Blog

Run PowerDNS on OpenBSD

I’m mostly happy with NSD as Authoritative Nameserver. But why not look over the fence and have a look at PowerDNS ? At least the API looks promising to me …

Install Package

doas pkg_add powerdns--

Create Folder, DB and set Permission

doas mkdir /var/db/pdns
doas sqlite3 /var/db/pdns/pdns.sql < /usr/local/share/doc/pdns/schema.sqlite3.sql
doas chown -R _powerdns:wheel /var/db/pdns/

Update Config File /etc/pdns/pdns.conf

# DB
gsqlite3-database=/var/db/pdns/pdns.sql
launch=gsqlite3
setuid=_powerdns

# Tuning & Protection
max-queue-length=5000
overload-queue-length=2500

# Webserver
webserver=yes
webserver-address=ip-of-your-nameserver
webserver-allow-from=127.0.0.1,::1,my-remote-ip-address

Enable and Start Service

doas rcctl enable pdns_server
doas rcctl restart pdns_server

Import Data from NSD

If you have an existing NSD Setup, you can easily import the zones into the sqlite db.

… or how to host a Dualstacked Public Website behind a IPv4 NAT Box without Reverse Proxy, Portforwarding and other ugly stuff …

inspired by the following Post, i started a little project and redesigned the connectifity for my Hamster’s Webserver :)

i wrote a mail to the guys from tetaneutral.net and asked them for the wireguard vpn service with public ipv4/ipv6 adresses for my server. as i didn’t get any feedback, i had to implement the “Server” on my own.

Bootstrapping Debian

a little helper how to generate a Debian Template. This time, it’s a VM Hosted on Vultr

New VM

1 CPU, 1GB RAM, 25GB Disk

upload debian-10.9.0-amd64-netinst.iso
boot from iso
install:      (text based)
lang:         english
country:      switzerland
locale:       US (en_US.UTF-8)
keymap:       Swiss German
nic:          ens3
hostname:     template-25G
domain:       your.domain.de
passwd:       xxxxxxxx
user:         firstname lastname / loginame
passwd:       xxxxxxxx
disk:         Guided - entire disk with LVM - (one partition | separate /home | separate /home, /var and /tmp)
              separate partition for large disks
              one partition for smaller disks
write:        yes
disk:         20GB (for guided partitioning), 5GB for Spare
write:        yes
another dvd:  no
mirror:       switzerland, debian.ethz.ch
survey:       no
software:     SSH Server, standard system utilities
grub:         yes, /dev/sda3

remove iso and reboot

login as user, su to root

mkdir /root/.ssh && chmod 600 /root/.ssh
echo "ssh-ed25519 AAAAxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" >> /root/.ssh/authorized_keys
chmod 600 /root/.ssh/authorized_keys

halt -p
-> snapshot template-debian-25G

sha256: 5b87992169bc05b44db33f9e79fa557f81844b871c8a7566d94b8bf11841ad32

Dog (echo dig |sed ’s/i/o/')

you know nslookup, dig, hosts, getenv and all the commans for the cli. but have you ever tried dog ?

Website: https://dns.lookup.dog/

and their Doku: https://dns.lookup.dog/dns-in-five-minutes

dog is an open-source DNS client for the command-line. It has colourful output, supports the DoT and DoH protocols, and can emit JSON.

Install Package

$ doas pkg_add dog

Examples

DNS over TLS

$ dog example.com --tls @dns.google

DNS Request over HTTPS

$ dog -H @https://dns.google/dns-query lookup.dog
A lookup.dog. 18m08s   51.159.26.255

Json Support

$ dog bsago.me --json | jq .responses[0].answers[0]
{
  "address": "138.68.117.94",
  "class": "IN",
  "name": "bsago.me.",
  "ttl": 7111,
  "type": "A"
}

Full Help File

$ dog --help
dog ● command-line DNS client

Usage:
  dog [OPTIONS] [--] <arguments>

Examples:
  dog example.net                          Query a domain using default settings
  dog example.net MX                       ...looking up MX records instead
  dog example.net MX @1.1.1.1              ...using a specific nameserver instead
  dog example.net MX @1.1.1.1 -T           ...using TCP rather than UDP
  dog -q example.net -t MX -n 1.1.1.1 -T   As above, but using explicit arguments

