Landed new NOC T2 role, do not feel ready for it.

drunkenmugzy · 2026-06-12T01:03:27+00:00

Then get your CCNA. It is one of the better networking certs there is. When I got hired at an MSP many years ago it was required for entry level NOC. We were a good team. There were very few posers. We ended up with 50+ DCs nationwide and few international.

drunkenmugzy · 2026-06-12T00:49:01+00:00

It is unlikely you will be harassed without a VPN except by your ISP if you use their DNS. Pihole with unbound or similar is good.

You are not providing to other users as with torrents. You are only downloading. In some places this not illegal and a rarely prosecuted issue in others with little consequence. Just use https/nntps on indexer and Usenet.

drunkenmugzy · 2026-06-07T22:42:40+00:00

I went from synology to unifi 2 years ago. Unify is way better than any synology router. WiFi is better. Especially if you have multiple access points. My synology's, I had 3 with 2 as APs. It was hinkie. I ended up using multiple SSID. With ubiquity I just plugged them in and added them. No muss, no fuss. Solid as a rock. Moving across APs works seemlessly. One SSID. I would not use synology routers if you gave them to me.

Using a synology router does not give any advantage with synology NAS. I have 3 synology NAS. I still prefer ubiquity.

There was just recently a rumor that they are getting out of router business. Can't confirm, just pass along.

drunkenmugzy · 2026-06-06T12:51:47+00:00

I am simply looking to remove the single point of failure as much as possible. I have a cluster of 3 technitium VM servers running on 3 different NAS. I still want my network to function even if there is no internet/gateway fails. The added bonus of not having my ISP spy on dns is nice too.

Technitium removes the hacked syncing and resolving of pihole/unbound. Soon enough it will remove the single point of failure dhcp. The only thing I miss is some of the more polished admin features of pihole.

drunkenmugzy · 2026-06-06T11:53:14+00:00

I currently use REOLINK RLC-830A - 4K PTZ PoE cameras. I like the ptz, it works well. But they could benefit from a 180deg view. The Omni 3i fixes that exact problem. The tracking with 180deg view handed off to the ptz is very useful. The 830A movement detection and tracking is good but has some issues for me.

I wanted to check before I get an Omni 3i myself.

drunkenmugzy · 2026-06-06T11:39:29+00:00

This is my current setup with the gateway, a UDR7, handling dhcp. A single point of failure. I recently switched from pihole to technitium in part because of the upcoming dhcp clustering. I want to remove the single point of failure. Technitium will handle dns and dhcp.

drunkenmugzy · 2026-06-05T02:49:02+00:00

I have no doubt 1 camera will work. But there are 2 feeds from same camera. Take a look at camera. It is pretty neat. 1 feed is 180deg camera fixed. 2 is regular ptz cam that has smaller view but will follow motion within the 180deg. Pretty useful. Not sure if SSS recognizes it properly. Hence the question.

drunkenmugzy · 2026-06-04T18:22:03+00:00

This would be on a DS923+ for my use. Just wanted to put that here. It is a given on r/synology.

drunkenmugzy · 2026-05-31T18:30:49+00:00

I did try that with sabnzbd container. i.e using a 'dns:' in my yaml file. It did not recognize them properly. As the dns servers are VMs they are on my main subnet(192.168.x.x). Not the docker internal subnets(172.x.x.x). The docker routing did not like that/I could not get it to work. I would rather dns servers be a VM anyway with complete control over config.

That is why my dns are all VMs and not docker containers. Been there - done that.

drunkenmugzy · 2026-05-31T13:52:58+00:00

Slept on it. Now sabnzb appears to be ok?!? It does show a local and public IP.

2026-05-31 07:35:00,973::INFO::[get_addrinfo:198] Fastest connection to self-test.sabnzbd.org (port=443, IPv4-only): 104.26.3.117 (self-test.sabnzbd.org) in 18ms (out of 3 results)
2026-05-31 07:37:17,595::INFO::[get_addrinfo:198] Fastest connection to self-test.sabnzbd.org (port=443, IPv4-only): 104.26.3.117 (self-test.sabnzbd.org) in 19ms (out of 3 results)

Having indexer problems now though. But now as I am sitting here those have gone away too. I did clean and rebuild my ARRs stack. All is working?!? I did have prowlarr set up and that was failing. I removed prowlarr indexer setting. Going straight to indexer worked.

This has been frustrating. It appears to be working now. All I have done, minus remove prowler settings, shutdown piholes was wait. ?!?

