draft-ietf-dnsop-please-stop-overloading-the-PDNS-acronym

/me playing with #Grafana and #VictoriaMetrics to keep an eye at what happens to my #PowerDNS #dnsdist VPS hosted at #OpenBSD_Amsterdam. All those running on a mix of #OpenBSD and #OmniOS resources.

I have weird connectivity and DNSSEC issues with my remote #unbound instance. So I’m gonna switch to using #PowerDNS for a moment, to see if this still happens. Fortunately, both work on #OpenBSD

… So, this happened.
Created a new Razor WebApp, and migrated all of my previous codebase into it.
Have to figure out what I want now …

Some #WebDev here who wants to help me build a #Vue admin interface for #PowerDNS?

Dear Fediverse,

PowerDNS-Admin appears to be deprecated in favour of pda-next which hasn't seen any work in nigh on a year. NixOS is keeping it limping along; but there're more and more cracks appearing.

Does anyone have a recommendation for an alternative web interface for administering PowerDNS ?

Any #selfhosted folks using #powerdns for #dns? I use PowerDNS-Admin but about t a year ago the maintainer basically announced it's EoL and will someday be replaced. I'm looking for a replacement web-based GUI for it. Anyone got suggestions from their #homelab for #selfhosting a web GUI for DNS?

@jpmens https://github.com/akquinet/powerdns-api-proxy #dns #powerdns

I have spent 2 days figuring out how to run PowerDNS as an authorative DNS server for my domains.

In that period I have learned a lot about Docker, docker compose, postgresql, nsedit, dnsdist, git,Gitea and probably a lot more smaller things.

The system is running, I have migrated two domains to it.

Next steps are figuring out how to properly configure SOA records, and how to do dnssec.

The learning never stops.

When I attempted a database schema upgrade, required for upgrading an old #PowerDNS installation, I ran into a #MySQL error, related to the utf8 charset.

Turns out that PowerDNS added latin1 enforced encoding on the tables - after our initial installation

https://www.claudiokuenzler.com/blog/1447/powerdns-database-schema-upgrade-error-1074-column-length-too-big

As I'm currently in the midst of upgrading a #PowerDNS cluster, I came across a replication error between the Primary and the Secondary #DNS servers.

This turned out to be a quick fix, as it was caused by #MySQL being upgraded (and therefore restarted). PowerDNS lost the database connection and did not re-establish the connection itself.

https://www.claudiokuenzler.com/blog/1443/powerdns-replication-error-tcp-nameserver-backend-gsqlbackend-unable-to-lookup

In the life of the sysadmin...

1. Notice that #opnsense #dhcpv6 doesn't register dynamic leases in #DNS, only static ones.

2. Figure out you can set up your own DNS server and have it register them for you

3. Learn about #powerdns, be absolutely amazed by it

4. Set everything up, cursing frequently while doing so

5. Getting it all to work, marvel at it's beauty

6. Decide to just stick with static leases since there's too much that could break and while I do have documentation, I don't want to deal with it

7. Tear everything down again.

This morning, right after bringing online the new reverse proxy for BSD Cafe's media, based on OpenBSD, I encountered some strange errors. PowerDNS frequently flagged it as down, which was quite frustrating. So, I disabled it while I figured things out.

Shortly after, the entire VPS became unreachable, and the provider informed me of an issue with the physical node, causing connectivity instability.

Turns out, PowerDNS was right. So, I can say: "It was the DNS." But in a positive sense.

Friends of the #BSDCafe and of the #Fediverse,
initially, for just over a year, BSD Cafe's media was stored in a FreeBSD physical server jail with an outgoing bandwidth of 250 Mbit/sec. To address bandwidth congestion, I had integrated Cloudflare with a tunnel, serving media (and only media) through Cloudflare.

In line with the principles of self-hosting and data ownership, I’ve decided to remove Cloudflare. This has led to some bandwidth congestion when media was posted and slower download speeds for users, particularly during peak times. This is because as soon as content is published and federated servers are notified, they will rush (depending on how full their queues are) to download the newly published content - media included.

I’ve now revised the setup (currently in beta) by moving DNS management to two personal nameservers run with PowerDNS. The media server remains the same, but I’ve added two reverse proxies, one in the USA and one in Germany (the media server is in Poland). They're connected to the Media server via WireGuard.
I’ve installed the excellent Varnish and created a custom VCL. Media requests will be directed by the PowerDNS LUA scripts to the caller's closest reverse proxy. Nginx will pass requests to Varnish, which will serve data from the cache if available. If not, it will fetch from the original server, but request volume has decreased significantly.

I’m analyzing the results, and they look very promising. I may expand this home-made CDN by adding more VPSs, potentially closer to Asia and Oceania.

A detailed blog post will follow.

Stay tuned!

Friends of the #BSDCafe and of the #Fediverse,
initially, for just over a year, BSD Cafe's media was stored in a FreeBSD physical server jail with an outgoing bandwidth of 250 Mbit/sec. To address bandwidth congestion, I had integrated Cloudflare with a tunnel, serving media (and only media) through Cloudflare.

In line with the principles of self-hosting and data ownership, I’ve decided to remove Cloudflare. This has led to some bandwidth congestion when media was posted and slower download speeds for users, particularly during peak times. This is because as soon as content is published and federated servers are notified, they will rush (depending on how full their queues are) to download the newly published content - media included.

I’ve now revised the setup (currently in beta) by moving DNS management to two personal nameservers run with PowerDNS. The media server remains the same, but I’ve added two reverse proxies, one in the USA and one in Germany (the media server is in Poland). They're connected to the Media server via WireGuard.
I’ve installed the excellent Varnish and created a custom VCL. Media requests will be directed by the PowerDNS LUA scripts to the caller's closest reverse proxy. Nginx will pass requests to Varnish, which will serve data from the cache if available. If not, it will fetch from the original server, but request volume has decreased significantly.

I’m analyzing the results, and they look very promising. I may expand this home-made CDN by adding more VPSs, potentially closer to Asia and Oceania.

A detailed blog post will follow.

Stay tuned!

All #selfhosting people here in the Fediverse:

If you self-host your DNS, what software do you use? Especially folks, who use things like DNSSEC.

I am using #bind with a hidden master and two authoritative DNS servers in offsite data centers for almost 20 years and consider migrating to something more modern (Maybe PowerDNS?!)

Any opinions? Using a cloud service where a third party has control over my zones isn't an acceptable option.

#Linux #Maintanance #Sunday

- Patched all #Debian based systems and rebooted machines
- Updated personal #Nextcloud instance to v29.0.0
- Updated #Roundcubemail to v1.6.6
- Updated #Piwigo to v14.4.0
- Updated #Forgejo to v.7.0.2
- Updated many containers to new versions
- Disabled some old services that are not in use anymore

To-Do (Not this weekend):
- Migrate my DNS servers from #Bind to #PowerDNS
- Implement CrowdSec for added security
- Automate more tasks with #Ansible
- Get my new blog/docsite with #Jekyll up and running