In the previous post, FreeBSD: WireGuard VPN, Linux peer and routing between networks, we set up a VPN to connect two networks – my office and home – and everything is working perfectly. However, currently, to connect to any host in the networks, you have to specify an IP address. Of course, you could manually… Read More »
Private Hosted Zone in AWS Route53 allows to limit access to DNS records of a domain, thus making it inaccessible for the DNS Enumeration (or DNS brute-force), when an attacker checks for available records in a domain to know endpoints list to check them for vulnerabilities. For such attacks, there is a lot of utilities… Read More »
In our Deployments, we are using the NodeLocal DNS as a local DNS cache to reduce requests number to the AWS VPC DNS, see the Kubernetes: load-testing and high-load tuning – problems and solutions for details. Currently, a manifest looks like the next: … dnsPolicy: “None” dnsConfig: nameservers: – 169.254.20.10 … The problem is, that… Read More »
We’d like to have the ability to add a DNS-record on the AWS Route53 when a Kubernetes Ingress resource is deployed and point this record to the URL of an AWS Load Balancer which is created by the ALB Ingress controller. To achieve this, the ExternalDNS can be used which will make API-requests to the… Read More »
Actually, this post was planned as a short note about using NodeAffinity for Kubernetes Pod: But then, as often happens, after starting writing about one thing, I faced another, and then another one, and as a result – I made this long-read post about Kubernetes load-testing. So, I’ve started about NodeAffinity, but then wondered how… Read More »
The last time I configured Loki for logs collecting and monitoring was in February 2019 – almost a year ago, see the Grafana Labs: Loki – logs collecting and monitoring system post, when Loki was in its Beta state. Now we faced with outgoing traffic issues in our Production environments and can’t find who guilty for… Read More »
We are using AWS VPC DNS and sometimes facing with errors like “php_network_getaddresses: getaddrinfo failed: Temporary failure in name resolution“. The only advice from AWS tech. support was to configure a local dnsmasq service to act as a local DNS cache, but I did this already year ago and this issue happens once in 1-2-3… Read More »
In addition to the OpenVPN: SSL and hostname configuration post about OpenVPN Access Server, set up and configuration. So, three months passed and it’s time to renew Let’s Encrypt SSL certificate (see. Prometheus: Alertmanager и blackbox-exporter — проверка срока действия SSL и нотификация в Slack, Rus). I could use a well-know for me scheme with… Read More »
We have a VPC with OpenVPN Access Server running. This VPC is connected with other VPCs in our AWS account. The issue is that currently when a user is connected to VPN for the DNS resolution into EC2 instances private IPswe are using dnsmasq service on the VPN-host which has a /etc/dnsmasq.hosts file where are manually… Read More »
On an Arch Linux setup – local resolv.conf not updated after connection to OpenVPN AS. As far as I know – the problem is specific to Arch Linux and its “child’s” like Manjaro Linux installations. Local openvpn installed via pacman – see the OpenVPN: OpenVPN Access Server set up and AWS VPC peering configuration post for… Read More »