The assumption is that, now that there are no upstream DNS servers shown on Pi-Hole and I can still resolve all domains, that this is in fact working over HTTPS?

@travisdh1 said in DNS-over-HTTPS with Fedora based PiHole and Cloudflare:

dig @127.0.0.1 -p 5053 google.com

So I finally got around to setting this up but how do I test if my DNS queries are truly over HTTPS now?

Ubiquiti (Cameron Crum) just sent an email to dozens of people with an invite for an airMAX deployment at a client site where they entered everyone's name and email address in the CC field.

Unfortunately, there is no WTF category so Water Closet it is. I've removed the majority of the personal data they didn't manage to do themselves.

MOD Comment:
Likely the WC is the place to leave this - just add tags.

@jaredbusch said in Unifi Controller On Vultr Or Other:

@nashbrydges said in Unifi Controller On Vultr Or Other:

@jaredbusch said in Unifi Controller On Vultr Or Other:

Zero captive portals. But I have no idea why being on-site or off-site would affect that.

The reports I've read were related to the AP only talking back to the controller every 1 or 2 mins which caused delays in allowing new guest authorizations to connect to the internet. That's why I was hoping someone who has a remote controller with guest portal setup could confirm if they are also seeing this.

Do you realize how stupid this sounds? What AP manufacturer would have a guest portal that took 2 minutes to authenticate?

It does not work that way. Now with a huge AP network, yes, it will take time for all AP to see the authorization. But the AP they are connecting through will immediately let them connect.

You realize I said "connect to the internet" right? Of course the AP sees them right away but the response of the entire chain, from user first launching web browser to getting "agree ToS" to clicking "agree" to being allowed to access the internet has been reported to take, on the high side, up to 1 to 2 mins to allow internet access. These reports are only when a remotely hosted unifi controller is being used with captive portal. Some have resorted to moving the controller locally, using the cloud key, or simply living with it. Since I do not use a remote controller, I have no way of verifying but installing this for a client, seems like the logical thing to do to verify if people who use remote controllers are seeing the same issue. If not, awesome! Due dilligence is part of the job.

Thanks @JaredBusch

@jaredbusch said in Unifi Controller On Vultr Or Other:

Zero captive portals. But I have no idea why being on-site or off-site would affect that.

The reports I've read were related to the AP only talking back to the controller every 1 or 2 mins which caused delays in allowing new guest authorizations to connect to the internet. That's why I was hoping someone who has a remote controller with guest portal setup could confirm if they are also seeing this.

For those of you with a Unifi controller on a cloud server, what have you done to set it up securely? I found instructions on how to get the Let's Encrypt certs setup (I haven't tested yet) but wanted to know if there was anything else, other than Fail2ban, that you had done.

Also, if you're running a captive portal, I read a few threads on the UBNT forums that talked about the captive portal delays in authenticating. There isn't going to be any real authentication, just click to agree with ToS, but if it's going to take up to 1 - 2 mins to allow the device to proceed to the requested site, not sure I want the controller outside the network.

Here is the scenario I'm trying to accomplish.

• Hyper-V server running Sophos XG as a guest VM
• Sophos is assigned to 2 virtual switches - one for WAN and one for LAN

Without any VLANs, this has been working perfectly. Now that I want to setup multiple VLANs within Sophos (of course after having setup my Edgeswitch with appropriate VLAN settings and assigned to correct ports), devices connected to those ports do not get an assigned IP address from Sophos even though both the VLAN is setup and DHCP server setup in Sophos.

After a couple days of troubleshooting, I figured out the issue lies with the way my Hyper-V virtual switch is handling VLANs. I've come to this conclusion because when I create this same configuration on Sophos XG installed on baremetal, everything works beautifully and all devices are getting IP addresses in the range they should based on VLAN. However, when I do this with Sophos XG as a VM, IP addresses are no longer assigned (same exact config between baremetal Sophos and VM Sophos).

I've easily configured virtual switches in Hyper-V when they get a single VLAN but this needs to allow ANY VLAN that gets setup through Sophos. Likely I need to setup the virtual switch as a trunk port to allow all VLANs but fail to find information on how to do this.

I realize there may not be a lot of love in this community for Sophos but hoping someone has had the need to assign more than 1 VLAN to a Hyper-V virtual switch before that can point me in the right direction.

This isn't for production use but for my lab.

I've been using this for a few months now. Tested deleting an entire mailbox (small one for test) and was able to fully recover it. Love this product!

I've run the update process 3 times now, just to make sure it wasn't a fluke and after each update, the same updates keep showing up as ready to install. This seems to be happening on one single server running Win2012R2. Other than those 2 patches, it's fully updated. My Google-fu fails me. Anyone else seeing this with KB4099635 and KB4103725? I see log entries that show "Package KB4103725 was successfully changed to the Installed state." and no log event for KB4099635 but yet both reappear as available updates on next reboot. Even tried one at a time to see if that helped but nope.

This is the only thing I've found a year back or so. Never actually used it but could be worth a try.

https://www.ekahau.com/products/heatmapper/overview/

No issues at all. Perfectly smooth update.

@tim_g said in Random Thread - Anything Goes:

Lol the comments

If ever we needed evidence that the gene pool was in serious need of chlorine - there you have it!

@kelly said in Miscellaneous Tech News:

"Facebook has moved more than 1.5 billion users out of reach of European privacy law, despite a promise from Mark Zuckerberg to apply the “spirit” of the legislation globally."

https://www.theguardian.com/technology/2018/apr/19/facebook-moves-15bn-users-out-of-reach-of-new-european-privacy-law

I'm like totally shocked (said no one).

Another project to try out. Did you start with a minimal Fedora install? Any other requirements needed for this install to work?

@stacksofplates said in BookStack for IT Documentation:

Is anyone actually using this?

I've fully transitioned to this for the same reasons @JaredBusch did. Easier for users.

@black3dynamite said in Miscellaneous Tech News:

https://www.omgubuntu.co.uk/2018/04/enable-live-patch-kernel-updates-in-ubuntu-18-04

Wut?

Not clear about free use for Ubuntu servers though.

If you go Zimbra does that mean you're bringing email back in-house again?

@scottalanmiller said in Office 365 Email Gone After Forced Logoff:

Still on hold. "Experiencing longer than normal wait times"

That's code for "aw shit it's that guy again"

@brrabill said in Pi Hole:

Curious to those of you who used a cloud VM to install it on ... did you also install a SSL cert?

Yes. I set it up on Vultr and SSL for admin page. No proxy though.

@fuznutz04 said in Moving Away From Azure To Colo Server:

@nashbrydges

I'll be in the same boat too. I get some free credits for Azure as well, and I can honestly say that I have never once had an issue with it. However, once my free credits expire, the costs of the VM will be far too expensive to keep it there.

I use UptimeRobot to make sure sites are online and I was constantly getting notifications of failed pings. To the point that I took that VM off the list so I wouldn't start suffering from alert fatigue.