API and a script

@strongbad
What I found and read -though short- implied the person is making things up out of total misunderstanding.

I’d have them provide examples

@flaxking said in SAMIT: The Three Components of Web Hosting:

@scottalanmiller said in SAMIT: The Three Components of Web Hosting:

@flaxking said in SAMIT: The Three Components of Web Hosting:

I'm liking these non-IT technician focused videos.

Thanks! I'm hoping to broaden the audience and make tools that IT staff can either use directly by sharing with management or learn from on how to present to management.

Far too often IT is pressured to make business decisions that other business stakeholders should be involved in.

And vice versa, tons of times untrained people with no IT insight or knowledge make all the critical IT decisions and just have the staff classified as IT deal with the mistakes rather than avoiding them.

@marcinozga said in Do you add CAA records to your DNS records?:

Yes, but word of caution. If you get certs from multiple different providers, don't forget to add records for all of them. Otherwise getting certs will fail, and it's almost impossible to troubleshoot.

Yes, like this.
caae902b-b24b-46a0-9102-6267aa67770a-image.png

@Dashrender said in DNS Filtering with Ties to Google Groups:

the browser will use the system DNS if that DNS support DNS over HTTPS....

How can the browser know what the DNs mechanism is? DO you mean the browser will try a local DNS over HTTPS first? That I can see.

@wscsuperfan said in Hosted DNS questions:

@JaredBusch said in Hosted DNS questions:

@scottalanmiller said in Hosted DNS questions:

@travisdh1 said in Hosted DNS questions:

CF also have certs available to encrypt the traffic between your server and CF, I think they're even free.

They are free.

And I have a guide on here on how to use one

Sweet.....I'll go look for it. Thanks

https://www.mangolassi.it/tags/origin certificate

@gjacobse said in pi-Hole: Client and Recursive DNS:

And since i'm running this now, I get a notification on recursive DNS -

Yup, just ignore them.

@Texkonc said in Internet outage:

@JaredBusch said in Internet outage:

@PhlipElder said in Internet outage:

@JaredBusch said in Internet outage:

@PhlipElder said in Internet outage:

https://www.cloudflarestatus.com/incidents/46z55mdhg0t5

Hmmm ... this from a little over a year ago.

Same "problem".

Routing is not magic. Errors happen.

That may be so, but the expectation is that the same errors would not happen over and over again.

FFS It is not the same. Are you stupid?

Jesus, calm down. No one pissed in your corn flakes...

No kidding. Don't go all Boomtown Rats on me. 😛

@dbeato said in Patch all your Windows DNS servers - CVE-2020-1350 - CVSS score of 10:

@pmoncho said in Patch all your Windows DNS servers - CVE-2020-1350 - CVSS score of 10:

Just wondering - Is anyone seeing a patch for 2019 with a reference to the KB article?
Checked yesterday, last night and this morning. No update that I can see.

Currently performing the workaround.

c46cc947-cad4-4bfc-877c-dbd1c1ddfd16-image.png

https://www.catalog.update.microsoft.com/Search.aspx?q=KB4558998

Thanks. Forgot about the update catalog.

@Dashrender said in Windows Domain routing question - dual-nic:

Though - if you have a second layer network like this, you'll need to inform your external router on the internal networks and how to route them.

Routing to the internet is mostly just a nice to have.

Pretty cool. I’ll have to try it and see how it goes.

I’ve been using Unbound for several years running on a Raspberry Pi and using a custom black list. Love not having to run ad blockers on each computer browser since it’s all taken care of with Unbound.

@teece I haven't seen that happened ever, no other transport rules modified the DKIM at all.

Thanks for adding more technical content!

@scottalanmiller said in What's the status on DMARC?:

@JaredBusch said in What's the status on DMARC?:

That image is a stander O365 box that only takes a few clicks to setup. How have you not seen that?

Very few customers using O365 and none using that feature, I'd imagine. How does it display to people not on O365?

We see something else from all kinds of users all different systems all over.

A lot of SPam Filtering systems do have that option as well. A lot of medical and financial businesses enable this.

@Grey said in Private DNS architecture?:

@Pete-S said in Private DNS architecture?:

@Grey said in Private DNS architecture?:

This all sounds very complicated. Why not use the DNS and DHCP at your datacenter and turn off all the others, and then give the routers an ip helper address config? Does your network hardware not support that?

@Grey It may very well be too complicated. At the same time it has to be fast, robust and the parts have to be able to work independently if a VPN link goes down.

Ok, cut the line to the internet. Can they still function? What doesn't work? What gets cached at your app server? How much data is transferred when the line returns?
How much actual resilience does the business need vs what they can sustain, and what's the risk? Has anyone answered these questions before?

The diagram is a simplified. It's only internal company traffic that goes over the VPN in the drawing. The data centers also serves other clients that are not connected over VPN. That actually their primary job - they are serving customers, not just internal workloads.

When it comes to resilience and risk, it's the data centers that have to be up and running. So they have redundant everything. The rest is just ordinary SMB stuff.

PS. Also in the data center we are doing HA in the application layer and not the hypervisor layer. So having two DNS servers made sense to me since that will be natural HA in the application layer.

I find it to not be of concern. I would never have it happen, because it's a bizarre and problematic way to handle internal DNS. But anyone who can exploit private IP mapping can figure it out without DNS in the first place. So I see no reason to want to hide it.

With Appflow you need to make sure you have authentication enabled for the users so it tracks per user. The Data Collection is for sure nice but it is only the top sites and no much information.
https://www.sonicwall.com/support/knowledge-base/help-with-user-level-authentication-settings-like-local-users-ldap-radius/170503274714653/

https://www.sonicwall.com/support/knowledge-base/configuring-app-flow-monitor-to-view-real-time-incoming-and-outgoing-network-data/170505632951042/

https://www.sonicwall.com/support/knowledge-base/how-can-i-track-which-users-or-ip-addresses-are-accessing-a-certain-website-using-appflow/170505832815323/

https://www.sonicwall.com/support/knowledge-base/how-can-i-collect-traffic-details-by-ip-address-on-the-firewall-through-log-reports-and-appflow/170503950787011/

@Pete-S said in How does name resolution work in AD?:

@Dashrender said in How does name resolution work in AD?:

@scottalanmiller said in How does name resolution work in AD?:

@Pete-S said in How does name resolution work in AD?:

I was wondering how it works because we see a problem where a couple of Win 10 clients can resolve all the internal Windows servers names, but not the statically assigned names of linux servers.

I thought if the name resolution works over different mechanisms and uses different ports it could be an firewall or L3 switch somewhere that has been misconfigured.

This is common in situations where Linux is not given an opportunity to auto-update the DNS entries, no one makes them manually, and they are not joined to AD.

Exactly - have you or anyone else added these servers to AD's DNS?

They have been added manually. The name of the service is also not the name as the server. So if a webserver is abc001.company.com the name in the DNS that will send you to that server might be logistics.company.com.

if you're being sent to logistics, that's the entry that must be in DNS.. you can have as many entries as are needed for a single server.
each name is it's own entry.

Turns out that there was a wildcard A record in DomainA2.com