<![CDATA[Post4VPS Forum | Free VPS Provider - Internet Technology]]> https://post4vps.com/ Fri, 01 May 2026 07:57:26 +0000 MyBB <![CDATA[Share Your Internet Speed]]> https://post4vps.com/Thread-Share-Your-Internet-Speed Sun, 29 Aug 2021 22:35:42 +0000 hamed]]> https://post4vps.com/Thread-Share-Your-Internet-Speed I wanted to know about the internet speeds of countries.
I know there are articles on the Internet about this issue, but I want to see the speed at which ordinary people can use it.

Well, before sending a photo of your Internet speed, please tell us the country you live in and let us know if the speed you are receiving using adsl from either mobile phone or ...
Lets go . first me . this is my internet speed from my phone internet and i'm from netherlands
[Image: 11955292991.png]]]> I wanted to know about the internet speeds of countries.
I know there are articles on the Internet about this issue, but I want to see the speed at which ordinary people can use it.

Well, before sending a photo of your Internet speed, please tell us the country you live in and let us know if the speed you are receiving using adsl from either mobile phone or ...
Lets go . first me . this is my internet speed from my phone internet and i'm from netherlands
[Image: 11955292991.png]]]> <![CDATA[Have you heard about Pegasus Spyware?]]> https://post4vps.com/Thread-Have-you-heard-about-Pegasus-Spyware Tue, 20 Jul 2021 03:00:12 +0000 Littlemaster]]> https://post4vps.com/Thread-Have-you-heard-about-Pegasus-Spyware Privacy is a serious concern in the new era. Even informations are leaking through missed calls. Pegasus, a spyware or Trojan horse created by NSO is trending news in India after accused of hacking information from well known people over phone. It installs itself on the victim's phone whether it is Android or iPhone.Then leaks data including media and various logs. Finally it disappears itself without leaving any evidence. This was created by an Israeli company in the sake of restricting crime and terrorism. It seems used to target high profiled people. I don't know who were attacked recently. But I feel the privacy under risk.]]> Privacy is a serious concern in the new era. Even informations are leaking through missed calls. Pegasus, a spyware or Trojan horse created by NSO is trending news in India after accused of hacking information from well known people over phone. It installs itself on the victim's phone whether it is Android or iPhone.Then leaks data including media and various logs. Finally it disappears itself without leaving any evidence. This was created by an Israeli company in the sake of restricting crime and terrorism. It seems used to target high profiled people. I don't know who were attacked recently. But I feel the privacy under risk.]]> <![CDATA[Telegram Bots - How safe they are? I need a welcome bot.]]> https://post4vps.com/Thread-Telegram-Bots-How-safe-they-are-I-need-a-welcome-bot Sun, 11 Jul 2021 15:01:43 +0000 Littlemaster]]> https://post4vps.com/Thread-Telegram-Bots-How-safe-they-are-I-need-a-welcome-bot I need to know how safe is our telegram bots are? I need to set a welcome text in a particular group, which will send terms and rules of group to the new joined user.
This group is of teachers who are going to be in government schools. That means they will be much concerned about their privacy. I think teachers take care of each points, so criticism will come. They fear hacking. Let me know the safest way to do this.]]> I need to know how safe is our telegram bots are? I need to set a welcome text in a particular group, which will send terms and rules of group to the new joined user.
This group is of teachers who are going to be in government schools. That means they will be much concerned about their privacy. I think teachers take care of each points, so criticism will come. They fear hacking. Let me know the safest way to do this.]]> <![CDATA[[XOL] Xolentum - The Future is Digital]]> https://post4vps.com/Thread-XOL-Xolentum-The-Future-is-Digital Wed, 19 Aug 2020 14:16:42 +0000 Sn1F3rt]]> https://post4vps.com/Thread-XOL-Xolentum-The-Future-is-Digital XOLENTUM
The Future is Digital

Xolentum is a decentralized, peer-to-peer and open source digital currency.
It's fast, secure and completely private.

GitHub | Discord | Facebook | [url=https://twitter.com/]Twitter[/url] | [url=https://medium.com/]Medium[/url]

But why Xolentum ... ? Most of the existing cryptocurrencies, like Bitcoin and Ethereum, have transparent blockchains. This means that user's activity and transactions are traceable by anyone. With Xolentum that's not the case. Xolentum transactions are untraceable, since the sending and receiving addresses as well as transacted amounts remain private.

Xolentum doesn't have a premine, we do not believe in reserving funds for ourselves. Everything is fair and equal for all. 

Xolentum uses Monero's industry leading technology and we plan to follow them closely to stay ahead of the curve. Hence, Xolentum uses RandomX hashing algorithm, which means that it is ASIC resistant, and mineable only by CPU and GPU. Our main objective behind this, is that the person mining even on the minimal hardware should not go unrewarded.

Xolentum has a 60-second block time, which means that not only transactions are secure, but fast too. Moreover, the network fee is very low.

