dns

Raspberry Pi OS version 12 (based on Debian 12 Bookworm) uses NetworkManager instead of dhcpcd for managing network connections, DNS resolution settings, DHCP, etc.

I've already mentioned using nmcli and nmtui for managing WiFi settings, but I ran into a strange issue after installing Docker on a fresh Raspberry Pi OS installation today. Suddenly DNS stopped working.

Trying to ping anything on the Internet gave me:

$ ping www.google.com
ping: www.google.com: Temporary failure in name resolution

As always, It was DNS. It was like DNS just gave up the ghost! Trying to change settings via nmtui seemed to not work (I tried DHCP for IPv4 with manual DNS, and that wasn't working).

Luckily, I found this post and followup comments mentioning the proper nmcli incantation to override DNS settings for an interface, so here it is (assuming built-in Ethernet):

After watching Level1Techs' THE FORBIDDEN ROUTER II - DIAL-UP BY DAWN video, I wanted to do some DNS benchmarking on my local network.

Since I run Pi-hole locally, and rely on it for local DNS resolution, I wanted to have a baseline so I could compare performance over time.

In the video, Wendell mentioned the use of Gibson's Windows-only DNS Benchmark tool. But that's Windows-only. Or maybe Linux under WINE, but definitely not a native / open source tool that's easily used across different platforms.

I looked around and settled on bulldohzer—for now, at least—as it's easy to install anywhere Node.js runs. I have Node.js installed via Homebrew on my Mac, so I just ran:

npm install --location=global bulldohzer

Then I could run a benchmark against Google and my own local DNS resolver (Pi-Hole):

Recently this website's been the target of malicious DDoS attacks.

But after accidentally leaking my home IP address in some network benchmarking clips in a recent YouTube video, the same attacker (I assume) decided to point the DDoS cannon at my home IP.

I have things relatively locked down here—more on homelab security coming soon!—but a DDoS isn't something most residential ISPs take too kindly. So it was time for me to recycle my home IP. Lucky for me, I don't pay for a static IP address. That makes home hosting more annoying sometimes, since I have to deal with tunnels and dynamic DNS, but it also means I can hop to a new IP address if one is under attack.

Getting a new IP address

At least with the DOCSIS 3.1 modem I'm using, the overall process is as follows:

I forgot to mention it on my blog, but my latest T-shirt design has been wildly popular... mostly because it's almost always true:

You can buy the 'It was DNS' T-shirt on RedShirtJeff.com.

Pi Hole is a nifty open source project that allows you to offload the task of blocking advertisements and annoying (and often malicious) trackers to a Raspberry Pi. The installation is deceptively simple (a curl | bash affair), but I wanted to document how I set up mine headless (just plugging the Pi into power and the network).

Set up Raspbian Lite

I bought a Raspberry Pi model 2 B along with the official Raspberry Pi foundation Case. Then I bought a Samsung Evo+ 32GB microSD card (which comes with a full-size SD card adapter), and did the following steps on my MacBook Pro to set up the Pi's OS:

There's one thing that most first-time server administrators have in common: they have to either learn a lot about how email and spam filters work, or they offload email delivery entirely to a third party.

The latter option is often the best option, since successful email delivery is a crazy complicated endeavor. I know, because I've worked on two separate medium-volume email delivery systems in the past (over 1,000,000 emails/month, to hundreds of thousands of recipients), and for both of them, I spent likely 1,000+ hours on email delivery problems.

But for many smaller sites, non-profits, and side projects, there's no budget for a reliable 3rd party email delivery service.

Recently, I was rebuilding a personal photo sharing website (just used for myself and my family and friends), and I decided to wipe the server clean and start over with an Ansible-based configuration that I could deploy locally and to any cloud environment. For email delivery, I decided to install Exim on top of a CentOS 7 minimal base image, and I used Drupal/PHP's mail functionality to pass messages to Exim.

I registered isthereamoduleforthat.com on 2010-08-19 for fun—but after three years, and little traffic (besides bots and the occasional Drupal user popping over from an old link), I'm shutting down the site, and will let my domain registration expire.

If someone is interested in the domain, let me know how you'd use it in the comments below, and I'll consider transferring it to you instead of letting it expire and a squatter taking over.

We use and recommend FeedBurner for RSS feed stats, podcasting, and the other helpful services it provides. However, one downside of redirecting your website's users to your FeedBurner feed is the fact that you have no control over FeedBurner's URL for your feed.

Say, for instance, you burned a feed at http://feeds.feedburner.com/midwesternmac. If, in a year or two, you need to change the shortcut, or you would like to switch back to your own feed, you can cancel your FeedBurner account, but FeedBurner will only give you 30 days during which they'll redirect their shortcut to your new feed address.

Unfortunately, a lot of people won't switch their feed reader to your new URL, and you'll be stuck with a bunch of subscribers who unwittingly abandoned your RSS feed. Additionally, any feed aggregation services like Catholic News Live won't be getting stories from your site anymore unless they manually update your URL, since there will be no redirect after 30 days.

Email is hard. In fact, it's so hard that I probably have five or so blog posts half-written on this blog that I've abandoned simply because I don't think I could distill them down into something worthy of posting (I like being able to explain things understandably or not at all!).

I don't think there's anyone involved in administering a domain name and email who hasn't gotten burned by SPF (TXT) records at least once. Here's a good overview of how to build a proper SPF record for your domain. SPF records are used by many (if not most) ISPs these days to evaluate whether an email is coming from a particular domain or not.

Email providers like Google, Apple, Hotmail, etc. will evaluate every email they receive against your domain name's (example.com) SPF record, and if the email didn't originate from the IP address specified, or doesn't match up to any other SPF parameters, the email will be silently deleted. And this will cause you to pull your hair out.

(This tip should also work similarly with Vista, Windows 7, etc.).

After browsing around a bunch of different forums, the MAMP site, and Parallels documentation, I was still flummoxed by Parallels' weird Shared Host networking behavior, which seemingly didn't allow me to access virtualhosts I set up with MAMP for developing sites locally.

After much experimentation, I found that the simplest way to be able to type in 'local.example.com' (or 'dev.example.com', if that's your style) in Internet Explorer on Windows, and get a virtual host running via MAMP on my Mac, is to do the following: