1·
1 day agoDo tcpdump host $server instead. Otherwise you will only see the request (the response goes to a different port).
- 0 Posts
- 8 Comments
Joined 3 days ago
Cake day: February 5th, 2025
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
Just to be sure you do
dig A @server $domain(with the “A”) and can confirm the followingSERVER is your server
;; ANSWER SECTION is empty (or doesn’t exist)
;; AUTHORITY SECTION mentions your local DNS server
Also check
dig NS @server $domainIs your server in the answer section?
1·1 day agoMine doesn’t seem to exist anymore sorry.
Here is how I would diagnose (I’m assuming you have Linux / WSL on a client)
- Check the DNS record is actually set (yes do it again)
- Do these steps on the client:
dig $domaincheck which server answereddig a $domainshould give a recorddig a $domain @serverto make sure you’re querying the right server
If none work, probably network issue (DNS boind to wrong IP, firewall, etc)
If 3 and 5 work but 4 doesn’t, your DNS isn’t authorative.
If only 5 works DNS settings on the client is wrong.
If you assume everything is compromised, there is no safety. You have to trust something at some point.
Usually, speaking from a professional IT perspective, people trust encryption. Once you do that, it does not matter how safe or unsafe the place where you store your data is.
AES, the encryption standard used by pretty much everything, is safe. It has not been weakened in any meaningful way since its inception and is also quantum - safe.
You could use for example openssl or Veracrypt or even just 7zip to encrypt it. If you don’t trust these tools, encrypt it twice with two different ones, just put a txt file next to it with the exact steps to decrypt, because you will forget in which order you have done things.
Personally I have a homeserver that is encrypted at rest and then it uses restic to store encrypted backups in the cloud.
Ultrasonic cleaner! Really awesome for glasses, jewelry, all kinds of small stuff. I fill it with isopropanol solution and clean my phone case in it.
2·3 days agoThank you, I deleted my post so as to not share false info.
deleted by creator
Seems weird to me, the router would need to do deep packet inspection of DNS and selectively block specific ones. It feels more like you’ve set up your DNS to do forwarding instead of resolution. Can you post a network diagram and the DNS config?