What have I done?! So a while back I backed the Kickstarter for the boardgame A Song of Ice and Fire by CMON Games, which is not based on the TV series Game of Thrones, but the original books. I thought the models looked great1, so I splurged and backed whatever the highest tier was that would get me all the special Kickstarter-only minis. And now they just arrived.

I came across a blog post online about how to make an nginx-based reverse proxy more secure and I went about implementing it immediately. It took me all of 30 minutes to follow the steps and get an A grade from SSL Labs! It’s still going to take more to convince me that this will deter all but the most determined hackers, but it allows me to access my services when I’m not at home.

I’ve had my own internal DNS for a while now and it’s been working great. I’ve even pointed my router’s DHCP config to hand out the Raspberry Pi’s IP address as the network’s authoritative DNS Server. At the same time I’ve used AdBlock Plus for a while now in my browser, but I was always unhappy that I couldn’t have the same thing on my Pixel as well. Particularly as ads and popups are even more annoying on a small screen when you just want to look something up.

The NUC that I bought a while back has mainly just been used to run a Plex server. Lately I’ve been playing with setting different things up on my Raspberry Pis, including my own internal DNS. Then I was talking to a colleague of mine about my Munin setup and I really wanted to show him what I’m doing. So, perhaps a little radically, I devided to open up access to the outside world

I’ve been meaning to do this for ages now and today I found the time to do it right. I installed dnsmasq on a spare Raspberry Pi to do three things: Provide nice name resolution on my servers (i.e. *foo*.peterkuehne.com) Log all DNS queries (for stats, etc, not for actual monitoring) Cache DNS lookups and make browsing a few milliseconds faster As far as I can see right now, this all works great.