Replying to @BillJelavich, @pletterpet, @fanf and @andrewtj
don’t worry there seems plenty of opportunity to redo decades of provisioning ... but now through port 53 \(zonemd, catalog zones, etc\. etc\.\) Let’s do that first and then solve issues people other than dnsops care about
Fri Feb 26 15:19:58 +0000 2021
Replying to @odintsov_pavel
Yes!
Fri Feb 26 17:21:37 +0000 2021
Replying to @odintsov_pavel
And then start with the Auth and in a few years we can extend it to \(stub\)resolvers
Replying to @bexcran and @dave_universetf
mutt
Sun Jan 31 08:08:39 +0000 2021
In this lockdown I didn’t change my terminal font \(Anonymous Pro\), nor did I change my shell prompt \(https://github\.com/miekg/lean/\).
I think something might be wrong with me
Sun Jan 31 16:52:31 +0000 2021
In a DNS zone that I had laying around, I’ve come with the following scheme to have a working DNS with systemk. Note this does not deal with the control plane, those are routed via tailscale and I’m using IP addresses there. If naming is required here, it can be fitted in the scheme as well.
Using example.org as the domain here.
Scheme An m “subdomain” (it’s not delegated) holds all the names and IP address of the machines of interest.
Due to a previous job I’m calling nodes, “machines”, also because this is about systemk, it’s more likely you are actually using a real machine. So I’ll keep on using “machines” in this post.
First up: I needed an easy way to build packages of the software I’m using. For this I’ve setup a small CI using GitHub workflows that builds Debian packages for me: https://github.com/miekg/debian. (A Debian package repository would even be better, so I can more easily do upgrades).
RT @PowerDNS_Bert: The Netherlands is the leading stupid nation here. 100.00% of our vaccines sit in freezers right now because the “admini…
Wed Dec 30 23:48:08 +0000 2020
Other than the climate emergency, covid-19, lockdown and the fireworks prohibition, it’s a pretty normal NYE in #NL
Thu Dec 31 16:45:26 +0000 2020
Even though everything mandates TLS in k8s/k3s there is no good answer to updating/rotating/distributing them??
Mon Nov 30 13:14:59 +0000 2020
Replying to @bboreham
looks too high level, i.e more focused on application getting certs not the lower level infra bits.
Mon Nov 30 13:22:51 +0000 2020
Replying to @bradfitz
ugh :(
Mon Nov 30 13:27:18 +0000 2020
Replying to @GuerillaNerd
I need to restart k3s for that too work \(at the correct time\).
The everything is a object in Kubernetes is a very nice abstraction. The ability to influence it with just kubectl makes for only one control plane (to learn).
The networking, ingress, discovery, installation, etc. are all not that great. So I’m pondering marrying the things I love: have a plain Debian system, “normal” networking (no overlay/underlay/whatever), Debian packages, etc. And controlling it all via kubectl.
This should include a sane installation and allow for rollbacks.
Replying to @FlynnRoad and @googlenest
If you make a new speaker in the home app you can cast to the speaker. That works for me
Sat Oct 31 14:46:02 +0000 2020
Replying to @FlynnRoad and @googlenest
Twice this week...
Sat Oct 31 15:14:58 +0000 2020
I see no reason to change everything, so I use caddy v1, but “panic: qtls.ConnectionState not compatible with tls.ConnectionState” damnit
Wed Sep 30 05:52:54 +0000 2020
Replying to @_francislavoie
Probably will do that, thanks! I have a couple of plugins and no intent to rewrite them for caddy v2
Wed Sep 30 06:18:21 +0000 2020
Replying to @empijei, @_francislavoie and @mholt6
go get http://github.com/lucas-clemente/quic-go@latest fixes this. Thanks.
Wed Sep 30 07:57:32 +0000 2020
RT @josebiro: I agree with the conclusion, but disagree with the path taken to get there. I was really hoping for something along the lines…
Mon Aug 31 05:23:20 +0000 2020
Replying to @lucasdicioccio
Emacs?
Mon Aug 31 19:30:33 +0000 2020
Replying to @sszuecs
not starting is a pretty good way to get your attention?
Log more - if read those... How about the metrics change we did in 1.7.0..?
Tue Jun 30 07:08:45 +0000 2020
Replying to @sszuecs
I think not start is one of the fews ways of doing this. The major downside of this is pushing new config and having coredns auto-reload. It will refuse to use the new config \(and keep running\).
