DefederateLemmyMl @ SpaceCadet @feddit.nl

* Gen𝕏

---

Read more

Posts

2

Comments

652

Joined

2 yr. ago

Why call it secondary then, that’s so counterintuitive lol

I don't think that's even the official naming. It probably comes from what Windows 95 called it back in the day:

On Linux, it's just an additional "nameserver x.x.x.x" line in /etc/resolv.conf, with no indication of which is the "primary" or "secondary".

Your understanding is not correct. For page elements, uBlock prevents the domain from even trying to load, so no DNS request is ever made. Only if you go directly to an ad domain from the url bar (who does that?), does a DNS request get made.

For example, on my own webserver, I created a simple static html file with an

<img>

 `

    
<html>
adblock test
<img src="https://track.adtrue.com/some/bannerad.png"></img>
</html>
`
  

Loading that page, uBlock showed 1 blocked ad on that page, pihole only logged a DNS request to my webserver, not to track.adtrue.com.

Once I turned off uBlock in the browser and reloaded the page, pihole did log the request to track.adtrue.com and blocked it. My browser showed a broken image.

I use firebog's ticked lists, from what I can tell from the logs ad domains are blocked just fine.

But as I said, I have ublock origin on all my browsers which already catches most ads before they reach pihole, and I don't use mobile a lot when I'm at home. Oh, and I also use Linux, so no Microsoft telemetry to block either.

1.7% makes perfect sense to me.

That's not really the point. The point this post is making is that third party software is often not available as a package for your distro. It's been a minute since I used Slackware, but I doubt you can find neatly built tgz slackware packages of Steam or the Nvidia drivers.

I know Slackware has slackbuilds and you can install sbopkg to search for packages and automatically build them, but that goes a bit beyond "just use your package manager".

The box I'm running pihole on hosts several other services as well, so I dread having to reinstall everything. Most of it is dockerized, but still.

Anyway, I also waffled back and forth on dockerizing pihole when I initially installed it ... but ended up going bare metal, and now I wish I would have gone docker from the start. The initial install is perhaps slightly more complicated, but it's so much more maintainable and transportable to other devices: transfer volumes, and run your docker-compose.yml on the other box ... and voila, you've cloned your pihole. I use that system to keep my backup pihole in sync by the way.

Before pihole was essentially a frontend for dnsmasq but it seems like it’s a bit more than that now

Indeed, it doesn't run dnsmasq separately anymore, but somehow incorporates all dnsmasq capabilities and it still uses dnsmasq syntax config files, and can be configured to include the /etc/dnsmasq.d configs.

Randomly? No, only when your pi goes down

Not how secondary DNS works. It round robins the requests across primary and secondary DNS servers.

Secondary DNS is not for redundancy!

The way secondary DNS works is that a client distributes DNS requests across the primary and secondary DNS servers. So if you have pihole as your primary DNS and, say, 8.8.8.8 as your secondary DNS, you're sending half of your DNS requests to google unfiltered. And if your pihole DNS goes down, half of your DNS queries time out.

The way to have redundancy with DNS is with a standby server that takes over the IP of the primary server if it goes down. You can do this with keepalived.

Literally just had my pihole hard crash this weekend due to a bad update to FTL. Apparently they had a major version upgrade and didn’t bother to read the notes so I had to do a full OS reinstall.

The v6 upgrade was such a disaster. I was bitten by it too, it started the upgrade then halfway through decided it didn't like my OS (debian-testing) and crapped out ... leaving me with a b0rked installation. Luckily I was able to return to v5 using my system backup. It was a right pain to figure out how to restore though, because they write files all over /opt, /etc, /usr/bin, /usr/local and /var.

For this reason I have since dockerized my pihole installation. Not only does this allow you to choose the exact pihole version you want (a bare metal install only supports the latest version), but it allows you to centralize your configuration files neatly under a docker volume, so you only have to backup the volume.

