Looks like the move to using RPZ in BIND went smoothly and things are working as intended.
Category: Network
Post dealing with changes to how we route packets and configure our network.
I am in the process of moving our two name servers from using IPtables for malicious domain blocking to using RPZs within BIND. If this works as I intend, it should cut back on the amount of upkeep involved in blocking known, high volume C&C lookups; making us quicker to update and add new domains to the list. Also, domains on this list will return NXDOMAIN.
I finally got a moment to check on what was going on with the secondary physical server and it appears something triggered some kind of bug in which the network interface started resetting randomly and would come back up at 100Mbps before dying again.
I don’t see an actual reason for this in the system logs, which is very puzzling…but after a system reboot and sending a tech to look at the server’s networking cable just to be sure- it appears the box is running okay again.
This means that we will need to keep an eye on this box and make sure we catch on to future possible errors before they take the system out.
We are aware that our secondary physical server is experiencing network issues. Accounting, DNS and NMS keep going down and flooding our discord with service alerts. Our schedule has us on the road and unable to diagnose what is causing this issue right now, I will get the smol raptor to check over things when we get a break and able to catch up later tonight after our flight to Calgary.