Blocking pizzaseo querying clients

While I was updating some settings with my bind server on Ubuntu 20, I noticed a lot of queries for “pizzaseo.com”, which appears to be some kind of marketing company trying to scrape for data. On reading out in forums about it, apparently they’re looking for vulnerable pi-hole servers that are exposed to the internet. … Read more

Site-to-Site VPN From Linux to UDM Pro (work in progress)

Finding good documents on how to set up a site-to-site VPN with a Ubiquiti UDM to a non-Ubiquiti node (i.e. linux) has been a challenge. The documents on Ubiquiti’s site are laughably incomplete (and generally way out of date). So I am working through each of the steps and trying to shoe horn in a … Read more

Getting DKIM working

I used these two sites to figure out how to get DKIM working: https://wiki.debian.org/opendkim https://www.linuxbabe.com/mail-server/setting-up-dkim-and-spf Install opendkim and opendkim-tools cd /etc/dkimkeys opendkim-genkey -t -s mail -d technomancer.com Edit /etc/opendkim.conf: Domain technomancer.com KeyFile /etc/dkimkeys/mail.private Selector mail Socket local:/var/spool/postfix/opendkim/opendkim.sock # Specify the list of keys KeyTable file:/etc/dkimkeys/keytable # Match keys and domains. To use regular expressions in … Read more

Setting up DNSSEC in bind9

Install the bind9 packages. Make sure it’s enabled in named.conf.options: dnssec-validation auto; dnssec-lookaside auto; # Need to look up what this one is Generate the keys (pick an appropriate algorithm; today (22 Mar 2021),ECDSAP384SHA384 seems to be the “ideal”): dnssec-keygen -a ECDSAP384SHA384 -b 4096 -n ZONE technomancer.comdnssec-keygen -f KSK -a ECDSAP384SHA384 -b 4096 -n ZONE … Read more