Skip Navigation

InitialsDiceBearhttps://github.com/dicebear/dicebearhttps://creativecommons.org/publicdomain/zero/1.0/„Initials” (https://github.com/dicebear/dicebear) by „DiceBear”, licensed under „CC0 1.0” (https://creativecommons.org/publicdomain/zero/1.0/)SN
Snowplow8861 @ Snowplow8861 @lemmus.org
Posts
0
Comments
64
Joined
2 yr. ago

DNS hijacking

Jump

  • The bypass is to run your own router, distribute locally hosted dns servers (either the router or pihole) and the dns servers get their lookups over dns over https (443) and your provider can't intercept that since it looks like regular encrypted Web traffic just like they shouldn't be able to inspect your netbank.

    Australia is different but these isps who do that generally have a +$5 per month plan to go to a static public rout able public Up (instead of cgnat) and unfiltered Internet. They usually are more allowing mum and dad to filter the Web so their kids can't get too far off track. Maybe just double check on your ISP portal settings but I'm going to assume you're not in aus.

    • How can I restrict visiting a service through a domain to VPN-connected devices?

    Jump

  • 100%.Or set host file entries on each endpoint to resolve the mail.domain.com to your internal ip that's available only over vpn. Not going to be easy on mobiles.

    There is an assumption though that the mail server has an internal IP address wherever you are hosting. That might not be true. I would always put the public IP on the firewall and then NAT with specific port 25 in to the private IP of the server, but who knows what this particular OP has done.

    • XFS File-System Maintainer Stepping Down

    Jump

  • Yeah but veeam doesn't support fast block cloning which means you don't need to ever recopy blocks that don't change. From a performance point of view, fast block cloning gives incredible speed up so that in turn means more backups happen in a short time. That's pretty important even at our small business scale. I guess larger veeam service providers solve things differently.

    • XFS File-System Maintainer Stepping Down

    Jump

  • I'll give you one reason it's used commercially: Veeam can only use xfs or refs as a deduplication enabled store using fastclone. For example I have a 60 disk nas hosting hundreds of customer backups and a petabyte. Without deduplication imagine how many extra petabytes of storage would be consumed. Each backup is basically the same image as well as the backup processing time.

    Maybe they'll get that same feature on zfs one day.

    Unless you want me to use refs? But I have tried that, and I've lost a whole volume to iscsi volume mounted to windows and formatted refs due to corruption when a network power loss happened gradually and whatever reason, that network interruption caused the whole volume to be unmountable over iscsi ever again. I'm not keen to retry that.

    Xfs is pretty good with 60 disks, I wouldn't trust ext4 with that many but there's nothing factual about ext4 but a feeling.

    About to get a second 60 disk nas for another datacentre for the same setup as above to migrate away from Wasabi as offsite. Will build xfs again. Looking forward to it.

    • Why is Linux so frustrating for some people?

    Jump

  • My experience is the opposite but the same. I have been a sysadmin for 15 years in mostly Windows and Microsoft only. All my work tools are in Windows.

    I actually boot to Linux when I'm not supposed to work since otherwise I just have anxiety or dread and then I'll open teams, outlook, ncentral, prtg...

    Also why I enjoy my switch. Can't really do projects on it like I can on Linux, but I also am switched off from work.