Apparently I have some issues with configuring DNS servers. So here is yet another DNS guide.

Generally when you find a guide to install DNS server, you point your server to some upstream DNS server owned by your ISP, or Cloudflare, or Google. But you don't have to. Root DNS servers are public, so is basically any name server in existance (well any nameserver for publicaly available websites (and quite a few private ones as well, but let's not allow that to distract us)). Unless you are on an awful connection, only downside is more requests. It can be slower (if you count microseconds) than using something like Cloudflare because they have a lot of DNS records cached, but if you go to something exotic, they have to find it as well, so if anything, might be even slower. But on the bright side you are not using Cloudflare.

And this doesn't really improve your privacy (neither does using Google or Cloudflare - if anything it's worse), standard DNS is just plain old UDP, your ISP sees all your trafic, so they can know all your DNS requests.

In modern times, not having https is not only dangerous, but inconvenient as well. Browsers will complain, some thing will just refuse to work without jumping through hoops.

So having a home lab or local setup almost dictates having a custom certificate. Which is a pain. You can create the whole thing in terminal with openssl, then you have to store it somewhere, keep track of it, renew it after a year (and probably figure it out again and deal with all the stuff that changed in last year). And the root certificate (or rather key) is one of the few things that are truly bad to have leaked, since someone with your root CA can forge almost anything.

To somewhat sort this, I'll show how to deploy HashiCorp Vault. It's not my favourite piece of software but it does help with keeping the whole Certificate Authority thing reasonable.

This is a simple one. The issue i was having is that i have custom domain for my home lab setup with .lan tld. Now if you write an address like example.lan into firefox address bar, it'll just go straight to your default search engine and search for the term.

Fixing it was surprisingly simple, you just need to add an option to about:config in firefox.

So all you need to do is:

• go to firefox config by typing about:config in address bar
• enter browser.fixup.domainsuffixwhitelist.lan (where the last part is your desired tld, .lan in my case)
• click the plus icon on the right side of the screen

And that's it, you should now no longer have to explicitly state http:// or https:// in front of your local address.

Sometimes you don't need (or want) some complex solution to simple problem like DNS. Therefore this one will be the simplified version of previous guide with bind as only element.

For this one you will again need podman. If you are (like me in this case) doing this on centOS or similar machine, getting podman is as simple as:

# dnf install podman

In this guide we will look into how to configure infrastructure monitoring using the Grafana. Besides grafana itself, we'll use prometheus for metrics aggregation, node_exporter for log collection, loki for log agregation and promtail for log collection.

For this one you will obviously need podman. If you are (like me in this case) doing this on centOS or similar machine, getting podman is as simple as:

# dnf install podman

Now that we have podman let's talk about what exactly we are doing. We want to achieve following:

• collect metrics from local and remote machines
• collect logs from local and remote machines
• display everything in pretty dashboards

For those who are not familiar, let's go through each component.

grafana is a web dashboard for visualizing data. It's most commonly used to visualize different metrics.

prometheus is a monitoring system with time series database and alerting capabilities.

node_exporter is one of many metrics exporters for prometheus, in this case exporting the metrics of node it's running on.

loki is a log aggregation system inspired by prometheus.

promtail is an agent to collect logs and send them to loki.

With all this out of our way, let's get started.