Setting up OpenStack-Ansible All-In-One on a Centos 7 system

January 21, 2019 6 minute read

Openstack is a nice platform to deploy an Infrastructure as a service and is a collection of projects but it can be a bit difficult to setup. The documentation is really great if you want to setup openstack by hand and there are a few openstack distributions that makes it easier to install it.

Ansible is a very nice tool for system automatisation and is one that’s easier to learn.

Wouldn’t be nice if we could make the openstack installation easier with ansible? That’s exactly what Openstack-Ansible does.

In this blog post we’ll setup “an all-in-one” openstack installation on Centos 7. The installer will install openstack into lxc containers and it’s nice way to learn how openstack works and how to operate it.

Preparation

best wishes 2019

January 2, 2019 less than 1 minute read

How to configure DNS-over-TLS on OPNsense

December 9, 2018 2 minute read

DNS-over-TLS

In my previous blog posts we configured Stubby on GNU/Linux and FreeBSD.

In this blog article we’ll configure DNS-over-TLS with Unbound on OPNsense. Both Stubby and Unbound are written by NLnet.

DNS Privacy with Stubby (Part 2 FreeBSD)

October 7, 2018 8 minute read

FreeBSD

In my previous blog article we install on GNU/Linux which is my main desktop operation system. My NAS and the services that are required to be always running are on FreeBSD.

In this arcticle we will setup Stubby - the DNS Privacy Daemon - on FreeBSD.

DNS Privacy with Stubby (Part 1 GNU/Linux)

September 9, 2018 9 minute read

** Installing and configuring an encrypted dns server is straightforward, there is no reason to use an unencrypted dns service. **

DNS is not secure or private

DNS traffic is insecure and runs over UDP port 53 (TCP for zone transfers ) unecrypted by default.

This make your unencrypted DNS traffic a privacy risk and a security risk:

• anyone that is able to sniff your network traffic can collect a lot information from your leaking DNS traffic.
• with a DNS spoofing attack an attacker can trick you let go to malicious website or try to intercept your email traffic.

Encrypt your dns traffic

Encrypting your network traffic is always a good idea for privacy and security reasons - ** we encrypt, because we can! ** - . More information about dns privacy can be found at https://dnsprivacy.org/

On this site you’ll find also the DNS Privacy Daemon - Stubby that let’s you send your DNS request over TLS to an alternative DNS provider. You should use a DNS provider that you trust and has a no logging policy. quad9, cloudflare and google dns are well-known alternative dns providers. At https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Test+Servers you can find a few other options.

You’ll find my journey to setup Stubby on a few operation systems I use (or I’m force to use) below …

GNU/Linux