Blocking pizzaseo querying clients

While I was updating some settings with my bind server on Ubuntu 20, I noticed a lot of queries for “”, which appears to be some kind of marketing company trying to scrape for data. On reading out in forums about it, apparently they’re looking for vulnerable pi-hole servers that are exposed to the internet. … Read more

Site-to-Site VPN Firewall Rules

When adjusting settings for a site-to-site VPN, don’t forget to update the firewall rules. Make sure the appropriate subnets for your networks are covered. In /etc/ufw/before.rules: # OpenVPN Rules *nat :POSTROUTING ACCEPT [0:0] # Allow traffic from OpenVPN client to ens32 -A POSTROUTING -s -o ens32 -j MASQUERADE -A POSTROUTING -s -o ens32 … Read more

To Set the Console Text to Green with a Blinking Block Cursor

For Ubuntu: Update /etc/default/grub and add the quoted text to whatever is already there. GRUB_CMDLINE_LINUX_DEFAULT=”consoleblank=0 vt.cur_default=6 vt.color=2″ This will also set it so the console never blanks; adjust “consoleblank” to your own tastes (in seconds). After updating, you need to run a command to commit the changes to the kernel at next boot: /usr/sbin/update-grub For … Read more

Getting DKIM working

I used these two sites to figure out how to get DKIM working: Install opendkim and opendkim-tools cd /etc/dkimkeys opendkim-genkey -t -s mail -d Edit /etc/opendkim.conf: Domain KeyFile /etc/dkimkeys/mail.private Selector mail Socket local:/var/spool/postfix/opendkim/opendkim.sock # Specify the list of keys KeyTable file:/etc/dkimkeys/keytable # Match keys and domains. To use regular expressions in … Read more

Setting up DNSSEC in bind9

Install the bind9 packages. Make sure it’s enabled in named.conf.options: dnssec-validation auto; dnssec-lookaside auto; # Need to look up what this one is Generate the keys (pick an appropriate algorithm; today (22 Mar 2021),ECDSAP384SHA384 seems to be the “ideal”): dnssec-keygen -a ECDSAP384SHA384 -b 4096 -n ZONE technomancer.comdnssec-keygen -f KSK -a ECDSAP384SHA384 -b 4096 -n ZONE … Read more