In my previous blog article we install on GNU/Linux which is my main desktop operation system. My NAS and the services that are required to be always running are on FreeBSD.
In this arcticle we will setup Stubby - the DNS Privacy Daemon - on FreeBSD.
Read more...** Installing and configuring an encrypted dns server is straightforward, there is no reason to use an unencrypted dns service. **
DNS traffic is insecure and runs over UDP port 53 (TCP for zone transfers ) unecrypted by default.
This make your unencrypted DNS traffic a privacy risk and a security risk:
Encrypting your network traffic is always a good idea for privacy and security reasons - ** we encrypt, because we can! ** - . More information about dns privacy can be found at https://dnsprivacy.org/
On this site you’ll find also the DNS Privacy Daemon - Stubby that let’s you send your DNS request over TLS to an alternative DNS provider. You should use a DNS provider that you trust and has a no logging policy. quad9, cloudflare and google dns are well-known alternative dns providers. At https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Test+Servers you can find a few other options.
You’ll find my journey to setup Stubby on a few operation systems I use (or I’m force to use) below …
Linux KVM is getting more and more useable for desktop virtualization thanks to the the virtio and QXL/SPICE drivers.
Most Linux distributes have the virtio & QXL drivers you might need to install the spice-vdagent.
On Windows you can download and install the virtio and QXL drivers.
Using the virtio drivers will improve your guest system performance and your virtualization experience.
Read more...Kernel-based Virtual Machine (KVM) has become the defacto hypervisor on GNU/Linux systems it works with great performance as it utilizes the CPU virtualization extensions Inetl VT-x or AMD-V). KVM doesn’t emulate hardware but uses QEMU for this.
It’s possible to use nested virtualization this make it possible to run a hypervisor inside a KVM virtual machine.
Read more...
My firewall is a pcengines alix.
It was running pfsense and was quite happy about it. Pfsense dropped support for 32 bits in their pfsense 2.4 release.
This would left me with a unsupported firewall which was one of the reasons to use pfsense instead of a closed source commercial router.
I could have moved to a new firewall like the pcengines apu but there is no reason to replace hardware that works fine.
The nice thing about opensource software is that we’ve options to choose from if software doesn’t match your usecase we’ve other options to choose from.
