Thanks 😊 Regards Michael Knill
From: Lonnie Abelbeck <li...@lonnie.abelbeck.com> Date: Friday, 11 August 2023 at 10:19 am To: AstLinux Users Mailing List <astlinux-users@lists.sourceforge.net> Subject: Re: [Astlinux-users] Looking to implement DNS-TLS Sounds like you have a use case to implement the the /mnt/kd/dnsmasq.static trick/workaround. Lonnie > On Aug 10, 2023, at 6:38 PM, Michael Knill > <michael.kn...@ipcsolutions.com.au> wrote: > > Hi Lonnie > > Whoops sorry for assuming you are psychic. It’s the dyndns-host-open plugin > for the firewall. > You mentioned with the /mnt/kd/dnsmasq.static trick (I called it workaround) > that it should only be implemented if it was not working. But DNS not working > would be a bad thing and although I have a static entry for access in the > firewall it would prevent access for all other addresses and ports using the > dyndns-host-open plugin. > > Yes I suspect it would be rare but the impact would be high if it happened. > > Regards > Michael Knill > > > From: Lonnie Abelbeck <li...@lonnie.abelbeck.com> > Date: Thursday, 10 August 2023 at 11:26 pm > To: AstLinux Users Mailing List <astlinux-users@lists.sourceforge.net> > Subject: Re: [Astlinux-users] Looking to implement DNS-TLS > > Hi Michael, > > Not sure what you mean by "dyn-dns plugin"? Plugin to what? > > In this day and age, certificates that depend on the system to have a valid > time are quite common. > > If you are using Network tab -> "Dynamic DNS Update:", the update will use > HTTPS (via curl) to secure your credentials, which will require a valid > system time. Note the "Dynamic DNS Update:" (set external DNS record) has > nothing to do with "DNS-TLS" (retrieve DNS). > > The AstLinux system clock is maintained via one or more of: > > 1) CMOS flash with battery RTC (bare metal) > > 2) Virtual Machine host provides date/time (VM) > > 3) Time is set on startup using chrony using Network tab -> "Network Time > Settings:" > > > While I have not had any practical issues over the years using "DNS-TLS", you > can either use a manual IPv4 address in "Network Time Settings:" or use the > /mnt/kd/dnsmasq.static trick as described here [1] to "almost" guarantee the > clock is valid at startup. > > Lonnie > > [1] > https://doc.astlinux-project.org/userdoc:tt_dns_tls_proxy#possible_startup_issues > > > > > > On Aug 10, 2023, at 1:28 AM, Michael Knill > > <michael.kn...@ipcsolutions.com.au> wrote: > > > > Hi Group > > > > I’m currently using the dyn-dns plugin and wanting to extend it for > > additional Astlinux access. > > I’m concerned that DNS traffic is currently not being encrypted so I want > > to use DNS-TLS. > > > > I have two questions: > > • As you have mentioned in the notes, as it relies on reasonably > > correct time which needs DNS to be set correctly, I am concerned that we > > will not be able to access the system with dyn-dns if this occurs. Should I > > implement the workaround for this in /mnt/kd/dnsmasq.static always? > > • I currently have 1.1.1.1 & 8.8.8.8 configured as my standard DNS. > > I assume this is not possible with the DNS Proxy and DNSSEC? I do realise > > that Anycast DNS is very close to 100% uptime but I’m just cautious. > > > > Regards > > > > Michael Knill > > Managing Director > > > > D: +61 2 6189 1360 > > P: +61 2 6140 4656 > > E: michael.kn...@ipcsolutions.com.au > > W: ipcsolutions.com.au > > > > <image001.png> > > Smarter Business Communications > > > > _______________________________________________ > > Astlinux-users mailing list > > Astlinux-users@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > > > Donations to support AstLinux are graciously accepted via PayPal to > > pay...@krisk.org. > > > > _______________________________________________ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. > _______________________________________________ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
_______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
