Showing posts with label dns. Show all posts
Showing posts with label dns. Show all posts

Pi-hole with LXD - Installation and Setup

Pi-hole is wrapper of your DNS server that block all advertisements and trackers. We're using it at our home network to block all those unnecessary bandwidth wasting contents. Setting up for any of your devices is quite straightforward, just make sure your router point to it as DNS server.

While there is a Docker image existed, we have installed it within a LXD container since we have a LXD host exists in our small homelab server, Kabini (more on this in coming posts).

First we setup the container based on Ubuntu 18.04.
$ lxc launch ubuntu:18.04 pihole
$ lxc list -c=ns4Pt
+--------+---------+----------------------+----------+------------+
|  NAME  |  STATE  |         IPV4         | PROFILES |    TYPE    |
+--------+---------+----------------------+----------+------------+
| pihole | RUNNING | 10.53.105.102 (eth0) | default  | PERSISTENT |
+--------+---------+----------------------+----------+------------+

Looking at the table above, notice that container created based on the default profile, the IP we obtained is within the 10.x.x.x range. What we need to do is to change to create a new profile which will enable the container accessible to other in the LAN network. Hence, we need to switch from bridge to macvlan.

The `eth0` network adapter links to your host's network adapter, which can have different naming. For example, `enp1s0` (LAN). However, you can't bridge a Wifi interface to ethernet interface as Wifi by default, only accept a single MAC address from a client.
$ lxc profile copy default macvlan
$ lxc profile device set macvlan eth0 parent enp1s0
$ lxc profile device set macvlan eth0 nictype macvlan

Stop the `pihole` container so we can switch the profile to `macvlan`.
$ lxc stop pihole
$ lxc profile apply pihole macvlan
Profiles macvlan applied to pihole
$ lxc start pihole
$ lxc list
$ lxc list -c=ns4Pt
+--------+---------+----------------------+----------+------------+
|  NAME  |  STATE  |         IPV4         | PROFILES |    TYPE    |
+--------+---------+----------------------+----------+------------+
| pihole | RUNNING | 192.168.0.108 (eth0) | macvlan  | PERSISTENT |
+--------+---------+----------------------+----------+------------+

Next, enter the container and install Pi-hole.
$ lxc exec pihole bash
[email protected]:~# curl -sSL https://install.pi-hole.net | bash

This Week I Learned 2018 - Week 23

Last week stuff or something from the archive.

We're half way through the year of 2018. Some new adjustment to my weekly blogging. Starting from this week, more question and answer style of writing.

Old school or just plain hipster? It seemed that the newly appointed important person does not or will not use a mobile phone. Interesting indeed.

What happened when the town beats the land in a sweep? It will get boring and expected, the usual classic rags to riches story line. We need more competition, super teams, and nemesis within the NBA league for the next coming seasons.

What happened when your stakeholders want to start a project that requires "seven red lines" ? Brutally honest or diplomatically tactful?

Does open office have a big impact towards deep work? And does it matters? The discussion in HN yields a few interesting points but the main question remains, why organization still insists on open office and expects deep work?

Is QBASIC a good beginner programming language? The sentiments in the HN members believed so, so do I. Simple (yes, even simpler than Python) and easy to get it up with a good TUI. For a modern equivalent, load81 is probably the closest thing.

Should you use your ISP's DNS server? Hell no. Switch to either Cloudflare's 1.1.1.1 or Google's 8.8.8.8. Not only you gain faster domain resolving speed, you also have privacy (debatable). When comes to implementing privacy in DNS, it seemed we have three protocols of DNSCrypt, DNS over TLS, and DNS over HTTPS.

Should you learn multiple programming languages or master one? Depends. Different people have different motivation, learning strategies, and priorities in life. Either one should works. Do what you love and love what you do.

How do you improve your writing skills? Measurement and volume. First, "you improve what you measure", a very metric-driven way of doing it. However, this may backfired as according to Goodhart's law, "When a measure becomes a target, it ceases to be a good measure.". Second, just write, deliberately, in fixed amounts of words. How? First, don't judge your works, forget grammar and spelling, just churn out words. The Emacs's typewriter mode is a good strategy.

