwarded to 127.0.0.1#5335 or the Unbound server. How do I make sure then that Unbound is working as a recursive server and it's not just forwarding it to some other DNS Server like Google (like Pi-hole > Unbound > Google)?

I also tried deleting the contents of my root.hints file just to test but for some reason, I can still access websites and use dig command. Also restarted unbound and rebooted my pi as well. Shouldn't my DNS server fail to function if this file is not found?

EDIT: All questions answered. Thanks everyone!

πŸ‘︎ 62
πŸ’¬︎
πŸ‘€︎ u/kiryuchan1243
πŸ“…︎ Jun 20 2021
🚨︎ report
DNS-Fender: A Proof-of-Concept tool utilizing open DNS resolvers to produce an amplification attack against web servers. Using Shodan APIs and native Linux commands, this tool is in development to cripple web servers using spoofed DNS recursive queries. github.com/Kleptocratic/D…
πŸ‘︎ 6
πŸ’¬︎
πŸ‘€︎ u/digicat
πŸ“…︎ Sep 25 2021
🚨︎ report
Uhh, is this a cause for concern? About 32 users with very similar names joined my public server in the space of 20 minutes
πŸ‘︎ 12
πŸ’¬︎
πŸ‘€︎ u/jahinzee
πŸ“…︎ Jun 11 2021
🚨︎ report
Considering starting a campaign on public servers, but I'm well aware that there are alot of griefers on this game, does anyone know any griefers I should look out for by name?

Also if there are any ban lists, please send them to me

πŸ‘︎ 6
πŸ’¬︎
πŸ‘€︎ u/redditguy01234
πŸ“…︎ Jun 21 2021
🚨︎ report
My dad's name is Chad. Our server asked if that was short for something and my Dad said

Yes, it is, it's short for Chhhhhhhhhhhhhhhhhhhhhaaaaaaaaaadddddddddddddddddddd

πŸ‘︎ 197
πŸ’¬︎
πŸ‘€︎ u/Daniel_G_Erweiner
πŸ“…︎ Dec 28 2021
🚨︎ report
Just did daily ops 5 times and 4 out of the 5 times it either froze on a signal booster or didnt spawn the final enemy boss. Switched to my private server and it worked just fine. Bethesda what in the name of davy is wrong with your public servers?

Been here since beta, have over 2k hours in game and im just beyond tired of seeing events, quests and generally just the entire game having trouble loading, and god forbid you see the server not responding message in the middle of a queen or earl. Dont get me wrong I agree that the game has made good steps since launch but it still has so much more to go in the sence of being a stable game. How do my fellow 76ers feel?

πŸ‘︎ 18
πŸ’¬︎
πŸ‘€︎ u/Davisv35
πŸ“…︎ Apr 02 2021
🚨︎ report
Setting up a Domain name for Debian during installation to make web server public

When installing Debian, there is this part of the installation:

https://preview.redd.it/5sc53fie2l371.png?width=790&format=png&auto=webp&s=a975e0d6d95e279c26a94323a9fe396943288ac9

Is this where you set a custom domain name for your Debian set up if you're going to setup a server to make it public?

I have Ubuntu server running with the LAMP stack right now. I also have set up an ethernet cable hooked up my home WIFI router, and have also pointed my domain names to the static ip address on my Ubuntu server PC. When I type in the domain name into any of my computers connected to my home wifi, it will run, but when I'm at a coffee shop or some public place and try to type in the domain name, it won't show anything. Am I doing something wrong?

I want to switch from Ubuntu server to Debian, and during the installation process, I'm brought to a prompt to enter a domain name. Will this set up a public ip address to make my web server public so that my websites can be accessed outside my house?

πŸ‘︎ 2
πŸ’¬︎
πŸ‘€︎ u/rbuen4455
πŸ“…︎ Jun 06 2021
🚨︎ report
Need help with a recursive CTE (Microsoft SQL Server)

Hi there, I have been driving myself crazy trying to figure this out... I am trying to identify the size of my manager's teams - essentially counting up every direct and indirect report a manager has. The data is hierarchal, each employee has a single manager listed. I figure the best way to get this would be a recursive CTE, but I'm not getting what I want. Here is some sample data:

eeid fnm mgr
8JQH TIMOTHY DH74
8QXM ABBY CHMN
B5OB DEBRA CHMN
B5Q4 KYLE CHMN
CHMN LAUREE 8JQH
DH74 WENDY NULL

And here is the code I have so far:

