Background I am running my own authoritative DNS servers for the last few years. In earlier stages I just used registrar-provided DNS, later moved to “Cloud provider” provided DNS and ultimately settled for running my own auth DNS.
Two major requirements pushed me to self-host auth DNS:
Requirement of REST API for DNS needed by the web servers to resolve Letsencrypt certbot DNS-based challenge. This allows me to have internally hosted tools with Letsencrypt issues TLS certificates instead of self-signed ones.
(Note: Unusual post, not about network routing or Linux systems. For purely technical audience of this blog, feel free to pass unless you have a young kid at home!)
In Sept 2021 - my wife and I were blessed with a baby boy (Avyukt). He is now around 1.6 years old. Since Oct 2022 he is wearing specs on his eyes. It’s not common (so far) to see babies that young with eye specs, this often brings up curiosity and questions across friends, family members and even strangers we meet outside on the road, on public transport etc.
Next month is SANOG 39 in Dhaka, Bangladesh. SANOG is a South Asian Network Operator Group event and a good place for meeting a number of ISPs, telecom players, Ops team members of content networks, internet exchanges etc. Besides attending the conference, I will be doing a workshop on Network Automation. It will be a four-day workshop covering Containers, Ansible, Gitlab CI/CD pipeline and REST APIs for automation in the workflow.
I visited Delhi earlier today and noticed latency from my phone on Jio 5G to my home (on an ISP behind Airtel) was just 20ms. It varied a bit (as one would expect on a wireless radio network) but 20ms is special because until now it was at least 80-90ms. After all, Jio and Airtel were not connected in Delhi NCR until now. There were sometimes jokes about them being connected at NIXI Noida but that never pushed any traffic because NIXI injects its route server AS24029 in the AS_PATH and while their direct PNIs (i.
A rather long title but the post is about self-hosted open-source mesh VPN with IPv6 support and works with nodes behind CGNAT! This will be a long post documenting the concept of mesh VPN, the problem it is solving as well as a working demo. If you are not planning to deploy it right away, you can skip the post after the “Configs and setup” section.
Problem I am running a site-to-site VPN for a long time between various servers located far away from each other.