Raspberry Pies (is that how you pluralize it?), and especially their SD cards are not the most reliable pieces of hardware. I've already had a few die on me.

As for how annoying outages are, I guess that depends on how many people and services you have on your network relying on a functioning DNS. I am running two pihole instances on separate hardware in a keepalived virtual IP setup, with a replicated configuration. Sounds complicated, but it's really easy.

It's just nice to be able to reboot or perform maintenance on my pihole knowing it won't impact DNS, and not having to worry about interrupting my girlfriend streaming her Netflix series or whatever. For example, just a couple of weeks ago I converted my bare-metal pihole installation to a dockerized one, which was a couple of hours of work, without any DNS downtime at all.

It isn't so much about the payload of the DNS requests, but about the content that would have been loaded if the DNS request hadn't been blocked.

If you load a page that has 100kB of useful information, but 1MB of banner ads and trackers ... you've blocked a lot more than 66%. But if you block 1MB of banner ads on a page that hosts a 200MB video, you've blocked a lot less.

Also a 66% blocked percentage seems very high. I have installed pihole on 2 networks, and I'm seeing 1.7% on my own network, but I do run uBlock on almost everything which catches most stuff before it reaches the pihole, and 25% on the other network.

Misleading statement. It doesn't block "traffic", it blocks DNS requests... you don't know how much traffic this corresponds to.

So you can't become root on your system unless you switch to that tty? That sounds like a gigantic pain in the ass.

Me use apt. Why use many letter when few letter do trick?

I ... have no problems with that. I wouldn't do what you do, but it's your server and kate's a good GUI editor. I use it too when I'm in a GUI workflow. The only issue I have with kate is that it hangs if a mountpoint (NFS or Samba share) is temporarily unavailable.

Personally I am of the nonanoist denomination. I will curse all the demons of hell when on a new system I type vipw or systemctl edit some.service and I am unexpectedly faced with the demon called nano. Words cannot describe how much I loathe this pityful excuse for an editor, this usurper of editing powers, this illegitimate occupier of the editor symlink. How dare you insult me, the omnipotent god called root, by presenting me with a training tool for novices?!

Fortunately, there are ancient spells that can nullify its powers. 'I command you: be gone Satan', I will utter under my breath as I carefully type in the magic incantation to cast it back into the fiery chasm from whence it came:

        apt -y purge nano





  

The thing is, simple can mean two things, and they are quite often at odds with each other.

It can mean simple to understand, or simple to use.

For example, a piece of software that's just a binary, a config file and a man page describing the config file and the software's behavior is generally quite easy to understand. Like, you can fit the idea of the program entirely into your mind and "comprehend" it, though it may not be easy to use for a novice.

By contrast, a piece of software that contains additional layers for easy of use, like a GUI to edit options, may be simple to use, but not necessarily simple to understand. The additional layers add more complexity that does not contribute to core functionality of the program, it can become unclear what gets changed where when you click on buttons, the config file is likely not documented, human readable or editable, or it may even be a completely opaque configuration database (the registry), ... So making the software more simple to use, often makes it harder to comprehend.

I, and I think many other nerds, like software that is simple in the "comprehensible" sense, we want to be able to wrap our head around it completely and we don't mind putting in a little bit of effort to achieve that comprehension, whereas other people prefer to hit the ground running.

LOL yes, I had a look at those too when I was looking for a more minimal terminal. Noped the fuck out when I read you had to recompile the tools to configure them.

It's not that this is beyond my skill level, but that is just so ... why would I want to do that?

I installed Debian Buster and ran Firefox on my Pentium 3 750 a couple of years ago. It wasn't very fast or very usable, but I ran it.

I mostly use that system for retro games in DOS 6.2 and Windows 98. The Debian installation is my utility OS for when I want to transfer new stuff to the DOS partitions, because it's way easier to connect it to the network.

Communication is key

Sure, but honestly it sounds tiring if this kind of discussion is a recurring thing.