[02:54:09] FIRING: LVSHighRX: Excessive RX traffic on lvs2013:9100 (eno12399np0) - https://bit.ly/wmf-lvsrx - https://grafana.wikimedia.org/d/000000377/host-overview?orgId=1&var-server=lvs2013 - https://alerts.wikimedia.org/?q=alertname%3DLVSHighRX [02:59:09] RESOLVED: LVSHighRX: Excessive RX traffic on lvs2013:9100 (eno12399np0) - https://bit.ly/wmf-lvsrx - https://grafana.wikimedia.org/d/000000377/host-overview?orgId=1&var-server=lvs2013 - https://alerts.wikimedia.org/?q=alertname%3DLVSHighRX [12:40:54] 10netops, 06Infrastructure-Foundations, 06SRE: Manage VRRP priority from Netbox - https://phabricator.wikimedia.org/T381873 (10cmooney) 03NEW p:05Triage→03Low [16:22:38] 10Wikimedia-Apache-configuration, 06Infrastructure-Foundations, 06Security-Team, 13Patch-For-Review, 07Security: https://www.mediawiki.org/.well-known/change-password redirects to HTTP - https://phabricator.wikimedia.org/T381625#10394245 (10Jly) a:05Jly→03None [17:50:33] 10netops, 06Data-Platform-SRE, 06Infrastructure-Foundations, 06SRE: Add QoS markings to profile Hadoop/HDFS analytics traffic - https://phabricator.wikimedia.org/T381389#10394722 (10cmooney) >>! In T381389#10389706, @BTullis wrote: > This change looks fine to me, but would it be OK to wait until the New Ye... [19:04:32] hi any one here can help a sec [19:05:34] how i use wikiueida dns on a router? [19:05:48] like to use thsi one for all devices thought my rought what i use [19:07:21] raymobndjtoth: it's probably not reasonable to set it as the default directly on a router (as in, advertise Wikimedia DNS's IPs in your DHCP adverts to all clients on your network), because it only supports secure (DoH or DoT) lookups, not regular insecure DNS, which inevitably some of your devices will need. [19:08:19] https://meta.wikimedia.org/wiki/Wikimedia_DNS#What_do_I_need_to_use_this? [19:08:20] but you could set up a local stub cache DNS server (on your router or some other device in your network), which acts as your central dns cache, and which is configured to backend to Wikimedia DNS over DoH or DoT. [19:08:34] bblack is there any good non centering dns like wikimedia is i can use want to et a way from goverment and isp stuff [19:09:05] im turining uinto libatertion cant spell it dew to my autsium i have hight specrtrum i have [19:09:08] tech my best [19:09:36] wikiomedia can use on my android cell phone great [19:11:11] bblack did you see my q [19:11:26] yes [19:11:34] know of anything can use [19:11:58] anything which uses wikimedia DNS directly, must support DoH or DoT. Some devices do not. [19:12:27] i know im asking any other i can use like this [19:12:31] but with ip [19:12:35] if you want to secure DNS lookups for your whole network, you would have to run your own small "stub" dns cache, which securely uses Wikimedia DNS, and then use your local DNS stub as the dns server for everythingelse in the network. [19:12:51] raymondjtoth you might try quad9 https://www.quad9.net/ [19:12:53] there are several other DoH servers [19:12:59] like that quad9 one [19:13:06] it's just a question of who you want to trust [19:13:10] that goverment run i want to ghet a way from goverment run stuff [19:13:28] and steve gispion like [19:13:35] grc.com guy [19:13:43] https://dnsprivacy.org/public_resolvers/ [19:13:46] took cyber security class in online college also [19:14:30] some of those others, they also support insecure lookups as well, and so might be a better option [19:14:45] some do encyipton [19:14:54] logging [19:15:21] If you want to run a local stub resolver, dnsmasq is pretty popular https://thekelleys.org.uk/dnsmasq/doc.html [19:15:58] I run that on my home network then fwd the external queries to quad9 via dnscrypt-proxy https://github.com/DNSCrypt/dnscrypt-proxy/wiki [19:16:39] is quad govermebnt run heard its run bt opolic [19:16:42] police [19:17:11] inflatador [19:17:18] raymondjtoth: https://opennic.org/ may be what you're looking for. But ultimately, I believe search engines will be able to give you better answers in the long run [19:17:31] i looked [19:17:44] raymondjtoth I don't think it is, but I can't say that with 100% certainty for any DNS or VPN service [19:17:46] ook opennic out side the us [19:18:09] https://dnsprivacy.org/dns_privacy_daemon_-_stubby/ [19:18:24] ^ stubby is also a recommended option for running a local secure stub [19:20:43] oooh, stubby is a new one on me. Will have to check that out [19:22:57] is Unsecured what i want? [19:23:11] on quad 9 [19:23:43] * inflatador also did not realize that wikidough was live. I guess I should pay more attention [19:24:33] inflatador do i want on quad 9 the Unsecured [19:24:53] inflatador: It's kinda under-the-radar-live [19:25:23] you could think of it as public perpetual beta, like some other orgs do :) [19:25:46] it was never formally announced, and critically we haven't developed or linked a specific Privacy Policy for it yet either. [19:25:54] but it's there and it works! [19:26:01] WDNS users meet up by the dozens at the local hep cats club [19:26:30] bblackso i want the Unsecured one right [19:26:35] on quad [19:26:42] raymobndjtoth I would start with the recommended settings https://www.quad9.net/service/service-addresses-and-features#rec . As explained here and in https://meta.wikimedia.org/wiki/Wikimedia_DNS#What_do_I_need_to_use_this there are always pitfalls [19:27:09] but i want to keep it so no filters [19:27:31] OK, then yeah that is the "unsecured" option as you found [19:27:54] ok keep privte [19:28:56] lets all go to china were cenors internet [19:29:09] great wall of china [19:29:14] internet