WITH cte AS(

SELECT eeid,fnm,mgr,1 lvl

FROM CUSTOM.dbo.ut_HRIS

WHERE mgr IS NULL

UNION ALL

SELECT e.eeid,e.fnm,e.mgr,o.lvl + 1

FROM CUSTOM.dbo.ut_HRIS e

INNER JOIN cte o ON e.mgr = o.eeid

WHERE e.mgr IS NOT NULL)

SELECT * FROM cte o

Here is the output:

eeid fnm mgr lvl
DH74 WENDY NULL 1
8JQH TIMOTHY DH74 2
CHMN LAUREE 8JQH 3
8QXM ABBY CHMN 4
B5OB DEBRA CHMN 4
B5Q4 KYLE CHMN 4

What I am looking for is to see a line for every direct/indirect report per manager - so Wendy would have 5 lines on the output, because everyone eventually rolls up to her. Timothy would have 4 rows, Lauree 3, etc.

Can anyone tell me what mistake I am making? Or if I am completely approaching this the wrong way?

EDIT: Problem solved! I ended up using the code from PossiblePreparation, as well as the tip from Seven-of-Nein. Put together it worked like a charm. Thanks for the help everyone.

πŸ‘︎ 6
πŸ’¬︎
πŸ‘€︎ u/fellchieftan
πŸ“…︎ May 10 2021
🚨︎ report
Hello my name is deth I recently made a server and am hoping to make it a little more public

We are just a fun community style server I don’t really care what u say as long as it isn’t super raunchy or mean please respect the staff If u want to join dm me

πŸ‘︎ 2
πŸ’¬︎
πŸ‘€︎ u/deth11106
πŸ“…︎ Jun 10 2021
🚨︎ report
The Discord Server is named Futiles, don't know if it's public anymore, but might help someone find the link
πŸ‘︎ 8
πŸ’¬︎
πŸ‘€︎ u/ThatArchiveGuy
πŸ“…︎ Oct 09 2021
🚨︎ report
Reddit going public. Brace yourselves for censorship in the name of profit
πŸ‘︎ 13k
πŸ’¬︎
πŸ‘€︎ u/pany1800
πŸ“…︎ Dec 16 2021
🚨︎ report
In what must be an HCA first, a commenter drops the name of ANOTHER award winner (public figure) while warning against the danger of ventilators and vowing to die at home before going to hospital for COVID treatment. (Repost at mod request) reddit.com/gallery/rhpgh6
πŸ‘︎ 7k
πŸ’¬︎
πŸ‘€︎ u/bloody_hell
πŸ“…︎ Dec 16 2021
🚨︎ report
I would like to be able to access my home network VPN server by typing in a domain name, instead of my public IP. The IP changes too often for it to be reliable. I already have a public domain name, but I'm unsure how to bind my private VPN server to it. What's the best method to achieve this goal?
πŸ‘︎ 6
πŸ’¬︎
πŸ‘€︎ u/teknic111
πŸ“…︎ Dec 22 2020
🚨︎ report
This is How Youth are fooling Shopkeeper via UPI Transaction guys, beware of such fraud. Don't Tell Your Name when someone asks when doing UPI Payment. Issued in Public Intrest. v.redd.it/nmjfd3733t981
πŸ‘︎ 6k
πŸ’¬︎
πŸ‘€︎ u/DCGMechanics
πŸ“…︎ Jan 05 2022
🚨︎ report
Inside the Vault – Prepare to Invade the Public Test Server fallout.bethesda.net/en/a…
πŸ‘︎ 268
πŸ’¬︎
πŸ‘€︎ u/HunterWorld
πŸ“…︎ Jan 13 2022
🚨︎ report
I met Scar yesterday on Xisuma's public server reddit.com/gallery/rride6
πŸ‘︎ 6k
πŸ’¬︎
πŸ‘€︎ u/sokokun
πŸ“…︎ Dec 29 2021
🚨︎ report
DNS - why using recursive servers (e.g. 1.1.1.1) instead of running a local server and querying the root servers directly? (Crosspost from r/networking)

