DNS – using internal DNS to block advertisements.

Preamble
In order to improve my connectivity, use an internal DNS.

Actions taken

It was apparent that every time an advert appeared on youtube, my daughter, 2 year old, cried.
My initial though was put ad-blocking software on the iPad, but decided to go for a more holistic approach and block the advertisements at the DNS level.

My initial thoughts was to use my old DS101j as a DNS server for the house. This is a very old piece of kit dating back to 2003, but probably ok for the light load in my house. The only package that can be installed on it was dnsmasq via optwore.
http://www.nslu2-linux.org/wiki/pmwiki.php?pagename=Optware/HomePage
http://www.prea.net/?q=hacking/synology/dnsmasq

After playing around with dnsmasq I discovered it is really great as a caching DNS, but pretty useless as a fully functional one. I wanted a DNS to do recursive queries and resolve internal and external addresses.
My next step was to investigate the DNS package that could be installed on the DS213j. Synology however neglect to be specific about the contents. After ssh-ing to the box and digging around I fount that the process is a renamed bind9. Bind9 being the industry standard for DNSs.

It was then simply a matter of following the tweets as listed here:
https://synologytweaks.wordpress.com/2015/08/23/use-synology-as-an-ad-blocker/

I did look if there was a bind10 and found this humorous piece which is quite telling of the software industry as a whole.
https://ripe68.ripe.net/presentations/208-The_Decline_and_Fall_of_BIND_10.pdf

Conclusion
There really is only one industry standard generic DNS product, bind9.

Sleep! Everything needs sleep even your NAS

Preamble

I obtained several Raspberry pi 2’s and noticed that the main NAS a DS213j and the secondary NAS DS101j (only used for backups) were not going to sleep.

Actions taken

  1. Secondary NAS issue

    After a lot of investigation. I concluded that the primary MAS was waking up the secondary NAS. As I am really using the secondary NAS to prevent the use of Wannacry and alike I decided to disable Samba on it. Thus the only way to access it now is via ssh or rsync (which is used for the backups)

  2. Primary NAS issue

    This was not sleep due to
    a) A raspberry pi running plex repeatedly interrogating my music library.
    b) Installed software did not allow the disks to go to sleep. Re Surveillance station which I removed as was not now necessary.

Conclusion

I can now see in the primary NAS logs the disks are periodically being woken from sleep.
And the secondary NAS which is quite noisy now remains silent all the time except at 3am in the morning when the backups occur.

Wannacry/WannaCrypt – Always backup!

preamble

I run a Synology DS213j which I use primarily as the house NAS.
After wannacry broke the NHS it reminded me of the importance of backups.
With regular backups ransomware like this is ultimately useless, other than a troublesome admin task to remove.

Actions taken

  1. Backup important directories hourly to a different directory on the NAS – primarily as a way of obtaining any documents I mistakenly change. I don’t want to be bothered using a versioning system.
  2. Ensure my mac is now running Time Machine which automatically backs to the NAS.
  3. Ensure the NAS itself is backed up by:
    a) Doing a rsync backup nightly to an even older ds101j nightly of main documents and photos.
    b) Doing a backup to an external usb disk that I can remove and cycle to ensure backups away from NAS with an air gap.
    c) Try periodically a test of the backups.
  4. Install antivirus on the NAS