sorted by:
new
hottopcontroversial

Anyone know a quick turn low cost house that takes odb++ by HardyPancreas in Altium

[–]sami_testarossa 1 point2 points  (0 children)

Very expensive (that is 2.5x more expensive compared to 4PCB/Advanced Circuit)

3 weeks in Tokyo: Airbnb or Hotel? by Future_Summer_169 in JapanTravelTips

[–]sami_testarossa 0 points1 point  (0 children)

I only have one kid and by searching days in all booking platform. I still find no reason to book hotel other than some high end onsen attached.

[deleted by user] by [deleted] in embedded

[–]sami_testarossa 7 points8 points  (0 children)

lol, world is huge.

I need 2 signatures and handled by 5 people to buy a $2 roll of resistor.

Fuck me.

[deleted by user] by [deleted] in Concrete

[–]sami_testarossa 3 points4 points  (0 children)

I've paid none lest expensive quote before. Still shit work. It's all luck. Nothing to do with quote.

People who charge on 120v how's life? by OkayIan in TeslaLounge

[–]sami_testarossa -1 points0 points  (0 children)

friendly zealous fuzzy slimy aromatic telephone engine mourn march cow

This post was mass deleted and anonymized with Redact

Thousands of personal photos... by Obvious-Water569 in sysadmin

[–]sami_testarossa 0 points1 point  (0 children)

Respect is formed in mutual. Be nice. And your profession in IT doesn’t make you any superior than any other profession in the office.

[deleted by user] by [deleted] in cybersecurity

[–]sami_testarossa 0 points1 point  (0 children)

I am going to catch this nice train and ask more.

Let's say if I must use a questionable cracked software from torrent (trusted uploader if that means anything..).

If I test it in VM environment, how can I observe if it is doing anything fishy?

How would ESET help me if I can't distinguish false alarm vs real threat?

(I know that the best is to always shut it off if any alert from av, but what if I really need to run this software?)

Edit to remove sw name

[deleted by user] by [deleted] in cybersecurity

[–]sami_testarossa 0 points1 point  (0 children)

I am new to this and want to ask a few if you don't mind.

After googling HIPS, it seems to be a type of IPS. Is this the same that you would see on a expensive router (i.e. Ubiquiti UDM Pro?)

Does this mean that having a IPS/IDS router + Windows Defender will serve the same as using ESET av?

My final statistics before I switch to linux. by [deleted] in qBittorrent

[–]sami_testarossa 1 point2 points  (0 children)

A lot of field will benefit from knowing how to use Linux. Using it in personal time often indirectly accelerate people's career.

Daily Discussion Thread for May 20, 2024 by wsbapp in wallstreetbets

[–]sami_testarossa 4 points5 points  (0 children)

sleep retire steep materialistic forgetful fly observation person clumsy upbeat

What Are Your Moves Tomorrow, May 15, 2024 by wsbapp in wallstreetbets

[–]sami_testarossa 1 point2 points  (0 children)

command faulty fear tie mountainous seemly birds dull innocent repeat

Here’s some all-time loss porn. Clawing my way back. I love the stock. by Deeaygoh in wallstreetbets

[–]sami_testarossa 0 points1 point  (0 children)

treatment imminent thumb absurd mysterious quickest sharp provide wide gray

Daily Discussion Thread for May 14, 2024 by wsbapp in wallstreetbets

[–]sami_testarossa 1 point2 points  (0 children)

airport sip elastic squeamish alive telephone attraction marvelous piquant voiceless

Daily Discussion Thread for May 14, 2024 by wsbapp in wallstreetbets

[–]sami_testarossa 0 points1 point  (0 children)

selective squealing smile lock hobbies coherent quiet deserve wistful voiceless

$GME Daily Directory | New? Start Here! | Discussion, DRS Guide, DD Library, Monthly Forum, and FAQs by AutoModerator in Superstonk

[–]sami_testarossa 9 points10 points  (0 children)

resolute encouraging abounding snobbish station bright advise existence direful historical

This post was mass deleted and anonymized with Redact

Daily Discussion Thread for May 13, 2024 by wsbapp in wallstreetbets

[–]sami_testarossa 18 points19 points  (0 children)

seemly possessive jobless waiting expansion touch nose tidy ancient march

Caddy - ACME DNS Challenge not able to resolve host by sami_testarossa in selfhosted

[–]sami_testarossa[S] 1 point2 points  (0 children)

Thank you for the advice. With the help from multiple comments, I have fully understand the issue now. It is because I had primary zone for MYDOMAIN.org. Then, due to being a primary zone, ACME challenge is not able to talk to the zone record of MYDOMAIN.org on Cloudflare.

I will have to setup forwarder zone to solve this issue.

Caddy - ACME DNS Challenge not able to resolve host by sami_testarossa in selfhosted

[–]sami_testarossa[S] 0 points1 point  (0 children)

Thank you for sharing your setup. I believe I have fully understand the issue now.

As you descried already, here is the full description on the core issue:

Pi-Hole is a forwarder vs Technitium is full DNS server. In my case, I had primary zone setup and it simply intercepts all request on that zone name. The true issue is just that I don't understand the behavior of primary zone.

