u/Crimson-Entity

Hello all,

I'm trying to resolve DNS on Docker level without NAT, and even when the Docker containers are in the same Docker network DNS queries go through NAT and all queries are shown from the gateway.

I found a way to mitigate this, by adding a DNS flag on the /etc/docker/daemon.json file. I restarted Docker after this and all DNS are queried on Docker level no problem.

The problem is that after reboot the configuration file just reverts back to default, undoing my DNS flag. Any script I can run so that I can stop TrueNAS from reverting this file specifically after reboot?

Greetings all,

To preface I have surface-level knowledge on Docker, I barely know anything about Docker networks and such.

I'm working on implementing DNS server (AdGuard Home) on Docker level instead of Device level, so that I can see each Docker container's DNS query.

On my Debian VM I pointed the DNS server to my AdGuard instance's Docker IP, and it all works fine. I can see each Docker container's DNS query.

However on TrueNAS, every single DNS query is shown as the Docker gateway (172.16.16.1)

I dug in a bit deeper and found out that each Apps reside on their own Docker subnet (172.16.1.0/24, 172.16.2.0/24, 172.16.3.0/24 and so on), therefore each compose stacks having a different gateway.

My understanding is that since the DNS queries have to travel between subnets and shows up on AdGuard's gateway, it's the reason for all DNS queries being shown only as 172.16.16.1. (AdGuard's Docker IP is 172.16.16.2)

Is there a way to mitigate this? I could put all Docker containers into a single Docker subnet but I would like to see if there are other ways to solve this problem.

Greetings all,

I was using ProtonVPN's WireGuard config files so that I can selectively route Reddit's CDN through VPN so that I can have an ad-free experience on mobile. It was all working fine until I upgraded the firmware to 26.1.8.

I did a quick VPN leak test and found out while IP address was being proxied properly, WebRTC wasn't. To see if this was a fault on ProtonVPN's side, I did a leak test on a same WireGuard config file both on MacOS's WireGuard app and on OPNsense—while MacOS was showing it's WebRTC's IP address the same as the proxied IP address, OPNsense's was not.

I didn't take a snapshot before upgrading the firmware (which I should have), so I can't revert back to the previous version to see if the new update broke this. If there's anyone who has access to version 26.1.7, I'm willing to give out a WireGuard configuration file so that you can test it out and see if the new version broke this.

So what I mean by the title is this:

I self-hosted NetBird on netbird.domain.tld

When the VPN is on, all the *.domain.tld logs don't even get queried with my DNS server, because (I presume) all the queries are being processed via the integrated traefik beforehand

If I weren't selfhosting NetBird, it's easy to have internal reverse proxy (since my netbird domain is different from the domain that my reverse proxy instances use); just point my endpoint devices to a dns server, that has dns rewrites with all my domains pointing at a reverse proxy. I can't seem to do that while selfhosted because all my domains get stuck in the traefik instance (presumably).

Do I need two domains to achieve the same thing while self-hosting? Or is there some kind of workaround this whilst using one domain.

Much thanks in advance.

I know some people get really intimidated with a wall of texts, but assuming it was paragraphed correctly, I don't think there's anything more personal and raw than a letter.

Not that there's much instances where I need to write one, but maybe that's why I enjoy it so much—the chances don't come often, and when you get into the trance where you're able to churn out hundreds of words within an hour or two, it really gets cathartic.

My only gripe is that it never gets reciprocated in the same manner. But I get it, since not everyone uses writing as their main method of expression. However for me it feels as nothing tops it.

Maybe I'm rambling a bit since after last month I haven't felt like anything akin to that feeling of purge. I'm missing it but maybe it's a good thing that it doesn't come often? Means you have less or no drama, but at the same time I'm yearning for that feeling of the vibrance and the turbulance of interconnectedness with somebody else..

I’d assume maybe people assume that one who is socially awkward or comparatively lack social skills are to be introverted; at least the typical stereotype is so.

But in the way I see it, social skills have nothing to do with introversion or extroversion. You can be socially skilled and still be introverted, or vice versa, be extroverted and be socially awkward (which is the worst combination in my book).

I don’t know if it’s just on the internet but I see this collective thought that introverted people are somehow deeper and more introspective— maybe that’s correct to a point but at the same time they somehow insinuate the conclusion that therefore people who are not introverted (not my tribe) are shallow and superficial, which irks me a bit if I’m honest.

Hopefully it’s not much of the case in the real world but it irritates me when people flaunt their personality as if it’s a badge of honor. As if it’s superior than the other. Maybe it’s just in the tendency of the human mind where it’s hard for them to see things in a value-neutral perspective. There’s nothing to be prideful or ashamed about your personality—at least for me I want to see it from a value-neutral standpoint.

Anyways, that’s a short ice-breaker for me, a little bit of personality conversation and how it’s portrayed on the internet. If you have any of your own thoughts on it and want a sounding board, my DMs are open.

Also, mid 20s guy. Just putting my AS of ASL, just to filter out expendable conversations

Yes, this is a direct rebuttal to a post that was made like around 24 hours ago.

People's recommendations to beginners has always been Optiplexs, Thinkcentres, EliteDesks or Cheap N100 Mini PCs from Aliexpress or whatnot. And I think it's perfectly fine, especially as a jumping-off point.

Do you know where people start with Homelabbing? Getting a computer, (whatever hardware that may be) and tinkering with linux and Docker containers. And you know what's the cheapest way to get into that? A Mini PC. It doesn't take much compute to do those things, and hell, I'd say even a Raspberry Pi can do that, albiet Mini PCs being the superior choice for that.

If you want to have a NAS or a media server, then yes. Expandability and storage tends to get limiting on Mini PCs. Then you know what you do? You buy a NAS or hardware that you can expand on. Mini PCs weren't a big investment to begin with, although now with hardware prices increasing it can be debated. But I'd say that if you knew that your needs were met better with a NAS or anything that requires bulk storage, you were not the people who were asking for advice on what hardware should you begin homelab with.

Plus, for people who continue on with this hobby, I've never seen ANYONE Ship-of-Theseus-ing their one computer on and on. They get switches, more compute, more storage and so. It's not like after you get a NAS or a more expandable hardware Mini PCs get irrelavent. They can always be repurposed for redunducy or for cluster. Or even better, you can now seperate compute and storage, now that you have more than two dedicated devices that can each serve its own function.

You also have to consider people who loses interest in homelabbing. It's way easier to repurpose Mini PCs for them than Mid-Tower PCs. They fit anywhere so if you're just gonna use it to browse or basic media needs it's so much easier to relocate them. More convinient to sell them too, since with modular PCs they're harder to sell in one piece.

And I know for some people they don't care about efficiency, like if you're in an energy-abundant country like the States. But for places like Europe, especially in this current political and economical climate, every Watt during idle matters. And in my experience modular PCs do consume more Wattage during idle than Mini PCs, which most of them are going to stay idle for 90% of their service time.

But back to my main point, most people's needs are met with a couple docker containers. If you have hundreds of youtube videos you need to archive, or couple hundred GBs of image and videos that you want to deGoogle from, then you already know who you are. But for people who are new to the homelab/linux/selfhosting world, a Mini PC is a perfectly adequate onboarding point. A better offboarding point if you figured it's not much of a cup-of-your-tea, too.

Basically the title. I'm assuming that since the A record (netbird.subdomain.tld) points to itself according to OPNsense that there's some error happening when trying to authenticate.

Or is there anything else I need to configure? I keep getting the "failed creating connection to Management Service: create connection: dial context: context deadline exceeded" error.

I prefer not to use a VPS or setup a NetBird instance outside of my main network since that means paying for a service or needing to buy new hardware.

+) Informational logs say "transport: authentication handshake failed: tls: failed to verify certificate: x509: certificate is valid for OPNsense.internal, not netbird.subdomain.tld". So I guess my assumption was correct in that the error is being caused since it's being pointed to itself. Is there any other way to resolve this other than the insane method which is to replace the default certificate on OPNsense with Netbird's?