Overcomplicated homelab DNS configuration

 Published on Monday, 01 February, 2021

In this guide we will look into how to configure an overcomplicated DNS setup using pihole, bind and cloudflared, running inside a podman pod. For this one you will obviously need podman. If you are (like me in this case) doing this on centOS or Red Hat machine, getting podman is as simple as: 

# dnf install podman
If you are on some other distro, it shouldn't be that complicated.

Now that we have podman let's talk about what exactly we are doing. We want to achieve following:

  • custom domain(s) for home lab
  • DNS over HTTPS to cloudflare
  • DNS blackhole with pihole

For those who are not familiar, let's go through each component.

pihole is a dns blackhole, it has lists of malicious and/or unwanted addresses and discards them. You can find it at pihole.net and consider it a network wide AD blocker. It also has a web interface that you can use for configuration and tracking of dns queries.

bind is a nameserver. It's probably most common nameserver in the world, it has many features and it's able to run ISP sized DNS servers. In this case we will just use it to provide a local domain. Speaking of domain, you need to decide what you will use, in this example i'll just use domain.tld.

Cloudflare is a company that provides internet services related to security and performance. Similar to googles 8.8.8.8 dns, cloudflare provides their own dns server at 1.1.1.1. Since cloudflare is not an AD revenue driven corporation, I prefer them over google. cloudflared is a daemon that forwards UDP dns requests over HTTPS to cloudflare.

So the path of request will be as follows: 

origin -> bind -> pihole -> cloudflared -> cloudflare

continue reading...

Adding geoip2 to NGINX

 Published on Sunday, 31 January, 2021

The following guide will help with setting up GeoIP2 database and logging locations of source IP addresses in NGINX access log. The guide is for debian, but should be simple to adopt for other distributions.

To start, we need some packages, the packages are available in bullseye repo: 

# apt update
# apt install libnginx-mod-http-geoip2
We also need the GeoIP database. You can download one for free at maxmind website. You need to create an account and create API key. The files can be downloaded from their webpage, but if you have the API key you can use the following links: 
https://dev.maxmind.com/geoip/geoip2/geolite2/GeoLite2-Country&license_key=GEOIP2_API_KEY&suffix=tar.gz
https://dev.maxmind.com/geoip/geoip2/geolite2/GeoLite2-City&license_key=GEOIP2_API_KEY&suffix=tar.gz
Once you have those extract them and place the .mmdb files into /etc/nginx/geoip folder: 
# ls /etc/nginx/geoip/
GeoLite2-City.mmdb  GeoLite2-Country.mmdb

continue reading...

Newer
Older

Articles: