Rob Pickering

Leader, Mentor, Challenger, Educator, Network Engineer, System Administrator, Developer, Hacker, Writer, Diver, and Technology Explorer

Cupertino, CA 24 posts

Working around incomplete Ubiquiti UniFi Security Gateway DNS Service

I’ve been having a long-running conversation with various folks in the Ubiquiti Forums here and here regarding the DNS service that is provided by the USG. The USG is just a DNS forwarder and will dutifully take DNS queries from your internal hosts and pass them to whatever DNS servers it received from your Internet provider over DHCP (or perhaps you manually changed them in the configuration). However, I run a medium-sized network on my internal LAN and I have various servers that I wish to access when I’m at home. A couple of examples are: Synology DS1415+ Network Attached Storage Mac mini running macOS Server 3 different Linux Workstations Windows workstation The UniFi CloudKey Controller itself (this...

Using Let’s Encrypt TLS Certificates for SMTP, IMAP, and HTTP

One of the greatest advances towards securing the Internet happened on April 12, 2016 when the Internet Security Research Group (ISRG) launched the “Let’s Encrypt” X.509 Transport Layer Security (TLS) (you may recognize it by the older SSL moniker) Certificate Authority. Major sponsors of the ISRG include the Electronic Frontier Foundation (EFF), the Mozilla Foundation, Akamai, and Cisco. The purpose of Let’s Encrypt is to provide free TLS certificates to anyone that can prove they own a domain so that they can secure the communications between their clients and their server through encryption. The service is fully automated and renewals are automated as well, keeping the certificates current and validated. However, securing your website is but one...

Apache and Mailman -- Scripts not executing

Recently I rebuilt my personal mail server (and Mailman list server) on a new version of Ubuntu. Everything went well and the Mailman list worked fine, except that all of the CGI-BIN scripts would download in the browser, rather than executing. I spent a lot of time troubleshooting this issue, making various changes to my Mailman configuration, all to no avail. Eventually, I gave up and just let it sit...mail was working, so it wasn't an emergency. However, this weekend I decided I needed the interface working, so I dove back into troubleshooting the problem and looking for answers. I again made several changes to the configuration, tweaking ScriptAlias and whatnot, again to no avail. Then I stumbled upon...

Solving Fail2Ban not banning IPs on Ubuntu 16.04

I recently installed Fail2Ban on my personal mail/web host as the number of "bad actors" has climbed a lot in recent years and I no longer felt comfortable just allowing them to pummel my server. I'm writing up another blog post shortly on everything I did and how it all works; however, I had one issue that kept cropping up: Running fail2ban-client status recidive returned the following: Status for the jail: recidive |- Filter | |- Currently failed: 158 | |- Total failed: 741 | `- File list: /var/log/fail2ban.log `- Actions |- Currently banned: 8 |- Total banned: 8 `- Banned IP list: 185.127.19.155 203.87.129.135 80.82.77.203 94.102....

Why I'm doubling down on Apple - Privacy

It's spring here in Silicon Valley and that means it's time for the Apple World Wide Developers Conference (WWDC). This year did not disappoint with Apple making not 1, not 2, but 6 major announcements: tvOS, now with Amazon Prime Video watchOS 4, Siri and Toy Story watch faces Mac macOS High Sierra (no it wasn't a joke) iMac speed bumps MacBook / MacBook Pro speed bumps New iMac Pro iPad Pro 10.5" (and updated 12") iOS 11 HomePod (Siri-powered Speaker Assistant) These are some great announcements from Apple, but what I'm most excited about are the announcements that were behind the announcements. Intelligent Tracking Prevention The Safari browser will now be the only browser on the market...