G's Blog

Reader

Read the latest posts from G's Blog.

from G's Blog

A Quick and Dirty DNS server using FreeBSD ( #100DaysToOffload Day 28)

In today's post i'm going to show you how to setup up something i should have done a long time ago. Knowing now how easy it could be. What is this thing? Setting up a in-home DHCP/DNS server. At first i was just looking for a DNS server thinking like a Pi-Hole but i knew i wanted to use FreeBSD as the OS. I want to use BSD's more mainly just to learn about them not because i think they are better(yet). FreeBSD is my choice simply because i've had the best experience with it. This would work from any of the BSD's but some step might differ a little. So Looking around i found out that the “Pi-Hole” only runs on linux. Looking a little further i found out that a Pi-Hole really is just a DNS server plus a block list. Doing this also means i don't have to maintain a host file on each device i own.

Enter dnsmasq

This little piece of software is just what i was looking for. Plus it's also a DHCP and TFTP server. And it's native to BSD's(It can also be found on linux).

The setup was quite easy. I am using a Raspberry Pi Model B rev 2(A second one i had laying around) for now but this is going to be upgraded to something else as it does struggle a little. But it is very usable and any slow downs are only noticeable when the TTL of the DNS record expires.

So step one was to flash the SD card with the FreeBSD image this i did using dd from my linux PC

dd if=FreeBSD-12.1-RELEASE-arm-armv6-RPI-B.img of=/dev/sdX

Pop that in the Pi and boot it up. I always do the initial Pi boot up with it connected to a display just in case something goes wrong and plus then i don't have to try and look at DHCP lease tables to find out what the IP address of it is.

After initial boot next task should be to change the default password(s) for root account and freebsd account. You can do that using the same passwd command as on linux.

Next you really should set a static IP on any server and also set a hostname to do that on FreeBSD you edit /etc/rc.confand add these lines

hostname="hyperion"
ifconfig_ue0="inet 192.168.2.6 netmask 255.255.255.0"
defaultrouter="192.168.2.1"

ue0 above is the name of the network interface. This could be different on your system. You can find the interface name using the ifconfig command.

Now i know i could have these changes take effect with a few command but i always reboot when making changes like this.

What i always do next is somewhat optional but HIGHLY recommended. Make SSH use public key authentication. I'll assume you know how to do this and move onto the setup of the actual DHCP/DNS server. At this point i would also disconnect the Pi from the display, Place it in it's final resting place and do the rest of the setup over SSH.

The only package we need to install is dnsmasq

pkg install dnsmasq

Once that is installed it's a matter of configuring it. dnsmasq is a caching DNS server by default but can also be a DHCP and TFTP server. I decided to also use it as the DHCP server on my network to ensure that all clients use it as DNS server. dnsmasq parses /etc/hosts and turns those into DNS records/responses.

Here is my config


# Never forward plain names (without a dot or domain part)
domain-needed
# Never forward addresses in the non-routed address spaces.
bogus-priv

no-resolv
server=9.9.9.10
server=149.112.112.10
dhcp-range=192.168.2.20,192.168.2.150,24h
dhcp-option=3,192.168.2.1
dhcp-authoritative

# Send microsoft-specific option to tell windows to release the DHCP lease
# when it shuts down. Note the "i" flag, to tell dnsmasq to send the
# value as a four-byte integer - that's what microsoft wants. See
# http://technet2.microsoft.com/WindowsServer/en/library/a70f1bb7-d2d4-49f0-96d6-4b7414ecfaae1033.mspx?mfr=true
dhcp-option=vendor:MSFT,2,1i

cache-size=300
conf-dir=/usr/local/etc/dnsmasq.d

# If a DHCP client claims that its name is "wpad", ignore that.
# This fixes a security hole. see CERT Vulnerability VU#598349
dhcp-name-match=set:wpad-ignore,wpad
dhcp-ignore-names=tag:wpad-ignore

# Always allocate the host with Ethernet address 11:22:33:44:55:66
# The IP address 192.168.0.60
#dhcp-host=11:22:33:44:55:66,192.168.0.60
# If this line is uncommented, dnsmasq will read /etc/ethers and act
# on the ethernet-address/IP pairs found there just as if they had
# been given as --dhcp-host options. Useful if you keep
# MAC-address/host mappings there for other purposes.
#read-ethers

Most of those options are explained or self-explanatory so i'll explain the less obvious ones.

no-resolv by default dnsmasq gets it's list of upstream dns servers to pass onto clients by reading /etc/resolv.conf this disables that and makes it get it's upstream server from it's own config file.

server=9.9.9.10
server=149.112.112.10

These are the 2 upstream DNS server i use. They are provided by Quad9. These are the unsecured non-blocking servers as i will supply my own blocking list.

