- 0 Posts
- 20 Comments
You need to include the files in the zone file. Bind 9.18.18 is a mess with the changed DNSSEC setup, it broke my domains as well. I’t isn the bind documentation, so I have to refer you there. I have no access to my setup now (or my browser history) as I’m not at my computer.
Edit: managed to get in dns.
named.conf.local: zonefile needa to be the .signed file the unsigned zone file must have both keys included, best is via absolute path:
$INCLUDE "/etc/bind/keys/example.com.123456.key"
for both the ZSK and KSK keys. The include is to get the RRSIG entries.
Thanks, it was already a mess to figure out without systemd ‘defaults’ barging trough my settings. Maybe I;ll keep my personal setup as it is and only let systemd dat the interface names of the 2 physical interfaces and have the dependencies of services linked to the virtual device states. As long as I can ditch NetworkManager at work I’m totally happy.
I’ll see what I can manage. Thanks for the pointers.
When I can manage simple ipv4 networking via networkd I’m already happy, as it means I can ditch NM again at work, that’s giving me a lot more headaches then a flapping SLAAC that I’m not dependent on. (already switched back to my super stable tunnel) The situation here is a setup with 2 ipv6 tunnels, 1 ipv6 SLAAC, source based routing and no default gateway in main routing table for ipv6. Everything runs via the ipv4 pppoe connection. (and a load of vlans both sides of my router to internet)
Replace a bunch of poorly integrated tools such as NetworkManager
You got me here… I’m now battling NetworkManager in scripting (alas, still no Ansible in place there, I doubt it’ll be long before I have implemented it), the thing just refuses any configuration via files. Time to dive into the networkd setup. I also hope I can get rid of the very unstable ppoe and wide-dhcpv6-client setup I have here now via ifupdown2 on Debian. The restart I like as well. Time for a deep dive I guess. On Debian NM never caught on, thank $preferredDdiety, but at work it’s a disaster.
If you apply what is written at https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/#cutthecraphowdoimakesurethatmyservicestartsafterthenetworkisreallyonline it will work.
Then I’ll need to do a global rewrite of all distrubution delivered service files and replace network.target with network-online.target. Then I don’t understand why maintainers all keep using network.target. For every service that needs some kund of netwirj active I alkready have iverrides to link then to the virtual or physical interfaces they actually use.
Systemd-networkd has a learning curve, once you learn it you’ll find it superior and more flexible than anything else.
I still find it a solution desperately looking for a problem to solve. Yes, you can control loads of dependencies, but you could already do that with the init scripts. The main selling point on introduction was ‘it is faster’. Why would you want something faster when you use it once every kernel update? When you design your solutions correctly (redundant), you won’t even notice a reboot of 1 system in the setup.
I’m using ifupdown2 and have services depending on the state of virtual network devices (BindsTo=sys-devices-virtual-net-.device).
I hate systemd with a passion, as the refuses to wait for networking when you haven some service specified to be started After networking, but it start when the start of networking actions has sbeen tarted (not after networking is finished bringing up everything)
The only think I let systemd do is monitor the state of the devices and set the interface name, as udev seems to mess these names up in combination with systemd (and there is to much depending on systemd now in Debian to get rid of the junk)
- As already stated, yes, you’ll make life harder, as most (probably all) instances run on Linux. More help there.
- Bind is the reference implementation of dns, powerdns is easy as well.
With bind you can setup an internal zone on a 2nd instance so you can test before changing the external zone to point to your instances. It’s a tad extra work, but you can mess around without bothering others.
It’s not easy, but there are loads of examples online. (And once you’ve gotten used to the commandline way of administering, it’s not hard)
Depends on how attached you are on your data, if you have a backup, if you can do without the data created between backup cycles and how long you can wait for the restore to finish.
Everything will fail. For me, everything on single disk is expendable or backupped and can be done without when I loose a day/week of data. Everything else is on raid 1 (hdd) and in a backup schedule (external hdd).
Depends on what you want to do and how technical you are.
Main advantage of hosting on your own hardware from home are cost and ease of access. Main drawback is that you need to give acces to your home network when you want to provide services. When you know what you do and your connection is fast enough, that isn’t a problem.
The main advantage of a VPS, which you rent instead of buy, is the flexibility and keeping security threats out of your home network. You can activate one for the service you like to provide, keep it alive until you don’t need it and have it detstroyed. Security issues may exist, but they are out of your home network. In the long run they are more expensive.
You can also combine both, host some services locally (RPi or a nuc) and some remote on a vps.
Here I run several personal websites local, but the DNS of my domains, incoming email and business websites are hosted on a set of VPS’es (set as you need 2 for dns). All websites are static, no management software what so ever, as most are (huge) security risks. For email I use the main VPS as 1st line of defence. Spam and virus scanning is done there.
I could use my RPis to do all locally, but I prefer to have DNS and email externally. Also, my only surviving client would be leaving when I run everything from home. (He’s basically paying for the servers, I just keep them running, pay for them and send the bill ;) )
When just ‘messing around’ a VPS is advisable, as you can trow it away and try again when you mess up. ;)
I’m glad I don’t need computing power then. It just runs a webserver, 2 databases, mail environment, puppet master, icr client and some random stuff I just start and forget.
It does the trick here and it and it’s predecessor Rpi3 and 2 managed, are quiet and enough for here. Both 3s boot from microsd and run from USB SSD for the OS, data is on nas. All are stock, no extentions, apart from an extra USB nic on my firewall. (Somehow having 2 different physical interfaces sounded preferable to me for a firewall)
The old 3s are now interface for my smart meter and a domoticz system.
BTW I see the Thinkcenter you mention for €250 online, My RPi4 cost me as kit €108 (8GB version). That was before all prizes went trough the roof though, as I see the separate board now for €125.
My RPi4s and 3s will out perform my older laptops, apart from the just retired P50 (gpu nearly died). That one is 6y, the others are 11y old HPs and a 16y 32 bit Xxodd (wierd brand). tje RPis are sufficient for normal server use, the nwew laptop (last gen i9 with 64G mem) can host (nested) kvm clients, so no need for extra hardware. (And still I save them, just in case ;) )
At home, nagios, at work colleagues. (I finally escaped the admin rat race)