I couldn't find an answer to this one. Negate says on the pfSense docs that the resolver (unbound) that is installed and enabled by default ignores any recursive name servers set and instead query the root servers directly, unless configured otherwise. (https://docs.netgate.com/pfsense/en/latest/services/dns/resolver.html). So I was thinking, in a privacy point of view, why having an intermediate and send them all your browsing history? Cloudflare implements, for example, DNS over TLS, DNS over HTTPS and even encryption of SNI (so "your ISP can't really see the names you are querying"). But ISPs can see the IPs you are accessing and, therefore, can trace back the IPs to their corresponding names. It looks like a bogus sense of privacy only to convince the users to send them their DNS requests. Besides, running it locally could bypass censorship on the DNS level (yes, it happens sometimes in my country, very "democratic") and the local cache could not only speed things up but also really improve privacy by reducing the number of queries sent though wan (and, obviously, excluding intermediates). Idk, maybe I am misunderstanding the functionality of the DNS stack. Am I missing something? Could someone help elaborate? Thanks!

πŸ‘︎ 13
πŸ’¬︎
πŸ‘€︎ u/Sanziumm
πŸ“…︎ Nov 03 2020
🚨︎ report
You're running Pi-Hole wrong! Setting up your own Recursive DNS Server!

https://youtu.be/FnFtWsZ8IP0

Pi-Hole is an awesome service to run in your house. It keeps ads from loading on every device, and will run on any Raspberry Pi, Docker container or virtual machine you'd like. But did you know it can do SO much more than just block ads? You can also completely bypass 3rd party DNS servers like 8.8.8.8, 1.1.1.1, 208.67. 222.222, or the ones ran by your ISP.

πŸ‘︎ 2
πŸ’¬︎
πŸ‘€︎ u/RScottyL
πŸ“…︎ Jan 29 2021
🚨︎ report
At the heart of administrative reforms suggested by committees is the recursive force to create more committees, thereby creating a chain of concomitant lacunae in public policy. By extension, Rushdie was right when he talked of the uselessness of governmental anagrams.
πŸ‘︎ 5
πŸ’¬︎
πŸ‘€︎ u/vednavaksh
πŸ“…︎ Feb 16 2021
🚨︎ report
How to set up BIND DNS server to resolve public names?

Hi, I have a job interview task for a Devops engineer position. Have to create a Linux VM that runs a DNS server using IaC tools on a cloud platform. I know the cloud/IaC part but don't have that much Linux experience.

The requirements for the DNS server are it should be able to resolve public DNS zone domains like google.com, reddit.com etc.

I have set up Bind DNS server and stuck at the config part. I looked up some docs and tutorials but most explain how to map a specific hostname to an IP. I need a way for it to resolve not just that but all public domain names. How do I do that? Or am I misunderstanding something?

Thanks!

πŸ‘︎ 3
πŸ’¬︎
πŸ‘€︎ u/FrigusNomen
πŸ“…︎ Feb 03 2021
🚨︎ report
Unbound recursive causing internet to think I'm hosting a DNS server. Normal?

Using Pi-Hole with Unbound (as recursive) and while reviewing some firewall logs, I am receiving public inbound queries of one to two per second to Port 53. My firewall is blocking them all. As a test, I forwarded all of my internal queries (via Unbound) to OpenDNS. I verified traffic was being forwarded to OpenDNS, and in about 30 minutes, all inquiries to my Port 53 stopped.

About an hour later, I removed the forwarders (back to recursive) and about 30 minutes later, the queries are back. About one to two per second. Is this behavior expected?

πŸ‘︎ 11
πŸ’¬︎
πŸ‘€︎ u/-mrfixit-
πŸ“…︎ Nov 24 2020
🚨︎ report
I made the bad decision of trying to have a civil discussion in a big public discord server
πŸ‘︎ 2k
πŸ’¬︎
πŸ“…︎ Dec 05 2021
🚨︎ report
PewDiePie Minecraft Server is now open to the public!
πŸ‘︎ 2k
πŸ’¬︎
πŸ‘€︎ u/bruisedsalad
πŸ“…︎ Dec 09 2021
🚨︎ report
Why you can’t trust the public to select names…
πŸ‘︎ 97k
πŸ’¬︎
πŸ‘€︎ u/whydowedowhatwedo
πŸ“…︎ Oct 19 2021
🚨︎ report
TIL GNU stands for "GNU's Not Unix", which makes the name a recursive acronym. en.wikipedia.org/wiki/GNU
πŸ‘︎ 61
πŸ’¬︎
πŸ‘€︎ u/blteare
πŸ“…︎ Nov 09 2020
🚨︎ report
Public server character popularity tier list
πŸ‘︎ 399
πŸ’¬︎
πŸ‘€︎ u/Ampetrix
πŸ“…︎ Dec 25 2021
🚨︎ report
Brazil's Bolsonaro asks for names of vaccine-approving health officials 'to make their identities public' despite death threats reuters.com/world/america…
πŸ‘︎ 3k
πŸ’¬︎
πŸ‘€︎ u/Unionofsatan
πŸ“…︎ Dec 18 2021
🚨︎ report
How I Converted My Chromebook Flip (C100PA) to be a PiHole Server With Recursive DNS to Block Ads. (x-post from /r/ChromeOS)

