@Oksana Note that TPM can be bypassed for the installation.

https://www.pcmag.com/news/microsoft-offers-tpm-20-bypass-to-install-windows-11-on-unsupported-pcs

@scottalanmiller

I wonder if your assumptions are correct. They are probably just using gethostbyname() / getaddrinfo() to find the IP and then it's the OS (Windows) that is responsible for the behavior you're seeing.

As I'm sure you know those function are part of socket programming functions of the OS. Based on BSD originally but Microsoft must have added code to deal with netbios, wins and whatever they've been doing since the days of Wfw.

Linux by comparison only deals with name resolution by DNS and manual hosts files. I can't think of anything else right now at least.

@scottalanmiller said in Weird DNS resolution issue:

@Dashrender said in Weird DNS resolution issue:

I suppose it's possible that would have resolved this specific issue as the router would have been the only device making connections to the external DNS... but then again - it could have caused all machines to go without DNS when the upstream server stopped responding...

Not very likely. Plausible, but not likely enough to avoid it.

sure - but then again, I've never seen this situation before either - so I would have previously called it unlikely.

API and a script

@strongbad
What I found and read -though short- implied the person is making things up out of total misunderstanding.

I’d have them provide examples

@flaxking said in SAMIT: The Three Components of Web Hosting:

@scottalanmiller said in SAMIT: The Three Components of Web Hosting:

@flaxking said in SAMIT: The Three Components of Web Hosting:

I'm liking these non-IT technician focused videos.

Thanks! I'm hoping to broaden the audience and make tools that IT staff can either use directly by sharing with management or learn from on how to present to management.

Far too often IT is pressured to make business decisions that other business stakeholders should be involved in.

And vice versa, tons of times untrained people with no IT insight or knowledge make all the critical IT decisions and just have the staff classified as IT deal with the mistakes rather than avoiding them.

@marcinozga said in Do you add CAA records to your DNS records?:

Yes, but word of caution. If you get certs from multiple different providers, don't forget to add records for all of them. Otherwise getting certs will fail, and it's almost impossible to troubleshoot.

Yes, like this.
caae902b-b24b-46a0-9102-6267aa67770a-image.png

@Dashrender said in DNS Filtering with Ties to Google Groups:

the browser will use the system DNS if that DNS support DNS over HTTPS....

How can the browser know what the DNs mechanism is? DO you mean the browser will try a local DNS over HTTPS first? That I can see.

@wscsuperfan said in Hosted DNS questions:

@JaredBusch said in Hosted DNS questions:

@scottalanmiller said in Hosted DNS questions:

@travisdh1 said in Hosted DNS questions:

CF also have certs available to encrypt the traffic between your server and CF, I think they're even free.

They are free.

And I have a guide on here on how to use one

Sweet.....I'll go look for it. Thanks

https://www.mangolassi.it/tags/origin certificate

@gjacobse said in pi-Hole: Client and Recursive DNS:

And since i'm running this now, I get a notification on recursive DNS -

Yup, just ignore them.

@Texkonc said in Internet outage:

@JaredBusch said in Internet outage:

@PhlipElder said in Internet outage:

@JaredBusch said in Internet outage:

@PhlipElder said in Internet outage:

https://www.cloudflarestatus.com/incidents/46z55mdhg0t5

Hmmm ... this from a little over a year ago.

Same "problem".

Routing is not magic. Errors happen.

That may be so, but the expectation is that the same errors would not happen over and over again.

FFS It is not the same. Are you stupid?

Jesus, calm down. No one pissed in your corn flakes...

No kidding. Don't go all Boomtown Rats on me. 😛

@dbeato said in Patch all your Windows DNS servers - CVE-2020-1350 - CVSS score of 10:

@pmoncho said in Patch all your Windows DNS servers - CVE-2020-1350 - CVSS score of 10:

Just wondering - Is anyone seeing a patch for 2019 with a reference to the KB article?
Checked yesterday, last night and this morning. No update that I can see.

Currently performing the workaround.

c46cc947-cad4-4bfc-877c-dbd1c1ddfd16-image.png

https://www.catalog.update.microsoft.com/Search.aspx?q=KB4558998

Thanks. Forgot about the update catalog.

@Dashrender said in Windows Domain routing question - dual-nic:

Though - if you have a second layer network like this, you'll need to inform your external router on the internal networks and how to route them.

Routing to the internet is mostly just a nice to have.

Pretty cool. I’ll have to try it and see how it goes.

I’ve been using Unbound for several years running on a Raspberry Pi and using a custom black list. Love not having to run ad blockers on each computer browser since it’s all taken care of with Unbound.

@teece I haven't seen that happened ever, no other transport rules modified the DKIM at all.

Thanks for adding more technical content!

@scottalanmiller said in What's the status on DMARC?:

@JaredBusch said in What's the status on DMARC?:

That image is a stander O365 box that only takes a few clicks to setup. How have you not seen that?

Very few customers using O365 and none using that feature, I'd imagine. How does it display to people not on O365?

We see something else from all kinds of users all different systems all over.

A lot of SPam Filtering systems do have that option as well. A lot of medical and financial businesses enable this.

@Grey said in Private DNS architecture?:

@Pete-S said in Private DNS architecture?:

@Grey said in Private DNS architecture?:

This all sounds very complicated. Why not use the DNS and DHCP at your datacenter and turn off all the others, and then give the routers an ip helper address config? Does your network hardware not support that?

@Grey It may very well be too complicated. At the same time it has to be fast, robust and the parts have to be able to work independently if a VPN link goes down.

Ok, cut the line to the internet. Can they still function? What doesn't work? What gets cached at your app server? How much data is transferred when the line returns?
How much actual resilience does the business need vs what they can sustain, and what's the risk? Has anyone answered these questions before?

The diagram is a simplified. It's only internal company traffic that goes over the VPN in the drawing. The data centers also serves other clients that are not connected over VPN. That actually their primary job - they are serving customers, not just internal workloads.

When it comes to resilience and risk, it's the data centers that have to be up and running. So they have redundant everything. The rest is just ordinary SMB stuff.

PS. Also in the data center we are doing HA in the application layer and not the hypervisor layer. So having two DNS servers made sense to me since that will be natural HA in the application layer.

I find it to not be of concern. I would never have it happen, because it's a bizarre and problematic way to handle internal DNS. But anyone who can exploit private IP mapping can figure it out without DNS in the first place. So I see no reason to want to hide it.