So then in /etc/resolve.conf you just need to have nameserver 127.0.0.1

and then disable resolvconf by creating /etc/resolveconf.conf with the following content

resolvconf=NO

dhcp-option=3,192.168.2.1 this sets DHCP option 3(Default gateway) for all clients to 192.168.2.1 dhcp-authoritative This makes dnsmasq forcefully become the only DHCP server on the network so it will takeover leases from other servers(if i understand that correctly)

I've left the addresses reservation lines because i may use them someday.

conf-dir=/usr/local/etc/dnsmasq.d this makes dnsmasq parse all files under that folder

in that folder i have the block list found here

This list get updated everyday and is a large list blocking AD and malware domains.

So with that all in place all that is left to do is to enable/start the service

To enable add this to /etc/rc.conf

dnsmasq_enable="YES"

Then to start it right now

service dnsmasq start

That's it the server is now running and will answer DHCP and DNS requests. Any clients you have set with static network configurations you will need to update the DNS server on those to point to this newly setup server.

The other thing i did was create a small script to update the block list everyday and restart dnsmasq.


#!/usr/local/bin/bash
wget -O /usr/local/etc/dnsmasq.d/dnsmasq.blacklist.txt https://raw.githubusercontent.com/notracking/hosts-blocklists/master/dnsmasq/dnsmasq.blacklist.txt
service dnsmasq restart

and add that to /etc/crontab

0 1 * * * root /root/upblocklist.sh >/dev/null 2>&1

I have that set to go at 1AM every day as the blocklist repo is updated right around 12am in my time zone. You'll have to adjust this so you grab it after it's been updated.

And that is it. Like i said the Pi model B is not the best deivce to do this with. I think anything more recent with more than 1 CPU core would work just fine. My plan is to get a Rock64.

Well i hope this post was helpful to someone.

Until next time Stay safe!

@mgrondin@youdabomb.social

#Tech #BSD #Selfhost

 
Read more...

from G's Blog

Weekly music review ( #100DaysToOffload day 27)

So this past week i have been listening to Floppy Disk Overdrive by Master Boot Record and oh boy did i have no clue what i was in for.

This album stands on its own. I found it in the Synthwave listings but calling it that is a stretch. I would go as far as defining a new genre. Call it MetalWave or SythMetal or something. The songs have the structure and feel of metal with some very Synth elements. On first listen you just don't know what to expect. Every song takes unexpected turns for the better. It does take more than one listen to really appreciate it but now I can't stop listening to it. It's going to be hard to move on from this one. Highly recommend this one. You should not pass it up.

Moving on i must.

Next we shall check out Daze of the Future by Mr. 45. This one is a little older but i went to the Surprise Me listings of bandcamp and this one caught my eye. Lets see what surprises it holds.

That is all for today.

Until next time be safe!

@mgrondin@youdabomb.social

#Music

 
Read more...

from G's Blog

Weekly music review and a new service offering (#100DaysToOffLoad Day 26)

So this week i have been listening to Cataclysm by Electric Dragon. To no surprise i have been enjoying every minute. This artist is a bit darker than most other Synthwave artists i've listened to but that's what makes it so great. It's like being down in the under belly having a party.

I'm not sure where the inspiration came for this album but i suspect that 2020 had a general impact on it. Most of the songs make reference to the end of days in some way but it's put together in such a way that is very enjoyable. I'll be listening to this one again for sure and you should as well.

Now for next weeks album we are going to stick in the Synthwave genre but a little different still.

This album is by a band that has interested me for a while but i never really checked it out.

The band is called Master Boot Record. I think you can see why the name would interest me.

Anyways the album i'll be listening to is Floopy Disk Overdrive. Please go and check it out. If you are more skilled in those things than me maybe you can unlock the secret track. Come back next week for more music.


As a hobbyist self-hoster i'm almost always looking for something else to host. One because i like to see what else is available in terms of self-hostable stuff and two because i just enjoy the setup process.

So when @selea@social.linux.pizza put out a call for someone to take over https://tempmail.linux.pizza (now redirects to my server) i saw it as something i could throw onto my recently uncovered Raspberry Pi model B and i jumped at the chance. So https://tempmail.youdabomb.social is born(Literally just yesterday). What does it offer:

Random Disposable Mailbox ✅
No Access Logs ✅
Mail Deleted after 2 days ✅

2 domains to choose from anon.ymous.xyz nullnvoid.xyz More domains to come later(Maybe...Probably)

It is made possible by Disposable-Mailbox.

So if you want to avoid some spam associated with some websites or just want to be able to use/join a website without giving your regular email well now you can.

Keep in mind that this is running on quite the small device so while it can't handle all of you at once it should be able to service everyone given time. If it's in high enough demand i'll look at upgrading the hardware it's on. For now it should do.

Well that is all for now

Until next time Be Safe!

@mgrondin@youdabomb.social

#Music #Tech #SelfHost #BSD #Raspi

 
Read more...

from G's Blog

Weekly music review and a few other things (#100DaysToOffLoad day 25 )

So for this weeks music review i have been listening to Punk/HC by Lavage. This was also part of the #mmbc that i joined last month. Every month we listen to one album and speak of it at the end of the month. Like a book club but for music. Look us up on Mastodon/the fediverse using the hashtag #mmbc and join us.