I hate ads. I also have an old Chromebook Flip (C100PA) that has reached end of life over a year ago. I decided to do a little project to convert this nice low-powered device into an ad-blocking server for my entire network. While working on this project, I documented all of my steps. Everything I did is within a single script. This script, once executed, will only perform one step of the process, which is to migrate Debian 10 (Buster) from your SDCard to the internal EMMC, replacing Chrome OS. All other steps are in the comments in the script and have to be manually run/performed.

Overall, I'm quite happy with the results and am pretty amazed at how well it holds up against my actual Raspberry Pi 4 as an ad-blocking server, even though the Chromebook Flip is operating over WiFi. I'm so glad I did this as this terrific hardware was going to waste.

The caveats:

  • There is no way to run a newer linux kernel > 4.19.133 armv7l. It requires far more work than I'm willing to do at the moment and is tied to the final release of Chrome OS for this device.
    • Do not try to install a newer kernel in Debian, it's a waste of space as it will never boot.
  • The device will most likely be limited to Debian Buster (v10). That's fine for now since that is what PiHole is set up for at the moment.
  • The device will still rely on the default Chrome OS bootloader/kernel, but it can be tweaked to reduce the timer and to have it auto boot from internal storage.

Some more notes:

  • I set my Chromebook Flip up as a headless server, I have not tried the image with LXDE (image sources in the script comments).
  • Performance will not be great until you disable WiFi power-saving features and set the CPU Governor to Performance (instructions in the script comments).
  • Below is the script I wrote to replace Chrome OS on my Chromebook Flip (C100PA) with Debian Buster, then set up Unbound and PiHole for a recursive ad-blocking DNS server.
  • I TAKE ABSOLUTELY NO RESPONSIBILITY IF YOU BRICK YOUR DEVICE USING MY SCRIPT

What this script walks you through:

  1. Enabling developer mode
  2. Removing write protection (for overriding the BIOS flags)
  3. Reducing the timeout value for the developer boot screen
  4. Preparing an SDCard with a Debian 10 (Buster) image
  5. Booting the Chromebook Flip into Debian 10 (Buster) from the SDCard
  6. Replacing Chrome OS on your Chromebook Flip (C100PA) with the image from your SDCard (What the script itself actually performs)
  7. Extra comments
... keep reading on reddit ➑

πŸ‘︎ 4
πŸ’¬︎
πŸ‘€︎ u/kurmudgeon
πŸ“…︎ Aug 07 2021
🚨︎ report
DNS question - why using a recursive resolver (e.g. 1.1.1.1 or your ISP's) instead of running it locally and querying directly the DNS root servers?

I couldn't find an answer to this one. Negate says on the pfSense docs that the resolver (unbound) that is installed and enabled by default ignores any recursive name servers set and instead query the root servers directly, unless configured otherwise. (https://docs.netgate.com/pfsense/en/latest/services/dns/resolver.html). So I was thinking, in a privacy point of view, why having an intermediate and send them all your browsing history? Cloudflare implements, for example, DNS over TLS, DNS over HTTPS and even encryption of SNI (so "your ISP can't really see the names you are querying"). But ISPs can see the IPs you are accessing and, therefore, can trace back the IPs to their corresponding names. It looks like a bogus sense of privacy only to convince the users to send them their DNS requests. Besides, running it locally could bypass censorship on the DNS level (yes, it happens sometimes in my country, very "democratic") and the local cache could not only speed things up but also really improve privacy by reducing the number of queries sent though wan (and, obviously, excluding intermediates). Idk, maybe I am misunderstanding the functionality of the DNS stack. Am I missing something? Could someone help elaborate? Thanks!

πŸ‘︎ 3
πŸ’¬︎
πŸ‘€︎ u/Sanziumm
πŸ“…︎ Nov 03 2020
🚨︎ report

Please note that this site uses cookies to personalise content and adverts, to provide social media features, and to analyse web traffic. Click here for more information.