Implement Split-Brain DNS Policies in Active Directory

Implement Split-Brain DNS Policies in Active Directory

Implement Split-Brain DNS Policies in Active Directory In this detailed guide, we will look at how to implement DNS split-brain policies in an Active Directory environment. Creating a split-brain DNS setup is crucial for managing different DNS responses based on whether the request is internal or external. This can help streamline network traffic, improve security, and ensure that internal and…

got my pfsense running again only to find out it would be much better to use routeros as i have a mikrotik router/switch

now i've gotta learn to seperate these things out....

Technitium DNS Server in Docker: Is this the Best Home Server DNS?

Technitium DNS Server in Docker: Is this the Best Home Server DNS? @vexpert #homelab #TechnitiumDNSServer #HomeLabDNS #DNSPrivacyandSecurity #DNSServerComparison #PiHolevsTechnitium #AdGuardHomevsTechnitium #CustomDNSConfiguration #BlockAdsandMalwareDNS

When many enthusiasts or home labbers start to look at services they want to run at home after purchasing some server gear, DNS server is one of the first services that you can benefit from. DNS provides the core name resolution for your home lab and server environment. Hosting your own DNS server provides many benefits over using the configured ISP’s DNS server settings. Table of contentsWhat…

View On WordPress

Blocking Ads on Mobile Devices

Blocking ads on our phones is way harder than it should be so I figured I'd make some recommendations. These are not the only options out there, just the ones that I know and have used.

Please note that browser-level and system-level adblocking are complementary; you'll have the best experience if you use both of them together as they each block different things in different places. If you want a basic idea of how effective your combined adblocking setup is, you can visit this website in your mobile browser.

Lastly, there is some additional advice/info under the readmore if you're curious (EDIT: updated March 2025 to add more adblocking options for iOS and to add info about sideloading altered versions of social media apps that don't contain ads on Android and iOS).

Android

Browser-Level

uBlock Origin (for Firefox)

System-Level (works in all apps, not just browsers)

AdGuard

Blokada 5 (completely free version) OR Blokada 6 (has some newer features but they require a subscription)

iPhone/iPad

Browser-Level

AdGuard (Safari extension; free for basic browser-level blocking, requires a subscription or one time purchase of “lifetime” license for custom filters)

1Blocker (Safari extension from an indie developer; can enable one built-in or custom filter list for free, requires a subscription or one time purchase of “lifetime” license for enabling multiple filter lists and updating filter lists to the latest version automatically)

Wipr 2 (one time purchase from indie developer; simplest option to use, but also the least configurable. Best if you are looking for one time set and forget and don’t need any custom filters. Note that it does not have a system-level blocking option)

System-Level (works in all apps, not just browsers)

AdGuard (requires subscription or one time purchase of “lifetime” license for system-level blocking)

1Blocker (can activate without a subscription, but requires subscription or one time purchase of “lifetime” license to enable system-level blocking AND browser-level blocking simultaneously)

AdGuard DNS only (this is free and does not require the AdGuard app, BUT I would only recommend it for advanced users, as you can't easily turn it off like you can with the app. Credit to this Reddit thread for the DNS profile)

Some additional info: browser-level blocking is a browser addon or extension, like you might be used to from a desktop computer. This inspects the HTML code returned by websites and searches for patterns that identify the presence of an ad or other annoyance (popup videos, cookie agreements, etc.). System-level blocking is almost always DNS-based. Basically whenever an app asks your phone's OS to make a connection to a website that is known for serving ads, the system-level blocker replies "sorry, I don't know her 🤷‍♂️💅" and the ad doesn't get downloaded. This works in most places, not just a browser, but be warned that it might make your battery drain a little faster depending on the app/setup.

Each of those types of blocking has strengths and weaknesses. System-level DNS blocking blocks ads in all apps, but companies that own advertising networks AND the websites those ads are served on can combine their services into the same domain to render DNS blocking useless; you can’t block ads served by Facebook/Meta domains without also blocking all of Facebook and Instagram as well because they made sure their ads are served from the same domain as all the user posts you actually want to see. Similarly, browser-level blocking can recognize ads by appearance and content, regardless of what domain they’re served from, so it can block them on Instagram and Facebook. However, it needs to be able to inspect the content being loaded in order to look for ads, and there’s no way to do that in non-browser apps. That’s why using both together will get you the best results.

These limitations do mean that you can’t block ads in the Facebook or Instagram apps, unfortunately, only in the website versions of them visited in your browser. It also means ads served by meta’s/facebook’s ad network in other apps can’t be blocked either (unless you're one of the rare beasts who doesn't use facebook or instagram or threads, in which case feel free to blacklist all Meta/FB domains and watch your ads disappear 😍; I'm jealous and in awe of you lol).

One note: some apps may behave unpredictably when they can't download ads. For example, the Tumblr app has big black spaces where the ads are, and sometimes those spaces collapse as you scroll past them and it messes up scrolling for a few seconds (UPDATE: looks like the scrolling issue may have actually been a Tumblr bug that they have now fixed, at least on iOS). Still way less annoying than getting ads for Draco Malfoy seduction roleplay AI chatbots imo though. And honestly *most* apps handle this fairly gracefully, like a mobile game I play just throws error messages like "ad is not ready" and then continues like normal.

One final note: on Android, you may actually be able to find hacked versions of Meta’s apps that have the ad frameworks removed. In some cases they are a little janky (unsurprisingly, apps don’t always take kindly to having some of their innards ripped out by a third-party), and they are often out of date. BUT in return you get an Instagram app with no ads whatsoever, and some of them even add additional features like buttons for saving IG videos and photos to your phone. However, use these apps at your own risk, as there is functionally no way to validate the code that the third-parties have added or removed from the app. Example altered IG app (I have not vetted this altered app, it's just a popular option): link.

It is technically possible to install altered apps on iOS as well, but Apple makes it much, much harder to do (unless you are jailbroken, which is a whole different ballgame). I'm not going to cover sideloading or jailbreaking here because even I as a very techy person eventually grew tired of messing with it or having to pay for it. If you're interested you can read more about the different ways to do sideloading on iOS here.

okay I've managed to get out of bed cleaned myself up. I'm going to sit at the dining table and work until it's done. It's 11:17am the deadline is midnight tonight I'd like to be finished by 8pm. Pray for me!

to do list:

- recreate topology

- route configuration

- add DNS server and configure that

- VLANS

- dynamic routing protocols

- ACL

- Wireless devices

- write description

oh my god i found out that my DNS record wasn't properly configured so all the emails I sent from my work email address using ProtonMail were usually being rejected and weren't going through. which is a profoundly horrible thing to realise because suddenly all those prospective clients and job applications I sent in the last few months that I thought had ghosted me....... had maybe not ghosted me at all.

I've started sending followup emails to explain the situation and make sure nobody thinks I just rudely ignored them. please let my email find you my emails have been lost and wandering scared and lonely in The Void for months

I finally figured out the whole DNS bullshit.

Turns out it actually was a problem with my router.

I hadn't configured DNS rebind protection, so my router blocked all DNS answers which answered with an IP that's inside the network. And since I was pretty much always testing it from within the network I never got an answer. I hadn't heard about it before and the setting was somewhere I didn't look.

I'll probably still keep most of my stuff behind a proxy, just to ensure I can always access it, but at least I can now be confident that people can join my Minecraft server and all that.

So now I'm pretty much just waiting until ipv6 gets more support and I'll be good

How we prevent conflicts in authoritative DNS configuration using formal verification

Source: https://blog.cloudflare.com/topaz-policy-engine-design/

Paper: https://files.research.cloudflare.com/publication/Larisch2024.pdf

Synology NAS Domain Join: The Importance of DNS Configuration

In this article, we shall discuss the issues you could face when performing a Synology NAS Domain Join: The Importance of DNS Configuration. DNS configuration ensures that devices on a network can communicate with each other and access external resources on the internet. This enables devices to locate servers and services by their domain names, facilitating seamless connectivity. Please see DSM…

View On WordPress

If you're experiencing "Error Code 102630: This video file cannot be played" on Firefox

i've been scratching my head about it for weeks and just solved the issue today - it might not work for you, but i'm posting it here in case it helps someone else.

things i tried that didn't work (but might help you):

updating/restarting firefox

updating/restarting windows (or your operative system of choice)

manually updating the video drivers

deleting the DNS cache

deleting the browser cache

running Firefox in troubleshooting mode (no extensions or add-ons) to make sure it wasn't some extension that broke in an update

what actually worked for me:

go to about:config (open a new tab and use that in place of the URL)

look up "media.mediasource.enabled"

if it's set to "false", set it back to "true" by double-clicking it

i had this configuration set to false in order to get videos to buffer completely instead of just loading a couple minutes at a time and then stopping, but unfortunately this does not seem to play well with most streaming sites/servers. pretty sure it worked well before, but an update must have broken it.

ah, well.

YI Cam Remote Access: Your Guide to Self-Hosted Surveillance

Want to have complete control over your YI Cam and go beyond its default cloud? For more privacy and customization, many users prefer YI Cam Remote Access, rather than using the manufacturer's cloud. Therefore, this post explores how to accomplish this sophisticated configuration, assisting you in navigating the frequently challenging process of self-hosting your camera's feed. Walk through this post to learn more details! 

Understanding the YI Cam Remote Access

Generally, you need to install a custom firewall on your device if you want to access the YI camera remotely and connect it to your server. Additionally, it allows leveraging the benefits of the RTSP (real-time streaming protocol) streaming as well as FTP access.  Moreover, it eliminates the need for third-party platforms and for configuring cameras to the self-hosted servers.

However, it acts as a “Network Remote Controller,” especially for the multimedia servers. It allows users to control media playback remotely. But it does not deliver audio or video streams continuously; instead, it communicates with the servers streaming the multimedia content. Hence, for the YI Cam Remote Access, users must connect their security cameras to the server through RTSP.

How to Connect Camera To Server for YI Remote Access?

Moreover, enabling the YI Cam Remote Access opens up several possibilities and advanced functionalities. So, let’s begin with the essential steps to Connect Camera To Server for managing and monitoring your YI camera remotely. 

Initially, confirm your YI Cam supports the RTSP or streaming compatibility, as some models may require custom firmware.

Subsequently, set up your chosen server device, such as a computer, NAS, or Raspberry Pi, with a suitable operating system.

Next, install essential software like Blue Iris, MotionEye, FFmpeg, or Home Assistant to manage the video feed.

Finally, configure secure remote access using methods such as port forwarding, VPN, or Dynamic DNS for external viewing.

Now, you can view, configure, and control your YI camera remotely.

Bottom Line

In conclusion, YI Cam Remote Access empowers you with full control over your camera's feed through self-hosting, prioritizing privacy & customization. Additionally, this advanced setup typically requires RTSP compatibility, a dedicated server, and management software. With secure remote access methods such as VPN or port forwarding, you can ensure seamless monitoring from anywhere.

I’m sorry but I’m still losing my fucking MIND over elons incomprehensible Linux own the libs tweet like

Like it’s incredibly obvious he heard about a traceroute, and then googled “how to delete file in Linux” and then didn’t even read the results

Like… woke_mind_virus isn’t a fully qualified domain name, meaning it relies on a custom DNS resolution specific to his machine, or if utilizing a vpn, that specific vpn’s custom host file. Or that the American government would have a host entry for a woke mind virus, which if you’ve ever had to use a government website, is laughable. Also DNS is global for the most part, but honestly we can move on at this point.

So sure, we’ll say that the government has forced all public internet in America to resolve woke_mind_virus. Where does it resolve to? YOUR OWN COMPUTER, you silly billy! Obviously! This is *almost* comprehensible. Sure, we are all infected with the woke mind virus, why not. It must be destroyed within ourselves. Yeah man, whatever. Why not? So how do we destroy it?

Duh! Just delete it! How do we do that in our L337 uber hax0r terminal on our fresh kali live usb (because partitions are scary)? We’ll save that for last.

Because while deleting one file could make a website inoperable, it does not remove every trace of it! It first needs a configuration file in the web server, usually Apache or nginx. This is at LEAST one file, but cmon, if you’re gonna psychologically program the masses and keep it out of public view, you gotta encrypt that shit! So naturally, an SSL is in order! That’s easily 1-3 more files. woke_mind_virus can get a pass on not being fully qualified in this specific case because certs can theoretically be self signed and trusted on local networks, but he wouldn’t be able to tell you that. If you stood up a little one page html site on a web server on your own computer, and navigated to it on port 443 (https://) you would get an SSL error, even though it’s on your own machine. I feel like I’ve beaten this into the ground enough, but just understand it’s stupid.

What’s important to note here is that these BARE MINIMUM files are what routes the request from your machine to the destination site, even if it’s your own computer. If you delete the contents of the site (also called the docroot), the site still exists, and can receive and route requests to and from it, it’s just empty. You’ll probably get a 404 because there’s no actual content to serve. This woke mind princess is in another castle.

It’s also imprudent to delete these configuration files first, because that’s how you determine where the site content actually is! These files dictate what directory (folder for you windows losers) is called upon to actually serve you the content you see displayed when you open a webpage. So you need this information if you don’t want to destroy the entire file system and only want to remove the woke_mind_virus site. Cmon Elon, this is baby shit.

