Messages

The best solution would be to run a standalone DNS and have it on always. My larger IT department does this with some kind of linux/unix DNS servers (and DHCP). I'm not sure what kind of work they need to do with the AD and Azure, might be as simple as having AD update this standalone DNS, another config option when building your AD. Windows AD does not require Windows DNS, but it does require a DNS server it can modify.

That said, it's much easier to just blast through the vanilla AD install and let it handle the Windows DNS (nice and integrated), which is I'm guessing what the OP did when setting up the DC.

If I was the OP, and I wanted a DC running, I'd buy a "cheap" little pc and just run it. I have Zentyal CE running at home on a Mele Quieter2 which is a very low power device. It works, and it works fine for DNS, DHCP, etc. If the goal is to learn Windows Server, then buy this small PC and run Zentyal CE on it, join it as a second DC to the Windows domain and make it the primary DNS and DHCP server so it can run all the time.

Thanks, this was more a sanity check than a real problem.

This is kind of a question for Patrick:

Could conditional forwarders bet setup in Unbound and the DC so that domain clients can use the firewall as DNS unless they are looking for a service from the DC? It's hacky and backwards, but would this work?

And that said, can Unbound use conditional forwarders? Is that the domain override tab? Setting these Windows to Windows is trivial but I'm not sure about Unbound or any of the other DNS server available in OPN.

Which version do you have? The newest version says it has 2.5gbps ports, that also implies that a previous version only had gigabit ports.

I've been noticing this and wanted to ask to check. I did a long overdue update last night and a reboot, that went fine. But I looked and see my ZFS ARC at 2.1GB, the previous size was over 4GB and it seems to clear out on reboot (which is probably normal). I did not make any adjustments to the cache size, so it's running at whatever default values are set in the Business version, Intel Xeon processor, intel i350 and i219 NICs, 16GB of ECC ram, Supermicro main board and chassis (more specific if needed).

Is it normal for this to grow as time goes on? It's never really gotten big enough to worry about, seems there is something every couple of months that needs a reboot. Mostly just checking to see if this is normal. On my Truenas systems, ZFS ARC will vary a lot depending on what it is doing and may use almost all free RAM, but then it goes back down after a short amount of time where the ARC in OPNsense seems to just grow and stay at that size.

If you use the quick reply, this option is not present. If you preview the post then it returns with the full reply page.

Not sure:

Recent change to my lab, trying to reduce power/heat/noise with a lower power NAS. More details here: https://forums.servethehome.com/index.php?threads/mini-truenas-server-build.46107/

That said, dragging the image didn't work so well, but might have been me. Clicking the "Click or Drag files here" towards the bottom of the reply window works.

You've got mad lads like Marciel helping people one on one and serving the community in a great fashion.

Hes not the only one, plenty of the people in there serving the greater community as a whole.

No, not serving the greater community, serving YOUR community. Again that lack of open web search, not getting back to the official developers, etc.

Let's look at some stats:

Total Members:39052

Online Today:873

time of posting  575 Guests, 23 Users (1 Hidden)

The greater community is clearly here and all the information is publicly available to all who seek it (and indexed on open web searches).

[edit] No offense, I don't like the default layout, I like forums like this much better. And the search is cluttered with reddit threads, not limited to the discord. I tried it, I'm probably not going to go back. Mostly I wanted to see if their was a paywall that people keep talking about, I was not asked for a payment to enter like many other Discord "channels" (not sure of the proper wording). At least I looked, I'll probably just stay here.

Sending a private message.

If you need to buy RAM to get to that level, then no do not go that high. If you already have that RAM and don't need it somewhere else, then leave it be. I have 16GB in my firewall, 8.8 in use and 5 of that is ZFS cache. 64 won't get you anything, but again if it exists now, leave it. Only thing it will do is draw a bit more power from the wall.

Including the ZFS cache, I have more than 8GB of ram in use on my bare metal firewall. Just shy of 4GB of "real" ram used when I checked it a moment ago.

Did this process fix the issue and get you running? I've moved my T740 to VMware testing which they also seem to work fine within their limits (and a 10gbe card).

Just starting down the vSphere road... I assume with a pass through PCIe card you also can't vMotion the VM to another host if the first host needs an update and reboot? XCP-NG would be the same, I couldn't even migrate a VM that used a pass through video card, and all the hosts had that same video card present.

Now if your ESXi hosts all have an extra ethernet that is passed through (wan to switch to host ports), could you then vMotion the VM to another host in that group that have the pass through connections to the WAN? I think this way might work with XCP-NG, but not tried.

OK, Done. Hope it works since they do indeed strive to keep the project open (I did buy a 3 year Business license to help support the project). And if things go the way I want, I'll be adding some hardware in about a year (budget process takes that long).

I have a user that decided the browsers that we include on our PCs is not good enough. I saw a long list of things being blocked and that always gives me concern. I tracked it back to a Wave Browser which is basically a malware conduit and of course, it installs in user space (because Microsoft thought that was a good idea). Starting remediations now and in the custom blocking that I added, I did tell my system to send the info. back to Zenarmor so they can include it in future blocking.

But doesn't anyone have a list of sites that should block this garbage?

Here's what I've blocked so far:

Code Select Expand

wavebrowser.com

mywavehome.net

wavebrowser.co

gowavebrowser.com

gowavebrowser.co




There are some prefixes that go with these, but I figure if I get the top level it should block them.