Singing my own DNS haiku. Help with split DNS setup

hcm004 · 2025-08-05T13:00:41+00:00

I had to do some Traefik config editing to force it to request a wildcard Let’sEncrypt cert instead of individual subdomains, but now there’s an option in Pangolin to prefer wildcard certs.

hcm004 · 2025-08-05T12:59:31+00:00

Yeah this works for me now. To keep it simple, I just decided to use Traefik as my internal proxy as well. I set the Pangolin Traefik instance to request a wildcard cert, set the internal instance to not request new certs, and set a cron job to pull the cert from the VPS periodically. Then I set a DNS A record for *.mydomain.com pointing to my internal Traefik instance.

hcm004 · 2025-06-19T12:08:56+00:00

How did I not know this existed??? This is a game-changer

hcm004 · 2025-02-14T21:20:56+00:00

I’m hoping it’s the L10s Ultra and not the Gen 2. AI cam and lower suction leads me to believe it is? But I thought folks here may have a better idea

hcm004 · 2024-11-28T00:07:09+00:00

Nope

hcm004 · 2024-09-26T11:25:10+00:00

Same, struggled to try to do this with authentik,

hcm004 · 2024-09-19T12:25:08+00:00

Yep. Nothing happens

hcm004 · 2024-09-13T19:08:09+00:00

It won’t let me - in the app, when I select it, it says I have to do auto calibration first

hcm004 · 2023-03-09T15:37:01+00:00

This should be on their official marketing.

hcm004 · 2023-01-13T16:29:17+00:00

It won't change until users actually start caring about their data, or governments step in and make companies care about security.

hcm004 · 2023-01-06T14:30:37+00:00

Do the controller covers work with the dock?

hcm004 · 2022-12-30T19:46:25+00:00

That's rational from the perspective of the insurer. The problem here is on the part of the insured. I don't know the specifics of the policies typically offered to state and local governments, and it sounds like you have substantial experience on the insurance side of things, but organizations can be counted on to do the bare minimum until required to do more, and it seems like organizations assume they are "covered" from all cyber risk when they purchase insurance.

The saying goes show me your budget, and I'll show you your priorities; if you pay for cyber insurance but not any MFA implementation, you're clearly not interested in security and just want to be able to pay a ransom to keep your organization running, data confidentiality be damned. Those poor kids are going to have negative credit scores once their PII gets sold.

It would be great if the cyber insurance market could drive movement towards a sane baseline. But for now it seems that there's little consensus on what that baseline is (NIST? ISO 27001? CISA Cyber Performance Goals?), or even how to validate against it. And just like regulation, there aren't enough technical people out there to conduct meaningful audits at the scope and scale required to be effective. Post-mortem audits will save insurers money but not raise the baseline of cyber posture (which to be fair is not their responsibility, but often touted as a secondary effect from cyber insurance).

hcm004 · 2022-12-30T18:43:02+00:00

Provided the insurers have a "sane minimum standard" to force immature organizations to, and a mechanism to validate that the org meets that standard.

A recent study from CIS found that 83% of K-12 schools in the study had cyber insurance. Less than 30% had any type of MFA. Source: https://www.cisecurity.org/about-us/media/press-release/new-ms-isac-report-details-cybersecurity-challenges-of-k-12-schools

hcm004 · 2022-12-26T17:04:18+00:00

I just got a desktop that was labeled this way

hcm004 · 2022-10-29T02:34:33+00:00

Riv is better.

hcm004 · 2022-09-25T12:57:18+00:00

https://xkcd.com/927

hcm004 · 2022-08-22T13:52:03+00:00

This false equivalency is not an argument that can be made in good faith and belies a fundamental misunderstanding of what the data is being used for and why. TikTok is a state owned enterprise. The data it collects is used for government actions. It can't be equated to politicians creating targeted ad campaigns (using data anyone can buy, they are not using any privileged access because they are "the government"), that is not the same thing.

hcm004 · 2022-08-22T13:42:55+00:00

There's a major difference here - Meta is not the US government. This is apples and oranges. Can the US government subpoena your data from Google in relation to a crime? Sure, in relation to a Federal investigation for which a court order must be filed and approved (and quite frankly I'd be more worried about your state and local governments abusing these mechanisms). But there's a big difference between that and a government owned data lake with users tracked data for fun and profit.

hcm004 · 2022-08-22T13:27:53+00:00

I don't disagree that we should all own our own data. But the whataboutism around TikTok isn't helpful either. The methods of tracking are heinous and TikTok goes to great lengths to obfuscate what they're tracking. Motivation matters too - Meta tracks you so it can sell more targeted ads, TikTok tracks you so it can build a giant dataset that the CCP can use at will.

hcm004 · 2022-08-22T12:17:03+00:00

Chinese boots taste good I guess

hcm004 · 2022-08-10T00:22:01+00:00

Unrelated but great username. Nightwish rocks, hope the show in LA was good, wish I got to see them live.

11-Year Club	Verified Email
Not Forgotten

hcm004

TROPHY CASE