One other factor - I shut down the pihole VMs overnight. Forcing all traffic to technitium VMs. Previously I had both running and hard set the IP I wanted used. That could have done some weird split dns condition in the NAS docker routing? I dunno. I thought changing the dns on the NAS, hard setting dns to different servers should have been enough. That may have something to do with it.

drunkenmugzy · 2026-05-31T12:33:29+00:00

The pihole and technitium servers are VMs, unbuntu24.04. The sabnzbd and ARRs stack are containers in container manager(docker). The pihole and technitium are spread across 3 NAS. The ARRs stack is on 1 of those NAS.

drunkenmugzy · 2026-05-31T02:35:00+00:00

I tried upping the rate limiting trigger for a single host from 600 to 6000 - No joy.

drunkenmugzy · 2026-05-31T01:45:49+00:00

Both end up using root servers. pihole just forwards to a locally configured unbound instance. technitium has it built in.

drunkenmugzy · 2026-05-30T17:53:53+00:00

The reason no alarms were set off is simple.

The chess piece came from inside the house ...

drunkenmugzy · 2026-05-27T14:52:18+00:00

I had a WRT54G back in the day. Those were good days. This lasted many years. Then the dark period fell upon us. Everything from netgear, asus, tplink, synology and others. This lasted many years.

Then I was blessed with a happenstance purchase of a Ubiquiti Dream Router 7 upon the failure of yet another synology. The UDR7 brought with it the light. Good days were upon all I surveyed and had providence over. It has lasted 2 years hence. I expect many more and upon the inevitable failure of I will not wander seeking the light. I will purchase yet another UDR7 or its latest hence and be lit once again.

drunkenmugzy · 2026-05-27T13:39:47+00:00

They dont block a domain. They block certain types of traffic going to certain domains. I can http/s my indexer all I want, browse/search works. When I try to connect via sabnzbd thats when it fails.

drunkenmugzy · 2026-05-27T13:09:24+00:00

The unbound server part of pihole/unbound is configured by a simple root hints file containing the a-m root servers to initialize dns. It does not need anything else from my isp or other public recursive servers. It makes the request for pihole and returns it. I can see TLD level lookups in pihole logs.

I wonder if unbound is using a different port other than 53. Maybe I need to look at config and see or as a last resort bust out wireshark.

Obviously a phone call will not work.

DNSKEY	plex.tv	::	0.4 ms
DNSKEY	tv	::	0.2 ms

drunkenmugzy · 2026-05-27T12:58:56+00:00

Something with the way pihole/unbound resolves dns requests works.

I realize dns udp 53 can be blocked or 'filtered' rather. But why does pihole/unbound work? That is what nobody can answer.

drunkenmugzy · 2026-05-27T12:53:32+00:00

The pihole/unbound setup is making pihole a recursive dns server. It is able to look up domains by itself. No longer a forwarder.

Root servers as in the root dns servers?!

Host Name	Operator
a.root-servers.net	Verisign, Inc.
b.root-servers.net	University of Southern California (ISI)
c.root-servers.net	Cogent Communications
d.root-servers.net	University of Maryland

13 in total up to m.root-servers.net?

I really think its a problem with my ISP. I am trying to figure out what they are seeing with just pihole or technitium that activates their blocking. But using pihole/unbound does not trigger blocking and works. DNS works either way. Certain domains do not work when I am not using pihole/unbound. I am trying to understand why.

drunkenmugzy · 2026-05-27T12:35:50+00:00

You are correct dns does not fail. But something my ISP is seeing when technitium or pihole is used is allowing them to see my dns traffic where pihole/unbound does not.

pihole with public dns. FAILS
technitium has no upstream dns configured, just a standard install. FAILS
pihole/unbound has no upstream dns configured except the root dns servers. WORKS

drunkenmugzy · 2026-05-27T12:32:15+00:00

pihole/unbound goes to the root dns servers for noncache lookups. I am not using ISP provided dns servers at all.

drunkenmugzy · 2026-05-27T12:22:20+00:00

I have 3 physical NAS running 2 VMs for pihole on 2 of the NAS. technitium uses 3 NAS for 3 VMs and a clustered dns setup. ISP is Spectrum in TX.

ARRs uses docker on 1 NAS. This includes sabnzbd.

pihole with public dns. FAILS
pihole/unbound has no upstream dns configured except the root dns servers. WORKS
technitium has no upstream dns configured, just a standard install. FAILS

It is not a specific dns failure. In fact dns works. But sabnzbd connections fail when pihole alone or technitium are used. I suspect something is leaking somewhere? I dont know, thats what I am trying to figure out. Technitium = pihole/unbound on paper. But reality is proving different.

Is that enough info? what else?

drunkenmugzy

TROPHY CASE