RT @letoams: Apparently webpki people can point out all \(real and unreal\) DNSSEC outages, but pointing out TLS outages happen too so perhap…
Sun May 31 20:38:25 +0000 2020
RT @dgnijmegen: EOD razend druk: door corona werken meer mensen in de tuin en halen meer explosieven boven
https://www.gelderlander.nl/berg-en-dal/eod-razend-druk-door-corona-werken-meer-mensen-in-de-tuin-en-halen-meer-explosieven-boven~a409f2b7/ https://…
Thu Apr 30 05:52:08 +0000 2020
Replying to @miekg
More progress in the last view days
Thu Apr 30 09:55:30 +0000 2020
Replying to @miekg
*few #sigh
Thu Apr 30 10:14:13 +0000 2020
And still causes confusion. #dns #protolol https://twitter.com/BillJelavich/status/1255935053516988417
Thu Apr 30 19:29:18 +0000 2020
Once an SRE, always an SRE. I’m trying to automate \(mostly via tests\) every style nit that shows up in CoreDNS and isn’t caught by the standard go tooling.
Like this:
https://github.com/coredns/coredns/blob/master/test/metric_naming_test.go
https://github.com/coredns/coredns/blob/master/test/presubmit_test.go
Tue Mar 31 18:09:24 +0000 2020
Replying to @advance_lunge
jesus....
Tue Mar 31 18:46:20 +0000 2020
Replying to @rikribbers and @berkes
Yes and yes
Tue Mar 31 20:27:05 +0000 2020
When you are better prepared for Brexit than the UK.
“Neighbouring countries including France, the Netherlands and Ireland launched customs officials recruitment drives last year, with six-month training schedules considered a minimum”
https://www.theguardian.com/politics/2020/feb/28/extra-50000-border-staff-needed-for-post-brexit-trade-says-gove
Fri Feb 28 13:21:08 +0000 2020
Replying to @craig_tracey
https://github.com/coredns/coredns/issues/1999
Fri Jan 31 09:17:00 +0000 2020
Replying to @toraton
it can work, but it still DNS so you’re at the mercy of clients. Also k8s networking is fubar, so in the current IPv4 NAT setup there will also be a difference between in-cluster addresses and outside. IPv6 can solve this neatly
Fri Jan 31 09:18:45 +0000 2020
RT @ByDonkeys: A message to Europe, this morning on the White Cliffs of Dover.
RT @mdlayher: After just a few days of development, I’ve got an alpha build of CoreRAD running on my router and successfully advertising pr…
Tue Dec 31 17:11:11 +0000 2019
RT @mipsytipsy: wrong
wrong
so wrong
annnnd wronger 🌈✨
But if you’re looking for an object lesson in how to drain your software engineeri…
Tue Dec 31 18:05:37 +0000 2019
Replying to @olix0r and @ibuildthecloud
The \(discussed in Google\) alternative is to just do it all in code.
Replying to @tompusateri
3a:00.0 Network controller: Qualcomm Atheros QCA6174 802.11ac Wireless Network Adapter \(rev 32\)
w/
firmware-atheros 20190917-1
\(works flawlessly in 5\.3\.x\)
Sat Nov 30 08:13:46 +0000 2019
RT @thedarktangent: To tie back to the first post, how the community, ICANN, and ISOC responds to the insider sale of .org will determine h…
Sat Nov 30 09:15:15 +0000 2019
RT @RedHat: Imagine a plume of smoke rising from the hood of your car.
Replying to @andrewtj
yep :) That page 404s for me though
Thu Oct 31 06:50:22 +0000 2019
Replying to @andrewtj
Oh wait firefox hiding the download for me
Thu Oct 31 08:06:06 +0000 2019
RT @Truthma81128749: Massive crowds gathering on Trafalgar Square.
Atmosphere very tense.
#brexitriots
Thu Oct 31 16:24:32 +0000 2019
No stupid SingleStats, I approve #spartana https://twitter.com/nickrw/status/1189572291300122624
Thu Oct 31 19:30:09 +0000 2019
Second non-me PR for #spartana https://github.
My work ideal would be: 6 months 200% and then 6 months off \(somewhere in the woods; no phone; no internet, pure bliss\)
Mon Sep 30 20:40:44 +0000 2019