serverfault.com

Long post to explain the apparently complex issue with an extremely basic setup I'm attempting to build a basic DNS resolver using BIND and have been having all kinds of issues ten ways till Sunday. I'm not a *nix expert by any means, but I know my way around the general stuff and definitely not a DNS guru but understand the concepts. I've spent almost a week searching and troubleshooting, worked with the company (~50k users) DNS admin for hours and he's stumped as well which is why I'm here. I've tried to follow numerous guides from the ground up and they all end in roughly the same issues. For example: https://www.digitalocean.com/community/tutorials/how-to-configure-bind-as-a-caching-or-forwarding-dns-server-on-ubuntu-14-04 I've looked at a ton of posts on multiple forums and the suggestion

I tried to build setup on OpenWRT with VPN to VPN server in Cloud. OpenWRT works as a WiFi Repeater to the building's WiFi. VPN connection by itself is stable and working fine (confirmed via tcpdump on both ends). However, there seems to be an issue with routing. Note: To allow for experimentation while still maintaining general internet access, I am testing specific routing for 8.8.8.8 on OpenWRT. All other traffic by default goes through the building's WiFi to the public internet. The bold line in the diagram represents the actual (physical) route of packets when going through the VPN. Current Issue (Semi-working Setup): From the Client I able to ping OpenWRT (all three interfaces: br-lan, apcli0

I am fairly new to AWS, and almost as new to containerization. I am trying to build an ECS cluster that pulls the mysql:latest image from docker.io and my web site from my GitLab registry. Almost everything about my Task Configuration works and everything starts up. But one thing is amiss - my MySql instance, for some reason, seems to be not be processing incoming logins as I would have expected. I have the following environment variables configured: "environment" : [ {"name": "MYSQL_ROOT_HOST", "value" : "%"} ] and "secret": [ {"name": "MYSQL_ROOT_PASSWORD", "valueFrom" : "arn:reference:to:my:secret"} ] Everything starts up fine. I see the mysql logs at startup and nothing seems out of place. So I open up port 3306 on the firewall and try to connect with root to do the initial database creation and I get the message: Access d

Context: I have a multi-instance Prometheus stateful set running in my Kubernetes Cluster. I deployed Prometheus with the Thanos sidecar enabled in the HelmRelease managing my Prometheus install. I have also deployed Thanos Querier and Thanos Store Gateway. Thanos querier works as intended, providing a unified web interface that can query across both my prometheus instances and automatically handles deduplication of data. StoreGateway however only partially works. I have verified that some data is backed up to S3 via the sidecar and StoreGateway is able to successfully query all data that the sidecar backed up from the moment it was deployed. Problem: My prometheus instance was set up to retain 1yr of data but Thanos StoreGateway + Sidecar is only backing up data from the past couple months (from when the Thanos sidecar was installed). Should Thanos be backing up data from even before Thanos sidecar was installed?

Summary I want to proxy all outgoing tcp/udp traffic from a host (with marked packets as an exception). For convenience, I use gost (go simple tunnel) as a TPROXY. I can't use REDIRECT because I also want to proxy IPv6 traffic. What I've tried so far I've made a script: #!/usr/bin/env sh set +euo pipefail enqueue=100 bypass=10 table=100 tptcp=12345 tpudp=12346 main() { case "$1" in on) $ipt -t mangle -N TN $ipt -t mangle -A PREROUTING -p tcp -j TN $ipt -t mangle -A PREROUTING -p udp -j TN case "$ipt" in *6*) ;; *) $ipt -t mangle -A TN -d 127.0.0.0/8 -j RETURN $ipt -t mangle -A TN -d 255.255.255.255/32 -j RETURN $ipt -t mangle -A TN -d 192.168.0.0/16 -j RETURN ;; esac $ipt -t mangle -A TN -p tcp -j TPROXY --tproxy-mark $enqueue --on-port $tptcp $ipt -t mangle -A TN -p udp -j TPROXY --tproxy-mark $enqueue

I have a Windows 2012r2 environment, but we've recently updated many PC's to Windows 11. Our imaging provisioning script will not do everything I want it to, so I was wanting to deploy a User Logon script that will run several commands for every user at first logon. Windows 11 installs a bunch of stuff on initial login, things I want to disable, and there are user related registry entries (such as old context menu) that I'd like to be automatic upon logon of a new user. Here's the problem, it must be a user logon script because a computer startup script wouldn't make sense in this case since it has to run after user logon. Therefore, when I try to limit it using delegation it will not run the user settings. All the windows 11 workstations are in mixed in same OU's with windows 10 machines. I was trying to use WMI filtering, but could not figure it out. Any advice would be helpful.

I can't download Defender For Endpoint logs to local SIEM-Wazuh. I have set tenantId appId appSecret in the defeder_for_endpoint_alerts.py script generated earlier on the Microsoft side. The aforementioned defender_for_endpoint_alerts.py script returns the error: urllib.error.HTTPError: HTTP Error 403: Forbidden The token is generated and contains the following values: "aud": "https://api.securitycenter.microsoft.com", "roles": [ "Alert.Read.All" ], What could be causing this?

I have two frontend applications deployed in different aks cluster (Deployment, service, ingress). They had different subdomains until now but should now be hosted on the same one, e.g. example.com I know it would be easier if they're on the same cluster but for our dev environment every team has their own cluster. I want to write an ingress in cluster A which has path / which redirects traffic to the service in the same cluster (A) and path /user which redirects traffic to the service in the other cluster (B). What I tried for now is setup an internal load balancer in Cluster B. Created Peering between the different Vnets of the clusters and created a private DNS Zone with some RecordSets. Now I can access the service in the other cluster via http://user-service.example.internal. Now I want to write the ingres

This is in addition to the question asked here: GCP to AWS Hosted Zone migration I have exported the DNS records from GCP and imported them into AWS. I have retained the entries in GCP as well to ensure that any requests that reach GCP Clod DNS will still get resolved. I have updated my DNS registrar to point the NS records to AWS. However, after this change, some of our users are not able to access our servers. Many of our users are able to access the servers, but it fails for some of them. What could be the reason? a) Should I give any time gap after importing the records in AWS before I change the entries in the registrar? b) Is there a safe way to check whether the DNS propagation is complete? I had checked using https://www.whatsmydns.net/ and I could see that all nameservers across the world were able

I have setup a VM in hyper v with ws2025 and configured it as a DC with DNS. I configures the dns however if i run nslookup i get Server Unknown error. I can ping the domail.local. I pointed the DNS to itself (the ip of the DC). Please assist. I'm got my first project and setting up the physical server as file share thus want to run DC in a VM.