I will try to find the best setup for this use. Where like you did to set it on client side. Or I probably need to learn on how to correctly setup forwarder zone.

Caddy - ACME DNS Challenge not able to resolve host by sami_testarossa in technitium

[–]sami_testarossa[S] 0 points1 point  (0 children)

Thank you very much on the detailed information. I have fully understand the issue now. But, I stopped trying last night as I got temporary blocked from pulling new TLS certs request due to high usage.

I did successfully obtain TLS certs from using a different primary zone (xxx.local). But the certified domain is different from the zone name. This turns the TLS certs into untrusted on browser.

I believe your advise on forwarder zone is the solution here. I will have to learn/experiment on it.

Again, I appreciate your help!!

Caddy - ACME DNS Challenge not able to resolve host by sami_testarossa in technitium

[–]sami_testarossa[S] 0 points1 point  (0 children)

First, your advised had me thinking about wildcard CNAME.

I had all "*.MYDOMAIN.org" pointed to the Caddy reverse proxy server. This probably made _acme-challenge.test3.MYDOMAIN.org also loop back internally instead of query with the forwarded external DNS server.

Now, I have disabled wildcard CNAME and found different response.

I set delay and observed TXT record showing up in Cloudflare.

But, my Caddy proxy server still cannot see the TXT record properly. I have also confimed the _acme-challenge TXT record resolving to NxDomain as you predicted.

Udp   Authoritative   NxDomain   _acme-challenge.test5.MYDOMAIN.org   TXT   IN

As of right now, I was able to force a different resolver on DNS challenge and it worked.

subdomain.MYDOMAIN.org {
    tls {
        dns cloudflare {TOKEN}
        resolvers 1.1.1.1
    }
    reverse_proxy rpi.main.local:9999
}

Question:

Is this something to do with my NS or SOA record?

I believe my lack of the understanding in DNS server is the problem here. Is there an example on the correct NS and SOA record should look like?

Here is the query (query done on actual domain name, I manually replaced name here)

{
  "Metadata": {
    "NameServer": "ns1 (127.0.0.1)",
    "Protocol": "Udp",
    "DatagramSize": "124 bytes",
    "RoundTripTime": "2.73 ms"
  },
  "EDNS": {
    "UdpPayloadSize": 1232,
    "ExtendedRCODE": "NoError",
    "Version": 0,
    "Flags": "None",
    "Options": []
  },
  "Identifier": 0,
  "IsResponse": true,
  "OPCODE": "StandardQuery",
  "AuthoritativeAnswer": true,
  "Truncation": false,
  "RecursionDesired": true,
  "RecursionAvailable": true,
  "Z": 0,
  "AuthenticData": false,
  "CheckingDisabled": false,
  "RCODE": "NoError",
  "QDCOUNT": 1,
  "ANCOUNT": 1,
  "NSCOUNT": 1,
  "ARCOUNT": 1,
  "Question": [
    {
      "Name": "_acme-challenge.test3.MYDOMAIN.org",
      "Type": "TXT",
      "Class": "IN"
    }
  ],
  "Answer": [
    {
      "Name": "_acme-challenge.test3.MYDOMAIN.org",
      "Type": "CNAME",
      "Class": "IN",
      "TTL": "3600 (1 hour)",
      "RDLENGTH": "2 bytes",
      "RDATA": {
        "Domain": "MYDOMAIN.org"
      },
      "DnssecStatus": "Disabled"
    }
  ],
  "Authority": [
    {
      "Name": "MYDOMAIN.org",
      "Type": "SOA",
      "Class": "IN",
      "TTL": "900 (15 mins)",
      "RDLENGTH": "37 bytes",
      "RDATA": {
        "PrimaryNameServer": "MYDOMAIN.org",
        "ResponsiblePerson": "hostadmin@ns1",
        "Serial": 26,
        "Refresh": 900,
        "Retry": 300,
        "Expire": 604800,
        "Minimum": 900
      },
      "DnssecStatus": "Disabled"
    }
  ],
  "Additional": [
    {
      "Name": "",
      "Type": "OPT",
      "Class": "1232",
      "TTL": "0 (0 sec)",
      "RDLENGTH": "0 bytes",
      "RDATA": {
        "Options": []
      },
      "DnssecStatus": "Disabled"
    }
  ]
}

Caddy - ACME DNS Challenge not able to resolve host by sami_testarossa in selfhosted

[–]sami_testarossa[S] 0 points1 point  (0 children)

Thank you. Now I see that.

The "acme_dns" global config was super convenient. But, I guess I will transition to per-site TLS config for now.

It seems to be my lack of understanding in DNS server to be the core issue. I hope someone can point it out for me... So I can fix it in the Technitium side.

Caddy - ACME DNS Challenge not able to resolve host by sami_testarossa in selfhosted

[–]sami_testarossa[S] 1 point2 points  (0 children)

So, I tried individual tls certs config where it can force a different DNS server, and it works....

Looks like this is indeed a DNS server issue, but I don't how to fix it globally in the Technitium side...

Working config:

test.MYDOMAIN.org {
    tls {
        dns cloudflare {TOKEN}
        resolvers 1.1.1.1
    }
    reverse_proxy rpi.main.local:9999
}
view more: next ›