2·
1 year agoMost self-hosters are probably using dns services through their registrar, but you don’t have to. A registrar with poor api support might still be a good choice, if that was the only negative.
Illiterate Domine
- 0 Posts
- 4 Comments
Joined 1 year ago
Cake day: June 12th, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
Well, I’m back and can confirm the sneaky DNS resolver. I have two roku devices and they both were making requests to 8.8.8.8.
Thanks for this post! TIL.
Interesting. I set an adblocking dns via DHCP and, as far as I know, the Roku respects it. Ads are blocked and I can see it failing to delivery telemetry in my dns logs (most persistent thing on the network).
I set a rule to catch outside dns to see if anything, the roku included, has been misbehaving.
There are many ways to setups full disk encryption on Linux, but the most common all involve LUKS. Providing a password at mount (during boot, for a root partition or perhaps later for a “data” volume) is a but more secure and more frequently done, but you can also use things like smart cards (like a Yubikey) or a keyfile (basically a file as the password rather than typed in) to decrypt.
So, to actually answer your question, if you dont want to type passwords and are okay with the security implementations of storing the key with/near the system, putting a keyfile on removable storage that normally stays plugged in but can be removed to secure your disks is a common compromise. Here’s an approachable article about it.
Search terms: “luks”, " keyfile", “evil maid”