The votes are in. LinuxQuestions, one of the largest Linux groups with 550,000 members, has just posted the results from its latest poll. The winner for the most popular desktop distribution? Slackware!
February 12, 2017
February 12, 2017
February 9, 2017
Sure, you can use BIND (Berkeley Internet Name Domain) for your Domain Name Server (DNS). BIND is almost everyone’s favorite domain name server software and I’ve installed and managed it before. But, and it’s a big but, full-scale BIND can be a pain to run. So, unless I really need BIND’s full power, I use another program: Dnsmasq.
Dnsmasq is an easy-to-use and -setup caching DNS server. Stop laughing! It really is easy!
As a refresher, DNS is the Internet’s master phone book. It turns machine-usable IP addresses into human-readable domain names. Linode provides good documentation on its DNS manager; how to set up a reverse DNS server, which resolves an IP address to a domain name; and common DNS configurations.
Dnsmasq is a small, open-source application that’s designed to provide DNS and, optionally, Dynamic Host Configuration Protocol (DHCP), addressing to a small network. It also supports IPv4 and IPv6 static and dynamic DHCP leases, tftp, and BOOTP and PXE for network booting of diskless systems. For our purposes, I’m sticking with DNS.
The program also supports Domain Name System Security Extensions (DNSSEC) upstream. With today’s seemingly endless DNS-based Distributed Denial of Service (DDoS) attacks, you MUST use DNSSEC.
Dnsmasq is a lightweight program. In the past, I’ve run it in my home-office on a Hewlett-Packard 521n mini-tower PC with an AMD Athlon XP 1.4 GHz processor, 256MBs of RAM and a 60GB hard drive. In short, no matter how small your server or VM, you can run Dnsmasq.
The program is also widely available. It’s included in almost all Linux distributions.
Presuming you’re using Debian or Ubuntu, you’ll take the following steps to get Dnsmasq up and running. If you’re using another operating system, just use its default package installation routines.
apt-get install dnsmasq
That’s it. Dnsmasq should now be running.
To test it out run
dig linode.com localhost
This forces your server to use Dnsmasq for looking up the DNS record. You should put up the record in single milliseconds. That’s the big advantage of using Dnsmasq. It makes looking up frequently used domains?—?FAST!
Dig is a DNS utility program. It gives you information about a site’s address and how long it took to get its IP address from the DNS server.
By default, Dnsmasq will use the DNS servers setup in your /etc/resolv.conf file. On Linode, this will include Linode’s default DNS servers.
I like to add additional DNS servers, so if the default DNS servers go south, it will keep working. Don’t go hog-wild with setting up DNS servers. Dnsmasq will only access the first three sites listed in the resolv.conf file. I usually add one of the Google Public DNS servers, 22.214.171.124 or 126.96.36.199 and one of Cisco’s OpenDNS servers, 188.8.131.52 or 184.108.40.206, to the default DNS site. You do this by adding them to resolv.conf with your favorite text editor. That’s vi for me.
While, you’re in the resolv.conf file, go ahead and add 127.0.0.1 localhost as the first line. This enables Dnsmasq to cache DNS queries for queries from the local machine.
By default, Dnsmasq treats all nameservers as equals. It picks the one to use by using an algorithm designed to avoid nameservers which aren’t responding. If you want to use the servers in the order you have them in the resolv.conf file, run dnsmasq with the -o flag.
Next, I need to start it up to make sure that it works. Like most Linux/Unix utilities, you can do this with an init script. So, from the shell, I start it as root with:
# /etc/init.d/dnsmasq start
But, how do I know if it’s actually done anything? For that, you run the dig command. For example:
Dnsmasq is configured in /etc/dnsmasq.conf. I recommend copying the original to keep as a reference. For example, dnsmasq.conf-master. Every time you make a change to dnsmasq.conf you have to restart Dnsmasq.
The easiest way to do that is with the command:
There are several changes you might want to make in Dnsmasq.conf. The important one is to upgrade the cache size. By default, it’s 1,000, but I prefer 2,048. Look for the line:
cache-size=1000 and change it accordingly.
Once you have it running properly, your next step is to set up dnsmasq so it runs automatically. The easiest way to do this is to run it with cron.
Why did I mention upgrading the cache? That’s because I’ve found Dnsmasq’s biggest advantage is the way it speeds up your DNS queries… a lot.
For example, one Linode customer from a few years back who was doing millions of DNS lookups got 50 percent hits from the Dnsmasq cache and that dropped their average DNS lookup time by 30 to 50 percent…
Now, that’s the kind of DNS performance I want!
The Cloud Security Alliance (CSA), a leading organization dedicated to ensuring a secure cloud computing environment is working with Securing Smart Cities, a nonprofit global initiative focused on smart city cybersecurity, to set up drone guidelines.
Their report, co-authored by the CSA Internet of Things (IoT) Working Group, provides guidance for the safe and secure creation and operation of municipal drone programs. To borrow from President Trump, it’s going to be Yuge.
Why is the Cloud Security Alliance involved? While you can control and monitor a DJI Phantom 4 Quadcopter from a handset, you’re going to need more resources if you’re running hundreds or thousands of them. You need the resources of the cloud.
The Federal Trade Commission (FTC) announced on February 6 that Vizio had spied on almost every TV viewer from their Vizio smart TVs. Rather than fight the accusation any longer, Vizio has agreed to pay $2.2 million in fines and stop spying.
Do you want the IRS, FBI, or SEC looking into your email without a warrant? Probably not. That’s why a bipartisan group of lawmakers reintroduced the Email Privacy Act after it failed to pass last year. This law would keep your email from government snoopers without a warrant. This time, the bill passed the House of Representatives by a unanimous voice vote.
That’s a good start. The real challenge will be getting passed by the Senate and then getting President Donald Trump to sign it.
February 6, 2017
New York Attorney General Eric T. Schneiderman didn’t mince his words. In his announcement of a lawsuit against Charter and its subsidiary Spectrum, formerly known as Time Warner Cable (TWC), he said: “The allegations in today’s lawsuit confirm what millions of New Yorkers have long suspected — Spectrum-Time Warner Cable has been ripping you off.”
February 6, 2017
Well, that didn’t take long.
President Donald Trump appointed long-time net neutrality enemy Ajit Pai as chairman of the Federal Communications Commission (FCC) — and he’s dismantling net neutrality as fast as he can.
February 3, 2017
There’s nothing new about mesh-networking technology. What is new is that mesh networking is finally cheap enough to be deployed in both homes and small businesses.
Mesh networking deals with that most common of Wi-Fi problems: Dead zones. You know how it goes. You move your laptop from your office to your conference room and — blip! — there goes your Wi-Fi connection.
February 1, 2017
Almost two years ago, The Document Foundation announced it was going to bring LibreOffice to the cloud. With the release of LibreOffice 5.3, that day has finally come.
January 31, 2017
I’ve been consulting on cloud migrations and deployments for a while now. Along the way, I’ve seen lots of mistakes made. Mea culpa: I’ve made some of them myself.
Don’t be like me, or a lot of companies. Avoid these five blunders and you’ll be much better off.