So of course, the strat with the most Efficiency and preserving the rest of the system (which seems to be the point of the tweet) is to find the docroot, delete the docroot, and then delete the web server config files. So how do we delete them?

And here we have it: rm -rf

The syntax is as follows:

rm -rf </path/to/file>

Even if you don’t know shit about Linux, you can probably see the problem here. It’s just so blatantly incorrect, it’s almost as if he’s never done it before.

For those that want to see a real world example, here is me creating a file called woke_mind_virus in my home directory and then trying to delete it the Elon Way:

my got dam media server is acting up again. I need to buy new drives for it soon but they're just expensive enough to be annoying. I think the problem is with DNS configuration but I don't know.

TARI.EXE (Puzzlevision Corruption)

I'm not even kidding, I had a dream where that TV guy and Tari have some sort of connection and kidnapped her so she becomes his property again, forcing the SMG4 gang to go through endless unwanted simulations to entertain him. I've been thinking about that dream repeatedly, and ever since Western Spaghetti I did want there to be some sort of connection. Can't wait to see more of TV Guy (or Puzzlevision as it says on his face). Also, the background text are just command prompt text, or rather Tari's programming. I've been finding so many examples of how to do program writing.... or coding? Idk lol. At some point my brain just stopped working. Anyways, i'll put below what the text says, and if you pay attention to the numbers in the written sequence, you'll see some hidden detail (Hint: The numbers are episode dates).

Background Text:

TASCORP Windows [Version 17.6.02023]

(c) 2023 TASCORP Corporation. All rights reserved.

C: \Users\TARI>ipconfig/flushDNS

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C: \>taskkill /f /im TARI.exe

SUCCESS : The process "TARI.exe" with PID 250818 has been terminated.

C: \>winge install "Puzzlevision SIM"

Found Puzzlevision SIM [TASCORP.Puzzlevision SIM] Version 28.10.23

This application is licensed to you by its owner.

TASCORP is not responsible for, nor does it grant any licenses to, third-party packages.

Downloading https://puzzlevisionsiminstall.net.com/stable/smg4/Setup-v28.10.23.exe

90.0 MB / 90.0 MB

Successfully verified installer hash

Starting Package install . . .

Successfully installed

X: \windows\system23>cd C: \Windows\system23

C: \windows\system23>systemreset

PUZZLEVISION SIMUL. Windows

Copyright (C) Puzzlevision Corporation. All rights reserved.

C: \WINDOWS\system23>sfc /scannow

Beginning system scan. This process will take some time.

Beginning verification phase of system scan.

Verification 100% complete.

Puzzlevision Resource Protection found corrupt files and successfully repaired them.

Puzzlevision Resource Protection did not find any integrity violations.

Gshade Preset: Mellow`Heart

Sul sul! Indulge yourself with this soft matte Gshade preset. Happy simming!

Little Knowledge

Most preset comes with SMAA & FXAA. Both exist in one preset and so as this preset of mine. It is not recommended to use this because these two functions the same, smoothing the edges. The key difference depends on the hardware you are using. FXAA is a smart anti-aliasing recommended for average pc. On the other hand, SMAA is a smarter anti-aliasing recommended for High-end GPU pc. I have both enabled SMAA and FXAA in this preset. You should disable one of them. Martysmods_smaa is twice the performance of the original SMAA. YOU can switch to this from the default SMAA.

Let's talk about MXAO. This is a shadow and depth fx. The default configuration is Very high which I don't recommend for average PC. Adjust to medium to reduce the lag. Or the best alternative to this, which I am using with this preset is the qMXAO(quint). This is better for gameplay. You can switch to MXAO if you have a powerful pc if you want.

NOTE:

TURN OFF performance mode on gshade (darken the preset if turned on)

TURN OFF edgesmoothing in graphics settings

Be happy

Recommendations: For a better graphics, use the following overrides/mods.

Sunblind

Nobluv2 & Noglov2.1 (you can use both)

even better in-game lighting (you can't use this if you installed Noglo)

Pastel world (conflict with sunblind) - if you don't like the hassle of sunblind installation, use this.

fluffy clouds - overrides the clouds

map replacement mods

Dag dag!

Download:

Patreon

Mellow`Heart~[kazzaeo] SFS - Updated 10/20/24 

(use CloudFlare DNS 1.1.1.1 if you cannot download files from SFS)

For my Hallow'Heart preset, click here