ElasticSky

5. November 20205. November 2020

Homelab DNS Server with Raspberry Pi and Bind9

VMware vSphere and other products from the VMware ecosphere highly rely on DNS resolution. Name resolution is crucial to the virtual world and there’s a rule amongst troubleshooters:

“If you’ve ruled out DNS as the origin of your problem – check DNS again.”

In the corporate sector there are usually DNS servers of various types. Either hardware appliances with DNS functionality, or entire Microsoft Active Directory servers. However, if you want to set up a homelab, your office usually has only a small DSL router with a (poor) DHCP server functionality. It is possible to run DNS servers or whole ADS domain controllers inside a VM, but then we have the chicken and egg problem. The VM will start after cluster and vCenter are online. Until then wild things can happen in a vSphere cluster without DNS. So we are looking for a small, energy-saving, inexpensive and configurable hardware solution as DNS server for our homelab. Sounds like the Swiss-Army knive, but it can be easily realized with a Raspberry Pi.

In this article I will explain what you need to build your DNS server and how to configure a subnet for the lab.

Raspi as DNS-server

For this project we don’t need the latest model of the Raspberry Pi. A Raspi 3b model is fine for this purpose and the accessories are also available at low prices.

Raspberry Pi 3b+ / 1GB / 4-Core / 1,4 GHz	35 €
Micro SD card 32 GB	9 €
Case (optional)	8 €
Power supply 2,5A (optional)	10 €
HDMI cable	5 €

Parts list with average prices as of June 2020

For much less than 100€ you’ll get a tiny server which can also fulfill other tasks like home automization or as ad-blocker pi-hole.

There are a few things to consider. In principle you can power the Raspi via USB. But you have to make sure that the source delivers at least and reliably 1.2A. Power sources with 2.5A are recommended. My first boot attempts failed because my USB power supply did not provide enough power.

The Raspi requires a micro-SD card as permanent boot and storage media. Here you shouldn’t take the cheapest product, but for less than 10 € you can get 32 GB from a trustworthy brand.

Pages: 1 2

3. October 202015. March 2024

Lockdown Book Project: vSphere 7 – The compendium

I had the special pleasure of working on a book project as co-author in the past months. It is entitled “VMware vSphere 7 – Das umfassende Handbuch” (“VMware vSphere 7 – The Compendium”, published in German language) and will be published in November by Rheinwerk-Verlag. It is the 6th updated and extended edition of this series.

This book covers a wide range of vSphere 7. From basic architecture to setup and day-2 operations. It helps novice and advanced IT administrators understand the principles of vSphere, network virtualization with NSX-T, vSAN, container workloads, VMware Cloud Foundation, Hybrid Cloud, and SDDC.

My contributions are the completely new written chapters Monitoring and vSAN. The chapter Monitoring is about giving the administrator an overview of the integrated monitoring tools and how to use and interpret them. It also introduces VMware and third-party tools. The vSAN chapter explains the fundamental structure of this storage virtualization and explains the special features of a vSAN cluster in comparison to conventional storage solutions.

It was a pleasure to work on this book with a team of experts.

1. October 20201. October 2020

Runecast Analyzer 4.5 released

On September 30th 2020 during VMworld 2020, Runecast released Runecast-Analyzer 4.5.

New Features

Kubernetes Integration
Custom Profiles
GDPR compliance for AWS

26. September 202028. September 2020

ExaGrid Time-Lock – Who’s (still) afraid of ransomware?

Introduction

Ransomware currently represents one of the most prominent threats to IT infrastructures. Reports of successful attacks are accumulating, the attacks are getting closer. More than 30% of all companies, institutes, universities or public authorities in Germany have already dealt with such attacks. In some cases, a ransom was paid to get access to their own data again.

Even with payment, success is never certain. After all, one negotiates with criminals. Authorities therefore advise against payment.

The essential protective measure against the consequences of such an attack is an up-to-date and consistent backup.

Ransomware vs. Backup

Unfortunately, attackers also know about the importance of backups. The currently circulating malware, such as Emotet or Ryuk, contain code that actively searches for backups on the net. Using previously obtained access data for Active Directory accounts or by attacking via RDP exploits or using the brand-new Zerologon exploit an attempt could be made to take over the systems that operate the data backup in the company or hold the backup data.

The automatic attack is often followed by hackers in the flesh who actively browse the net and try to destroy all backups. This is often an easy task, since backups today are preferably held on hard disk systems, permanently connected to the infrastructure.

The reason is obvious: If all backups are deleted or also encrypted, the compliance of the “customer” to pay his ransom increases by far.

Many approaches have therefore already been conceived to store the backup data out of reach of an attacker. A very simple and secure variant is an Air-Gap – a physical separation of the backup media from the system. For example, LTO tapes can be physically removed from the library.

Without this kind of time-consuming manual extraction – which would also have to be performed daily – the data remains latently vulnerable. It doesn’t matter whether it is stored on disk systems, dedup appliances, tapes in a library or even in an S3 cloud repository.

S3 cloud providers have therefore proposed an API extension called “Immutability” some time ago. With this, at least the backups in the cloud layer can be made immune to changes for a certain time.

Some of these solutions are natively supported by Veeam. Amazon AWS is one of them. Microsoft Azure is currently still missing. Furthermore S3 memory is not suitable for every application. A primary backup with Veeam on S3 is for example not directly possible. The S3 layer is only available as an extension of a scale-out backup repository.