Threads for 3bal

  1. 1

    Is OP author? Can you give some more details on your KVM/libvirt setup?

    Been wanting to set up a set of minimalist hypervisors designed to be interacted with via TF/api instead of heavyweight proxmox/xenorchestra

    Edit: found this… Helpful thanks!

    1. 2

      Hi @aae , I also keep some examples here

    1. 1

      If you use as an upstream anyway, just use their own DoH/DoT..? Then your traffic is encrypted all the way to the upstream.

      1. 2

        The specific dnsdist conf is just an example to present the simplicity of dnsdist. In the article there is a full use case scenario to build your own DoH from top to bottom.

      1. 1

        I didn’t dig into DoH RFC, but how is that supposed to work:

        I understand how works over HTTP as this do not need DNS resolution, but how I can resolve DNS query without DNS?

        1. 2

          My guess is it’s bootstrapped via traditional DNS.

          1. 0

            DoH in layman’s terms, uses HTTPS (S <— stands for security) to ask a remote DNS server and get the reply in firefox. The traditional way is for firefox to ask your operating system and your operating system ask your DNS via UDP that means cleartext & unencrypted traffic.

            1. 1

              Did you mean to reply to me? I’m well aware of how DNS (intimately) and DoH (from the spec) work. The GP was asking how it was possible to use a domain name to reference a DoH server, to which the obvious answer is that it finds the DoH server’s IP address by querying traditional DNS.

          2. 2

            For Firefox at least, the set of DOH settings (actually all prefixed in about:config with “network.trr”), there is a ‘network.trr.bootstrapAddress’ setting which allows you to specify a traditional DNS server to bootstrap the DOH system with. If it’s left empty, the bootstrapping defaults to your OS configured DNS resolver.

            1. 2




              by setting this field to the IP address of the host name used in “network.trr.uri”, you can bypass using the system native resolver for it

          1. 1

            Instead of:

            # Read PKGBUILD
            - source $PKGNAME/PKGBUILD
            # Install Dependencies
            - pacman -Syu --noconfirm --needed --asdeps "${makedepends[@]}" "${depends[@]}"

            You can just use makepkg -s to automatically install missing dependencies with pacman. So something like:

            su - bob -s /bin/sh -c "cd $(pwd)/$PKGNAME/ && makepkg -s"
            1. 1

              Inside a docker container, makepkg will try to use sudo to install missing dependencies. But you will get this error msg:

              sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the ‘nosuid’ option set or an NFS file system without root privileges?

              Inside pacman/makepkg codebase: scripts/ cmd=(sudo “${cmd[@]}”)

            1. 1

              I’ve using (almost daily) a lot of them ! And yes, there are cool .. but obscure?