When come to superheroes, how do you justify the existence a character without any special super powers? They have better soft skills and less ego than more powerful super heroes. Watch A critical component for a better visual answer. I almost chocked myself laughing non-stop while watching this, repeatedly.

How do we implement operator overloading in Perl? Use `overload` package. Example of good implementation is the `Data::Money` package.

This Week I Learned - 2017 Week 16

Last week post or the regular whole series.

Minor hiccups due to sleeping schedule messed up my daily routine. Nothing but readjustment to get back on track. Switching different way of monitoring your habits did not produced the result needed. Furthermore, you should unwind during the weekend. If you need to use the Internet, write down the items you want to research instead of impulsively googling. Maybe I should just switch to dumb phone, nothing but for calls and SMS, like the old days. But it may not be a feasible solution and impractical.

#1 My whole development life in a circle where I have to encounter XXX again in the current development works. There is a write up on the origins of XXX as FIXME (via HN). Reason that we use XXX is easily greppable comment prefixes.

#2 How to handle Perl class-level variables. Two ways. (1) Lexical variable scoped (via subroutine) and (2) package variable. Simple concept that took me a while to finally realize and understand it.
# (1)
my $foo = 123;
sub get_foo { $foo }

# (2)
our $fubb = 456;

On a related note, found a list of Perl modules related to testing. There is so many modules that I haven't try out yet. So many things to try out, yet so little time.

#3 How do you remove all files except one? Seems hard yet so simple, if you know and remember how it works. Only on a rare instance you will encounter this. Typically we just move the file to different folder and delete the source folder.
$ shopt -s extglob 
$ rm -- !(file.txt)

#6 "If you haven't experienced true solitude yet, go find some. It's pretty grounding." (via HN) It's not a man against the wild but rather a man seeking himself through the solitude of nature. It has been so long that we ever lie down and look up the sky and enjoy the stars?

#7 "Colour is in the eye of the beholder". Interesting that our vocabulary influences how we perceive colours. Himba people have interesting vocabulary for colours, for example zoozu (dark colours and black), vapa (light colours and white), borou (green with blue and purple), dumbu (beige with yellow and some light green), and serandu (red with orange and pink). You can read more on this presentation, The Development of Color Categories in Two Languages: a longitudinal study.

#8 If you're facing problem with Google Chrome whenever you're opening new page but it took a while to load while waiting for "Resolving host...". Clear the DNS cache in Chrome. Seems to resolve the lagging issue for me and making browsing experience bearable.

Error calling 'lxd forkstart......

In full details, the exact error message
error: Error calling 'lxd forkstart test-centos-6 /var/lib/lxd/containers /var/log/lxd/test-centos-6/lxc.conf': err='exit status 1'

Again, while rebooting my lapppy after two days, I encountered the above error message again while trying to start my container through LXD. Reading through the LXD issues reports, these are the typical steps to troubleshoot this issue. Note that I've installed the LXD through source code compilation as there are no RPM package available for Fedora 23.

First thing first, as the LXD was built through code compilation, hence it was started manually by running this command. The benefit of starting the LXD daemon this way is that it let you monitor all the debugging messages as shown below.
$ su -c 'lxd --group wheel --debug --verbose'

INFO[11-14|14:10:24] LXD is starting                          path=/var/lib/lxd
WARN[11-14|14:10:24] Per-container AppArmor profiles disabled because of lack of kernel support 
INFO[11-14|14:10:24] Default uid/gid map: 
INFO[11-14|14:10:24]  - u 0 100000 65536 
INFO[11-14|14:10:24]  - g 0 100000 65536 
INFO[11-14|14:10:24] Init                                     driver=storage/dir
INFO[11-14|14:10:24] Looking for existing certificates        cert=/var/lib/lxd/server.crt key=/var/lib/lxd/server.key
DBUG[11-14|14:10:24] Container load                           container=test-busybox
DBUG[11-14|14:10:24] Container load                           container=test-ubuntu-cloud
DBUG[11-14|14:10:24] Container load                           container=test-centos-7
INFO[11-14|14:10:24] LXD isn't socket activated 
INFO[11-14|14:10:24] REST API daemon: 
INFO[11-14|14:10:24]  - binding socket                        socket=/var/lib/lxd/unix.socket
......