So the album was amazing in my oppinion. It is punk as punk should be. RAW! Even tho i could not understand the lyrics(Still have to look them up and translate them) i fully enjoyed the album. It took me back to all the punk shows i attended in my teens. Most of which where just local bands in some random(sometimes sketchy) venue. The 2 english songs while different since not being the bands/singers native language where still great. I'll be listening to this one much more.

Another one you need to pick up for sure.

This weeks album is going to be Cataclysn by Electric Dragon. This is the latest album by a Synthwave artist i have listen to before and enjoyed so i don't think i'll be disappointed.


Next quick topic is that i have renewed my adventure with BSD(FreeBSD this time). I got an old laptop from work and have put FreeBSD on it. The WiFi works so i'll be using this one much more than my last laptop on which BSD did not find the WiFi adapter. I'm writing this post on it.


As i mentioned in my last post. I've recently found out about the #Gopher protocol and have even setup a little Gopher server. Since last post i have moved the #GopherSpace to a new domain. It is now at

gopher://gopher.pizza

Again writefreely wont make that clickable so you will need to copy and pate it. To learn a little more about Gopher and ways to access it see my previous post.

I am also opening my #GopherSpace to anyone who would like to host some content on it. Please see the main page of the space for contact info and reach out if you want to join.

It will require that you have/create a SSH key pair as the upload method is via SFTP. I will allow password authentication as well but would prefer key based auth.

Let me know if you have any questions on this.

Well i guess that's all for now.

Until next time. Be safe!

@mgrondin@youdabomb.social

#Music #Tech #Gopher #BSD

 
Read more...

from G's Blog

Weekly Music review and a GopherHole (#100DaysToOffload Day 24)

So for today's post we start off with the weekly music review.

This wee i've been listening to Virtual Trails by Milchomalefic. I must say that with this week it's confirmed that my love for Metal(at least the heavier kind) is diminishing. I enjoyed this weeks album much more than last weeks.

The album lives up to it's name. It really makes you feel like you are traveling around some wonderful world. It is great music to be driving to. It's both calming and invigorating. It was pleasant to listen to when leaving work. Got me out of the workday mood. At the same time it's great to listen to while going to work. Helps me to wake up. I look forward to listening to this one for many years to come.

Now for the next album i'm going to cheat a little. What i'm going to do is use the album that i've already been listening to for #mmbc with @uxintro@social.chinwag.org and @mike@social.chinwag.org. Since this is the review week for #mmbc i figured i could double review it. The album is Punk/HC by Lavage. I wont say much but do yourself a favor and pick it up. Really pick up both albums i've mentioned here.

Check back next week for more music.


Now onto the next topic for today.

Recently(as in like Friday) i found out about #Gopher. A protocol that was around very early in the days of the internet i think it even pre-dates http. It basically does the same as http in which it serves content over the internet.

From wikipedia

The Gopher protocol /ˈɡoʊfər/ is a communications protocol designed for distributing, searching, and retrieving documents in Internet Protocol networks. The design of the Gopher protocol and user interface is menu-driven, and presented an alternative to the World Wide Web in its early stages, but ultimately fell into disfavor, yielding to the Hypertext Transfer Protocol (HTTP). The Gopher ecosystem is often regarded as the effective predecessor of the World Wide Web

It really only support serving basic text but really that's all you need to get a point across. Mind you i'm still learning about it and i have seen mention of images and sound it can support but i have not experimented with those functions yet.

So i decided this was something i could do with one of my old Raspberry PI Model b(Rev.2) i have around. So i went about setting up a server. I also decided that it would be a great opportunity to really give BSD a go. So i went with FreeBSD for the operating system. So far i'm really enjoying it. It was fairly easy to setup and is even more easy to publish content to. Write up a text file and upload it. Voila that's it. I'm going to keep playing with this for sure and might even open up the server to some users if there is interest. I think it's nice to go back to that point in time of the internet. No ADs no one was really in it to make money. Much of it(The internet) was about sharing and exchanging ideas. That is now so often lost...

Anyways if you want to check it out have a look at my GopherHole(Writefreely wont make the link clickable you will have to copy paste):

gopher://gopher.pizza

Sadly most modern browsers have long dropped support for the gopher protocol but thanks to some add-ons it can still be browsed. The add-on i use/recommend is OverbiteWX/NX as it works with all major browsers. Other browsers that support it that i have tired are lynx(CLI based) and Dooble. One thing that i'm still figuring out is if all clients are created equal. So far it seems not or it seems some documentation on the syntax supported is inaccurate. But the basics should work across all clients.

Anyways that is all for today.

Until next time. Be Safe!

@mgrondin@youdabomb.social

#Music #Gopher #BSD

 
Read more...