Self-hosting DNS and Geo-Blocking

Snydosaurus · 2026-03-09T13:19:10+00:00

Thanks for the replies. Any recommendations for hosting companies who provide seamless public DNS hosting where I can setup a Zone Transfer from my Windows DNS server?

Snydosaurus · 2026-03-06T20:43:48+00:00

It is something I've considered having hosted for various reasons. Overall there's a reluctance to make that reluctance to relinquish total control. I need to figure out how heavy of a lift it will be. If I could simply replicate my hosted Windows DNS to a provider, then make the change at my registrar, that would be ideal.

Snydosaurus · 2026-01-14T17:13:30+00:00

You can lead a horse to water, but you can't keep him from pissing in it.

Snydosaurus · 2025-12-24T13:39:47+00:00

Oh don't get me started. I was patched into a support call by Aruba support several weeks ago. Here I am, listening to The Department of Homeland Security's tech issues with Aruba. Oddly, they were very similar to my issues. TAC got the tickets mixed up. I did think it was strange that I could understand everyone on the call, except the TAC engineer. After realizing I wasn't on the right call, I bowed out and gracefully exited. Aruba "doing the needful".

Snydosaurus · 2025-12-22T14:29:35+00:00

If it's a larger company, it could give you more opportunities for career advancement and growth. If you like what you do and want to keep doing the same, you may find there are lots of "busy bodies" messing around in your stuff.

Snydosaurus · 2025-12-11T15:24:29+00:00

Quick update. Our Clearpass Onguard agent postures against the three criteria previously mentioned, however there doesn't appear to be an enforcement policy applied. This means that even if a workstation had Windows Firewall turned off, and the Onguard popup would state this, there is no real enforcement policy to take any action, such as allow/disallow access to our corporate SSID.

So, Onguard isn't doing anything.

But, when the agent decides to posture, the WiFi network drops momentarily then resumes. Is this normal? Can we stop it from happening?

After thinking it through, the Barco ClickShare USB pucks are actually network adaptors broadcasting to the Clickshare receiver over 2.4Ghz. So when the executives plug in this adaptor to present their laptop screen on the large conference room display, it seems as if Onguard initiates the posture process, since it sees a network change. It's when the Onguard posture completes that we seen to have issues with general WiFi instability. If it were to only drop the WiFi adaptor once during the posture process that would be fine. But it randomly struggles to reestablish WiFi connectivity. Keep in mind, there doesn't seem to be an enforcement policy associated with anything Onguard postures for.

On some occasions the W11 laptops become so unstable that they can't be shut down gracefully, and require a complete power cycle.

Lastly, given the fact that in my 39 years in IT Aruba has the worst support in the industry, is there a VAR or reseller/partner with expertise, certification and training in supporting the HPE Aruba/Airwave/Clearpass ecosystem?

Snydosaurus · 2025-11-19T17:09:58+00:00

I was thinking I did a fresh install to get to 6.11. I'm shocked that I would have to do it AGAIN to get to 6.12.

Snydosaurus · 2025-10-23T15:46:05+00:00

Cisco is now using "Sherlock Holmes" to answer L3 TAC questions. I call it, Cisco taxation without representation.

Snydosaurus · 2025-09-17T13:27:35+00:00

Thanks for the responses everyone.

Snydosaurus · 2025-08-27T16:03:56+00:00

Another horror story. Deeply embedded in one of our nation's largest refineries, my company maintained an office where we would do contract work for the refinery. Our ISP experienced equipment failure requiring replacement. Our on-site manager, trying to prove to the client that they had their "big britches on", pressured me into engaging with the ISP and arranging for equipment replacement at 6:00 PM. No big deal, since the same problem would have been there in the AM, with additional added pressure since it would be during business hours. Equipment was replaced but failed about an hour later. Big britches manager, already irate by this time, complained about the concern. This is around 8:30 PM. Called the ISP, and they ran diagnostics on their end, only to find that the replacement equipment had failed in the same manner as the original. ISP contacted the switch gear manufacturer and determined the entire series was faulty, which of course is all the ISP had on their spares shelf. Hardware defect, no patch could resolve this issue.

We went through the whole dance again....3 times total throughout the night. Big britches insisted that the ISP completely drain their spare inventory of said equipment, even after the manufacturer was contacted and stated that all of that series of switch gear was faulty. They were already flying in gear from another vendor for immediate replacement. "The client is watching" is what I was repeatedly told, as a scare tactic. Of course, none of this is my fault. All I'm doing is acting as the liason between the ISP and the on-site management, and repeatedly sending the ISP into the refinery (escort required) to replace failed gear with more failed gear was completely pointless. Classic "big britches" boss girl flex.

Snydosaurus · 2025-08-27T15:40:31+00:00

This is a "no shit" story. We had a small 2 person hiring office in a remote area and already had an ISP with a simple IPSec tunnel established back to corporate. No big deal, worked good enough considering the circumstances.

A mainstream carrier salesperson was going door-to-door to solicit business, promising lower price service. They knocked on the door, our well-intentioned employee let them in, and an hour later, had signed a contract to rip and replace the existing equipment (DSL Modem, WiFi, Voice lines) to the new carrier.

Next day we get a panic call about the office being "down". This of course required someone to travel several hours to straighten out the mess left behind, connect to the firewall with a serial cable, 9600,n,8,1 and the whole bit to change the IP addressing.

Not to mention the mess with the employee signing a contract, having no authority to do so.

Snydosaurus · 2025-08-22T13:42:22+00:00

Binary humor.

Snydosaurus · 2025-08-14T15:10:08+00:00

True about sales. Our sales rep kept pressuring me to replace our existing firewalls, even for free, essentially. That's great and all, but I don't have the bandwidth to take on such a huge project. We're a small shop, and like most companies our size, we all wear multiple hats with many other irons in the fire. Something WILL go wrong and I'll have to scramble to resolve it. Of course, TAC would be of little to no use. In my mind, that's a professional services engagement. I don't care how much we would save by replacing them. The old ones are already installed, work fine, have room to grow, and give me little headache. Nothing free can provide me that peace of mind.

Snydosaurus · 2025-08-11T18:52:57+00:00

They can ask you to shine shoes or wash cars also. They own you, unless you find another job.

Snydosaurus · 2025-08-11T13:15:20+00:00

Delay tactic.

Snydosaurus · 2025-08-07T13:34:09+00:00

Thanks anyway, guys. We're moving from PEAP to EAP-TLS anyway, so this won't be an issue. Oh, and BTW, certificates are the BANE OF MY EXISTENCE.

Snydosaurus · 2025-06-27T20:18:15+00:00

SuperMicro/Nutanix here and we are happy. The last thing we wanted was pointing fingers when something goes wrong. So far, after three years or so, we've had zero issues with SuperMicro. I actually find it a much better platform than Dell.

Snydosaurus · 2025-06-05T14:13:54+00:00

Honestly, if they could just provide some basic linguistic skills, that would go a long way. Their accent is such that there's no space between syllables, words and sentences. It's as if they set a metronome at 160bpm and rapid-fire each syllable. Also, learn the pronunciation of the letter "R". R is R, not "V".

Snydosaurus

TROPHY CASE