[-] MyTechAccount90210@alien.top 1 points 11 months ago

I get it...it's awesome. Just took a second to wrap my head around some of the nuances that I needed for my environment. But hellz yea, works great. I wish the dashboard had automatic ajax refreshing though.

6

So I've been a pihole user for a long long time....but seeing the advancements in AdGuard Home and some of the nicer UI facets, I was interested in giving it a try. I also have an active directory domain that I need to manage as well.

So, prior to recently, I had routed all DNS requests thought the AD DCs, and their upstream resolver was PiHole, and then Pihole routed to its internal install of cloudflared with DNS over HTTPS to the cloudflare DNS services.

More recently, I changed my DNS services in DNS to point directly to pihole, managed my local dns records in pihole and then used conditional forwarding to my AD DCs for local DNS resolution. The biggest benefit I saw in this adjustment is that I can identify what hosts are making what requests.

More recently than that, I brought Adguard Home into the environment and am using it as a secondary DNS server. I ended up taking it out of the mix for the moment. My thought process was having one DNS server on each of my active VM hosts just in case.....but managing internal DNS records in adguard home is a bit of a pain in the ass, and there is no way to import in bulk.

So, the questions, 1) do you just use one or the other... pihole, vs adguard home.... 2) do you use multiple dns servers or just a single one upstream...3) whats your preferred method of internal dns management in conjunction w/ pihole/adguard home?

1

Hello all. I'm bouncing around ideas in my head right now, and I want to take the next step in my home infrastructure. As it stands, I have my main docker server that hosts a variety of stacks and containers, and of course my nginx proxy manager as well.

Basically all the containers have the ports open that they need, and the proxy is just hairpinning back into the same VM. So DNS for my friendly name stuff points 10.178.200.4, and then the proxy points to 10.178.200.4:8787 or 8989 or whatever for the individual apps.

I feel like, at least in my mind with the docker virtual networks, that I should be able to close all the ports except 80 and 443, and route traffic to the virtual IPs that come from docker, and the networking can be done internally. Is my brain working, or is this stupid?

[-] MyTechAccount90210@alien.top 1 points 11 months ago

man thats a nice little app

[-] MyTechAccount90210@alien.top 1 points 11 months ago

Hahahahah, I'm sorry son, what's your ticket number? SHeeewwwwwaaahhh yeahhhh I'm going to need a ticket number. You're welcome to open one by emailing helpdesk@thesmithfamily.net and we'll get with you just as soon as we can in the order received. Just know, our agreed SLA is between 4 and 8 business hours, depending on your grades this week.

[-] MyTechAccount90210@alien.top 1 points 11 months ago

You don't add it from the app. You add it in server settings. And you wouldn't hairpin, you'd have the firewall rules. Having it in dmz would segregate it from your internal network so outside users could hit it .... If you so choose.

[-] MyTechAccount90210@alien.top 2 points 11 months ago

You're doing something wrong or you have an incompatible isp. If you want to have it in your dmz, great poke firewall rules for 32400 and set up the internal subnet as an approved lan subnet.

[-] MyTechAccount90210@alien.top 1 points 1 year ago

I'd love to know, but it's best I dont.

3 HP DL380s, 4 drives each
1 HP DL380, 15 drives
1 Chenbro 1U storage server, 12 drives
1 supermicro 1U storage server, 12 drives
1 HP DL360, 4 drives I think
2 netgear business poe switches
2 fortigates
2 microtik 8 port 10G switches
2 smart UPS 1500 units

I just dont want to know.

[-] MyTechAccount90210@alien.top 1 points 1 year ago

Cloudflare is as safe as you design it to be. Once you're tunnel is set up, you configure and access app and set up whatever rules you want. For me personally, for ultra protected stuff like my proxmox management I require warp to be in use and then an email MFA code. Along of course with my proxmox login.

MyTechAccount90210

joined 1 year ago