Enabling DNSSEC on Debian and Ubuntu (with systemd-resolved)

Posted by Jesse Johnson on 9 June 2019, 1:10 am

Using systemd-resolved opens up some options that may be easier to configure then in the past.

Enabling DNSSEC:

systemd-resolve –status
- look for “DNSSEC setting: no”
sudo mkdir -p /etc/systemd/resolved.conf.d
sudo nano /etc/systemd/resolved.conf.d/dnssec.conf
- enter:
  - [Resolve]
    DNSSEC=true
sudo systemctl restart systemd-resolved
systemd-resolve –status
- look for “DNSSEC setting: yes”

What DNS Servers is my Ubuntu system using?

Posted by Jesse Johnson on 9 June 2019, 12:33 am

It’s not so simple as “cat /etc/resolv.conf” anymore. DNS is now handled by systemd-resolved in Ubuntu and Debian and their derivatives. This is easy to spot if you do check resolv.conf and it contains “nameserver 127.0.0.53”. The correct command now is “systemd-resolve –status”.

Some Ubuntu 18.04 problems fixed today

Posted by Jesse Johnson on 13 February 2019, 8:00 pm

I’ve drafted but not published a long list of problems I’ve experienced with Ubuntu 18.04. In short it’s been one of the worst desktop releases of Ubuntu I’ve used. My experience on servers has been fine. Anyway I haven’t looked into the details of these patches but:

libwebkit2gtk-4.0-37:amd64 (2.22.6-0ubuntu0.18.04.1)
libjavascriptcoregtk-4.0-18:amd64 (2.22.6-0ubuntu0.18.04.1)

These package releases seem to have fixed some of my issues that have been present since May 2018. In particular Liferea has been broken on my desktop for that long. Better late than never I guess.

Shopping for a wired router

Posted by Jesse Johnson on 9 February 2019, 9:08 pm

I’ve often run a wired router at the front of my network (well immediately behind the modem). The only other topology has been a linux server at the front of the network. Then I like a network behind that where a wireless router can live. I keep my wireless router turned off when not in use, which is an uncommon setup it seems. Anyway, for 1 network I’m managing I’m considering replacing the linux system with a wired router. Wired routers are not super popular for SOHO uses as mos tpeople seem to prefer a wireless router to do everything. Because there is not a huge market options can be limited. Here are some products I’ve investigated.

Specs:
- 4 gigabit ethernet ports
- cost <= $100
TP-Link TL-R600VPN
- I’ve had good experiences with TP-Link wired routers in the past. However, this router is believed to be vulnerable to VPNFilter malware so that makes it too risky at this time.
- TPLink routers affected by VPNfilter malware?
Ubiquiti ER-X
- I’ve had no first-hand experiences with Ubuquiti products.
- POE passthrough support.
Cisco RV042G
Grandstream GS-GWN7000
Cisco RV130
Research
Networking Companies Country of Operation
- TP_Link – China
- MicroTik – Latvia
- Cisco – United States
- Ubiquiti – United States
- GrandStream – United States
- TrendNet – United States
Other Products
- TRENDnet TW100-S4W1CA – 10/100 only
- D-Link – no gigabit products in price range
- Netgear – no gigabit products in price range
- Linksys LRT214 – outside price range
Further research
- There are many more options above $100.

Even More Facebook Awfulness

Posted by Jesse Johnson on 15 November 2018, 3:54 am

Making the Internet Better (For Yourself)

Posted by Jesse Johnson on 14 November 2018, 3:50 am

Install uBlock Origin in all of your web browsers
Configure uBlock Origin in each of your web browsers
- enable Fanboy’s Social Blocking List
- add the following to “My filters”
  - disqus.com
    disquscdn.com
    instagram.com
    twitter.com
    facebook.com
Enjoy a better internet

Recent Talks I’ve watched

Posted by Jesse Johnson on 30 October 2018, 3:55 am

Securing NTP Servers

Posted by Jesse Johnson on 17 October 2018, 4:18 am

Rarely am I using ntpd to serve ntp information. It is more useful for clock-correction than a strict ntp/sntp client. Thus I don’t want the service listening on a wildcard address, even when there is certainly a firewall in place. I prefer the service to not be listening at all, or listening only to the loopback interface. Here is how to configure that in ntpd and chrony.