Query options:
  <arguments>              Human-readable host names, nameservers, types, or classes
  -q, --query=HOST         Host name or IP address to query
  -t, --type=TYPE          Type of the DNS record being queried (A, MX, NS...)
  -n, --nameserver=ADDR    Address of the nameserver to send packets to
  --class=CLASS            Network class of the DNS record being queried (IN, CH, HS)

Sending options:
  --edns=SETTING           Whether to OPT in to EDNS (disable, hide, show)
  --txid=NUMBER            Set the transaction ID to a specific value
  -Z=TWEAKS                Set uncommon protocol-level tweaks

Protocol options:
  -U, --udp                Use the DNS protocol over UDP
  -T, --tcp                Use the DNS protocol over TCP
  -S, --tls                Use the DNS-over-TLS protocol
  -H, --https              Use the DNS-over-HTTPS protocol

Output options:
  -1, --short              Short mode: display nothing but the first result
  -J, --json               Display the output as JSON
  --color, --colour=WHEN   When to colourise the output (always, automatic, never)
  --seconds                Do not format durations, display them as seconds
  --time                   Print how long the response took to arrive

Meta options:
  -?, --help               Print list of command-line options
  -v, --version            Print version information

Happy Dog !

OpenBSD 6.9 and PHP 8 is out … Why not give a try ?

list packages

what PHP Packages are available with Version 6.9 ?

root@host # pkg_info -Q php |grep '\-8'
php-8.0.3
php-apache-8.0.3
php-bz2-8.0.3
php-cgi-8.0.3
php-curl-8.0.3
php-dba-8.0.3
php-dbg-8.0.3
php-enchant-8.0.3
php-gd-8.0.3
php-gmp-8.0.3
php-imap-8.0.3
php-intl-8.0.3
php-ldap-8.0.3
php-mysqli-8.0.3
php-odbc-8.0.3
php-pcntl-8.0.3
php-pdo_dblib-8.0.3
php-pdo_mysql-8.0.3
php-pdo_odbc-8.0.3
php-pdo_pgsql-8.0.3
php-pdo_sqlite-8.0.3
php-pgsql-8.0.3
php-pspell-8.0.3
php-shmop-8.0.3
php-snmp-8.0.3
php-soap-8.0.3
php-sqlite3-8.0.3
php-tidy-8.0.3
php-xsl-8.0.3
php-zip-8.0.3

Install and Configure Nginx

add nginx, php8

add webserver, php8 and enable the services

OpenBSD 6.9 released

This is the 50th Release of OpenBSD ! As they release twice a Year, must be around 25y ago since the fork of NetBSD started. Wikipedia has got a Comparison of the Different BSD Operating Systems …

Upgrade to 6.9

i upgrade my systems twice every years. there is no need to reinstall as the upgrade works fine over year. please read the official upgrade guide carefully and then you may wanna use this script below. use it on your own risk and test it somewhere before you do this on your productive environment.

just trying a new feature for leaving comments … it’s selfhosted, done with isso and quite painfull to install :(

some people may like to provide feedback, ask questions, …

sha256: fed502f0a96744470fa42b910138efed8d462ce13a2f5329c61ad23fc133281e

as many of you, i’ve got different kind of stuff running, mostly internally, but also some public things.

Hamsterwheel Counter

my Daughter got a Hamster and he’s running every night in his Weel.. I built a small Wheel-Counter so we can see the Daily Stats an Performance of Cookie :). Website is in German and reachable via IPv6 only …

the Hamster died just before XMAS 2022 :( RIP Cookie !

Branches

some basic commands for branches. you can read Branch Basics and Branch Management for more details

create branch

you wanna develope a feature, fix a bug, test some stuff … you need a branch !

git checkout -b feature1

push upstream

if you have a central repo, push the feature upstream (so others can checkout as well)

git push --set-upstream origin feature1

show branch

you may have multiple branches, list them all. and update pager so list will not open in VIM !

i like to run honeypots … ok, to be honest, it’s not a honeypot. It’s a productive maschine for me, but all the bots trying to get in get’s redirected to a Honeypot, the credentials were captured and last but not least, you can watch them live in your browser :)

http://honeypot.nolink.ch

btw. 100k failed login attempts in 10 Day …

have fun !

sha256: 8ae49e2283f894d5ab59ec16309f4f1d4aa547c0fd90705f969bae0d20d3b6f2