the good part about power outages is it told me that my NUC's re-done network configuration was actually broken and didn't work correctly on reboot (missing v4 connectivity)
for some reason it was adding the statically configured IPv4 address to the eno1 interface instead of the bridge interface even though it was under the br0 interface
DHCP works fine though so 🤷🏾♂️
the correct config:
iface br0 inet dhcp
iface br0 inet6 auto
It is important that my NUC's network connectivity works correctly after it comes back from a power outage since its the primary DNS resolver handed out by DHCP in my LAN.
I have my router's forwarder as the secondary but I'd rather not the home network be in a degraded state.
my home LAN's resolver situation is as follows:
Primary - unbound recursor running on my NUC
Secondary - forwarder running on my router, forwarding to my ISP's PPPoE provided resolvers
I don't really like using the common public resolvers like Google Public DNS/OpenDNS/Cloudflare as a secondary especially when my ISP's resolvers don't NXDOMAIN hijack.
Let me explain NXDOMAIN hijacking:
Say for example, you mistype a domain in your browser's URL bar, normally it would give you 'name not found' or similar error message or depending on how smart your browser is, redirect to a user configured search engine.
With NXDOMAIN hijacking, that typo would result in you landing on a search page provided by your ISP with ads on it which they make money from.
okay so while Zelda downloads let's talk about getting around your ISP's NXDOMAIN hijacking
there are two basic ways:
1) using a public resolver service that does not NXDOMAIN hijack (example - Google Public DNS)
2) running your own recursor (example - unbound on your own machine or serving your network if you control the network)
using a public resolver service is the easier choice but comes with the cost of giving your DNS queries to a third party (Google/OpenDNS/Cloudflare)
decide for yourself if this is something you are okay with
How to change DNS settings on Windows 10:
if you control the router and the network, look up your router's documentation on how to change it there
setting up your own recursor is slightly more involved, I recommend unbound:
(ignore the part about compiling it)
you can get unbound in your Linux distro's repositories, so if you have a Raspberry Pi, you can install it there and use DHCP to have your whole LAN use it
if you only need it on a single machine, it can be as simple as
apt install unbound resolvconf
unbound listens and recurses for localhost by default
if you are on Windows, Unbound has a installer that you can use that comes with a Windows service so you can easily stop/start it:
Install it, make sure the service is started, change your resolver to 127.0.0.1 and you should be good to go
@staticsafe how did we even come to imagine such things
@lucidiot greed really
That's just bad and wrong.
@staticsafe So many ISPs do this...
It makes me hate them immediately and irreparably.
@staticsafe Even a good "optional" DNS like Norton does this. It's one of the few that uses DNSSEC, and I refuse to use Google's DNS anymore, so I'm stuck with the NXDOMAIN hijacking. Honestly just thinking about forgetting about the DNSSEC so I can get back to a normal "name not found" result.
@staticsafe How much trouble is running your own recursor? I do have an always-online unix machine and it does seem more clean than relying on Google
@elomatreb it's fairly simple IMO, I'll get to that in a bit
@staticsafe that would be cool. Definitely interested in more of this.
@staticsafe I'm a fan of PowerDNS. Would be interesting to do a compare and contrast.
@nivex I've never actually used pdns' recursor functionality, its worth a look I guess
Wow, that is disgusting..
@staticsafe fun fact!!!! my ISP does this, but there are times where the DNS of their own site doesn't resolve.
it forms a loop until you get an http request too long error and the URL is thousands of characters long
staticsafe's personal Mastodon instance.