Dnsmasq Cheat Sheet
Comprehensive documentation of all of the options for the dnsmasq DNS/DHCP server, with practical examples
Rohan Molloynetworking
Self Hosted DNS using NSD
In this tutorial, I'll be setting up a pair of authoritative DNS servers using the NSD DNS server daemon.
Rohan MolloyOpenWRT/LEDE Bridging Firewall
It would be neat if my wireless access point could bridge directly to my cable modem so that clients would have proper public IP addresses. Being directly connected to the internet significantly increases vulnerability so the aim is to address this with a bridge firewall.
Rohan MolloySetting up Tor and Hosting a Hidden Service
This tutorial will show you how to set up TOR as a daemon and host hidden services. Hidden services are only available on the TOR darknet and allow you to host services without revealing your IP. Tor hidden services can be accessed via a special .onion domain. Although it hides your IP address, Tor…
Rohan MolloyCustomizing Digitalocean Floating IPs
Digitalocean allows, for free, the option to add an additional IP address to your virtual machine ("droplet"). These floating IPs are similiar to Amazon AWS Elastic IPs and are tied to your account and location, rather than any specific instance This means that when an instance is destroye…
Rohan MolloyRunning your own DNS with Unbound (and block ads)
Today we will learn how to create your own recursive DNS server using Unbound. This will improve performance through caching. We will also look at ad-blocking.
Rohan MolloyRouteable Loopback Addresses
Today we will learn about loopback addresses that can be reached from the outside via routing. This is useful for running services on a router In a previous post, I talked about the loopback interface and how we can locally bind services to any address in the range 127.0.0.1-127.255.255.254. This is…
Rohan MolloyRate-limiting logging on the Ubiquiti EdgeRouter Lite
The Ubiquti Edgerouter Lite has an iptables based firewall. For each firewall rule (and named set of ules) there is a is an option to enable LOG. Unsolicited traffic to tcp ports, especially ssh, telnet is very common and so our log gets quite large, rather quickly. On a device with limited storage…
Rohan MolloyThere's more to localhost than 127.0.0.1
The loopback interface is most familiarly encountered as 127.0.0.1 and is referred to as the local loopback address. This address is present on every IPv4 host and is given the hostname localhost. What people either don't know or seem to forget is that on the lo interface, there's ~16 million other…
Rohan MolloyScript to send a SMS when IP changes
So this is one application of the SMS gateway. My home internet gets its address via DHCP, however, unless something goes wrong, the addresses are usually reasonably persistent (generally at least 10 days). I was motivated to set this up because when my ISP was having connectivity issues, it was ver…
Rohan MolloyUsing the ss command to view active and established connections
The command known as ss which stands for socket statistics. It is used for listing listening and established connections and to find out which processes and users are associated with them. Finding all outbound connections to a particular port ss -t -o 'dport = :ssh' --resolve | awk '{print $4,$5,%6…
Rohan MolloyPretty printing terminal output into JSON/CSV
There is a command called column which allows you to format the lines produced by a command into symmetrical rows/columns, which can then be easily converted into CSV or JSON. This will be quite handy for reading and populating files. In this case, I needed to populate /etc/ethers/ from the arp tabl…
Rohan MolloyNetwork Basics: The DHCP client
So what is DHCP? How automatic configuration works The DHCP client When you bring your laptop over to your buddies house and plug into their network, your internet is ready by "magic". This is achieved by the DHCP client daemon dhcpcd. When a new network link comes on line (e.g plugging in…
Rohan MolloyConverting a Hostfile Adblock into Unbound DNS records
There are lots of places where you can download ad blacklists in the form of simple host files, but they require manual installation on every device. Instead we will make records for our DNS server so we can block ads network wide. I used a blacklist from somewhocares. This github page contains a ra…
Rohan Molloy