The BrothersWisp Podcast

Finally had some time to contribute to another podcast I am a part of.

http://thebrotherswisp.com/index.php/the-brothers-wisp-115-wisp-after-death-unifi-video-eol-rpki-basics/

This week we talk about:
WISP Virtual Summit July 28th
Save Dave’s brain
RIP Ubiquiti Unifi Video – EOL 1/1/2021
zwift.com
Cloudflare DNS outage
David – Arduino, PHP programming, cycling and weight loss, new kid,
Wilson’s RPKI
Mike got some new hardware; a stent!
I’m done with my sales training – I’m a real boy

Simple Mikrotik DNS cache flush script

This content is for Patreon subscribers of the j2 blog. Please consider becoming a Patreon subscriber for as little as $1 a month. This helps to provide higher quality content, more podcasts, and other goodies on this blog.
To view this content, you must be a member of Justin Wilson's Patreon
Already a qualifying Patreon member? Refresh to access this content.

Using 8.8.8.8 or local resolvers for ISPs

I recently uploaded a video to youtube talking about why ISPs should not be using external resolvers such as google’s 8.8.8.8 to do resolving for their customers.  In this post, I am going to give you, The Patreon subscribers, more information on this topic.

Some clarification.  Running 8.8.8.8 as your primary resolver is not an evil thing, it’s just not optimal.  Whenever I am managing a network I want to squeeze every last bit of performance I can out of it.  One way to do this is to run your own resolvers with root hints.

Let’s start with some links

Everything you ever wanted to know about root hints
https://kb.isc.org/docs/aa-01309

Setting up Unbound
http://troubleshooters.com/linux/unbound_nsd/unbound.htm

FAQ
Do I setup forwarders or root hints?
Do root hints.  Bind will cache the lookups.  This way you are not dependent on another entities DNS servers

My upstream ISP has DNS servers. Should I use them?
This is better than nothing, but I would ask them where those servers are located.  It’s really not that hard to run your own.

 

How to disable one of the dumbest things ever: AKA DNS over HTTPS (DoH)

So the folks over at Mozilla thought it would be cool to do DNS over HTTPS.  This is a dumb idea. If you happen to be running Mozzilla Firefox you should disable this for your own sake.

https://support.mozilla.org/en-US/kb/configuring-networks-disable-dns-over-https

If you want the functionality of DNS over HTTPS (DoH) then use a VPN and make your life easier.

Mikrotik DNS DDoS script

This content is for Patreon subscribers of the j2 blog. Please consider becoming a Patreon subscriber for as little as $1 a month. This helps to provide higher quality content, more podcasts, and other goodies on this blog.
To view this content, you must be a member of Justin Wilson's Patreon
Already a qualifying Patreon member? Refresh to access this content.

Protecting Mikrotik from DNS amplification

This content is for Patreon subscribers of the j2 blog. Please consider becoming a Patreon subscriber for as little as $1 a month. This helps to provide higher quality content, more podcasts, and other goodies on this blog.
To view this content, you must be a member of Justin Wilson's Patreon at $1 or more
Already a qualifying Patreon member? Refresh to access this content.