Life is a vampire.

Dracula got a stick with his/her nameless shallow faceless tasteless choices eventually: it's a called a tree branch by accident during a storm and lightening struck the branch of a tree while Dracula took a "scroll" with his/her -gptpad- and stuff... #itwasdiy #itwasdns

#faith #storytime #horrorscifi #scifi #writing

©️ Nicolas Mouart, 2026

[Annonce de service]

Du 25 février à 22h00 jusqu’au 26 février à 11h30, les emails reçus à destination des adresses email hébergées par La Contre-Voie ont été automatiquement rejetés.

Ce problème, initialement causé par une panne réseau du côté de notre hébergeur, a entraîné une défaillance interne de notre système de mails qui n’a pas été détectée par nos outils de supervision.

Le problème est désormais résolu, veuillez nous excuser pour les désagréments occasionnés.

#ItWasDNS

I finally fixed my DNS issues at home.

IT WAS DNS.

#itWasDNS #itSAlwaysDNS

From the "It was DNS" issues, I add another one

My matrix (tuwunel) server started acting weird, it just wouldn't federate....

After much debugging I ended up checking /etc/docker/daemon.json file where years ago I set up dns0 - this was replaced by dns4eu and the old ips were decommissioned...

#itwasdns #dns #docker #selfhosting #forgetful

I suppose it helps if I do reverse DNS correctly.

Fuckin' details.

#SysAdmin #ItWasDNS

Today in "It was DNS" news.

So connectivity external to my Kubernetes cluster wasn't working and I couldn't figure out why.

So some thing in a random pod would try to resolve www.example.com and it'd get the IP of my external connection.

Pause here if you want to figure this out yourself.

I have dynamic DNS set up with a wildcard address so anything.my.domain goes to my.domain.

I also use my.domain as the root of everything internal to my network, so if I have some-service.my.domain set to point to some internal IP, I can use some basic reverse proxying to allow HTTP access externally.

However the place where those internal names are registered has changed, instead of being on my Samba AD cluster, it's now on the router as I've deleted the Samba AD cluster as it isn't and won't do anything useful for me.

However the router doesn't think it's the authoritative source of my.domain DNS entries, so it forwards them externally, so if I resolve nonexistent-host.my.domain, it gets passed upstream, resolved by the wildcard, and ends up with the IP of my external connection.

However this was happening for nearly any domain inside Kubernetes, not just obviously incorrect ones.

Why? Because Kubernetes sets "option ndots:5" in every pod's resolv.conf, and adds my.domain to the end of the search list, so any sufficiently short name is resolved as short.name.my.domain before it is resolved as short.name.

This obviously caused a lot of problems as short.name.my.domain always resolved to an IP.

I fixed this by blocklisting my.domain in the router, it turns out that Unbound on OpnSense resolved names it knows about before applying blocklists, so this works as expected without having to convince the router that it owns the domain.

Sigh.

At least things are working now.

#kubernetes #itwasdns #dns #CursedHomelab

#Quad9 #DNS has been awful lately for UK users.

Finally found the reason thanks to this reddit post: https://www.reddit.com/r/Quad9/comments/1pc9fus/comment/nryr38r/

Too late for me as I've already switched DNS provider. The lack of comms on a status page left me wondering if it was my setup or wifi. #ItWasDNS