The first step to troubleshoot is to ensure that the default bridge interface, lxcbr0, used by LXD is up and running.
$ ifconfig lxcbr0
lxcbr0: error fetching interface information: Device not found

Next, start the 'lxc-net' service that created this bridge interface. Check if our bridge interface is up.
$ sudo systemctl start lxc-net

$ ifconfig lxcbr0
lxcbr0: flags=4163  mtu 1500
        inet 10.0.3.1  netmask 255.255.255.0  broadcast 0.0.0.0
        inet6 fe80::fcd3:baff:fefd:5bd7  prefixlen 64  scopeid 0x20
        ether fe:7a:fa:dd:06:cd  txqueuelen 0  (Ethernet)
        RX packets 5241  bytes 301898 (294.8 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 7610  bytes 11032257 (10.5 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Next, check the status of the 'lxc-net' service. Why we need to do so? Remember that the 'lxc-net' service create a virtual switch where three things will be created. First, the bridge itself that links to an existing network interface connecting to the other world. Next, a DNS server which resolves domain name. And lastly, a DHCP server which assigns new IP address to the container. The DNS and DHCP services is provided by the Dnsmasq daemon.
$ sudo systemctl status lxc-net -l

● lxc-net.service - LXC network bridge setup
   Loaded: loaded (/usr/lib/systemd/system/lxc-net.service; enabled; vendor preset: disabled)
   Active: active (exited) since Sat 2015-11-14 16:13:24 MYT; 13s ago
  Process: 9807 ExecStop=/usr/libexec/lxc/lxc-net stop (code=exited, status=0/SUCCESS)
  Process: 9815 ExecStart=/usr/libexec/lxc/lxc-net start (code=exited, status=0/SUCCESS)
 Main PID: 9815 (code=exited, status=0/SUCCESS)
   Memory: 404.0K
      CPU: 46ms
   CGroup: /system.slice/lxc-net.service
           └─9856 dnsmasq -u nobody --strict-order --bind-interfaces --pid-file=/run/lxc/dnsmasq.pid --listen-address 10.0.3.1 --dhcp-range 10.0.3.2,10.0.3.254 --dhcp-lease-max=253 --dhcp-no-override --except-interface=lo --interface=lxcbr0 --dhcp-leasefile=/var/lib/misc/dnsmasq.lxcbr0.leases --dhcp-authoritative

Nov 14 16:13:24 localhost.localdomain dnsmasq[9856]: started, version 2.75 cachesize 150
Nov 14 16:13:24 localhost.localdomain dnsmasq[9856]: compile time options: IPv6 GNU-getopt DBus no-i18n IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth DNSSEC loop-detect inotify
Nov 14 16:13:24 localhost.localdomain dnsmasq-dhcp[9856]: DHCP, IP range 10.0.3.2 -- 10.0.3.254, lease time 1h
Nov 14 16:13:24 localhost.localdomain dnsmasq-dhcp[9856]: DHCP, sockets bound exclusively to interface lxcbr0
Nov 14 16:13:24 localhost.localdomain dnsmasq[9856]: reading /etc/resolv.conf
Nov 14 16:13:24 localhost.localdomain dnsmasq[9856]: using nameserver 192.168.1.1#53
Nov 14 16:13:24 localhost.localdomain dnsmasq[9856]: read /etc/hosts - 2 addresses
Nov 14 16:13:24 localhost.localdomain systemd[1]: Started LXC network bridge setup.

Expect more posts to come on using LXD in Fedora 23.

Dnsmasq For Local Development Site

Found via HN. I've used to edit /etc/hosts file and add local testing site manually and it never occurs to me to use Dnsmasq to redirect all URLs that ends with .dev to 127.0.0.1.

Setup steps for Ubuntu as follows:
$ sudo apt-get install dnsmasq
$ echo 'address=/dev/127.0.0.1' | sudo tee /etc/dnsmasq.d/localhost.dev
$ sudo sed -i '1inameserver 127.0.0.1' /etc/resolv.conf
$ sudo service dnsmasq restart
$ dig foobar.dev @127.0.0.1| grep IN
$ ping foobar.dev

Simple yet smart way to use Dnsmasq.