Specifications
  • Name - Xolentum
  • Ticker - XOL
  • Supply - Not fixed
  • Initial Block Reward - 50 XOL
  • Block time - 60 seconds
  • Decimal Points - 12
  • Ports - 13579 (p2p) and 13580 (RPC)
Important Links

Official Website : https://xolentum.org/
Block Explorer   : https://explorer.xolentum.org (Not live yet)
BitCoinTalk thread : https://bitcointalk.org/index.php?topic=5269099.0

Team               : https://xolentum.org/community/team/
Services           : https://xolentum.org/community/services/

Documentation : https://xolentum.org/resources/documentation/
Guides             : https://xolentum.org/resources/guides/
Press Kit          : https://xolentum.org/resources/press-kit/


It's a matter of extreme pride for us to announce that we are launching our public testnet today. Testing and debugging will go on for about a week, and then we will launch our mainnet. 

We have already implemented CSLAG into our codebase, which significantly reduces the size of transactions. 

We give equal importance to the use case of a coin. Hence, it's a pleasure to announce that we are also developing a game which will be using the coin. To make it cross platform, we plan to have it web-based. It will be released shortly after the mainnet is launched. 

We want to build a active community around our project. We already have a lot of users who know about the project and are showing a huge interest in it, and we wish it keep growing forever.

Hope to see you all on our Discord server, which is our main community hotspot.  Smile

Regards,]]> XOLENTUM
The Future is Digital

Xolentum is a decentralized, peer-to-peer and open source digital currency.
It's fast, secure and completely private.

GitHub | Discord | Facebook | [url=https://twitter.com/]Twitter[/url] | [url=https://medium.com/]Medium[/url]

But why Xolentum ... ? Most of the existing cryptocurrencies, like Bitcoin and Ethereum, have transparent blockchains. This means that user's activity and transactions are traceable by anyone. With Xolentum that's not the case. Xolentum transactions are untraceable, since the sending and receiving addresses as well as transacted amounts remain private.

Xolentum doesn't have a premine, we do not believe in reserving funds for ourselves. Everything is fair and equal for all. 

Xolentum uses Monero's industry leading technology and we plan to follow them closely to stay ahead of the curve. Hence, Xolentum uses RandomX hashing algorithm, which means that it is ASIC resistant, and mineable only by CPU and GPU. Our main objective behind this, is that the person mining even on the minimal hardware should not go unrewarded.

Xolentum has a 60-second block time, which means that not only transactions are secure, but fast too. Moreover, the network fee is very low.

Specifications
  • Name - Xolentum
  • Ticker - XOL
  • Supply - Not fixed
  • Initial Block Reward - 50 XOL
  • Block time - 60 seconds
  • Decimal Points - 12
  • Ports - 13579 (p2p) and 13580 (RPC)
Important Links

Official Website : https://xolentum.org/
Block Explorer   : https://explorer.xolentum.org (Not live yet)
BitCoinTalk thread : https://bitcointalk.org/index.php?topic=5269099.0

Team               : https://xolentum.org/community/team/
Services           : https://xolentum.org/community/services/

Documentation : https://xolentum.org/resources/documentation/
Guides             : https://xolentum.org/resources/guides/
Press Kit          : https://xolentum.org/resources/press-kit/


It's a matter of extreme pride for us to announce that we are launching our public testnet today. Testing and debugging will go on for about a week, and then we will launch our mainnet. 

We have already implemented CSLAG into our codebase, which significantly reduces the size of transactions. 

We give equal importance to the use case of a coin. Hence, it's a pleasure to announce that we are also developing a game which will be using the coin. To make it cross platform, we plan to have it web-based. It will be released shortly after the mainnet is launched. 

We want to build a active community around our project. We already have a lot of users who know about the project and are showing a huge interest in it, and we wish it keep growing forever.

Hope to see you all on our Discord server, which is our main community hotspot.  Smile

Regards,]]> <![CDATA[What is the concept of Jitter in the network and what does it do?]]> https://post4vps.com/Thread-What-is-the-concept-of-Jitter-in-the-network-and-what-does-it-do Sun, 07 Jun 2020 21:42:22 +0000 hamed]]> https://post4vps.com/Thread-What-is-the-concept-of-Jitter-in-the-network-and-what-does-it-do In this article, all these questions will be answered.
Note: that this article was written by me and one of my friends helped me to write this article and translate it, so if there is a problem in translating the article, please help me by sending a private message or sending a topic.
Today I want to explain the concept of jitter to post4vps members .
And before I start, I would like to ask those any want to use this article for their website please put this website address of the post4vps forum as  source on their website to get a useful backlink for this forum. Otherwise, your work is a theft, and I, as the author of this article, am not satisfied with your work.(copy without perm...).

Start the article

In very, very simple language, Jitter is the difference between the time our data packet passes from the moment it is sent to the network until it reaches its destination. To give a simpler example, look at two computers, either on an internal network or on a network with very large global dimensions, when they want to communicate with any communication device, whether a Telephone Tablet or even a website their communication is done through the transfer of information packets, these information packets remain on the network for a while to reach the destination, each information packet contains a header and footer and a number that is connected to the previous and next packet. The time it takes for this information packet to stay on the network to reach its destination is called latency.However, our information packages are not always received in a row and in order at the destination, but the information packages may be back and forth, and on the other hand, some information packages may be delayed by 20 milliseconds and others may be delayed. They reach their destination in 60 milliseconds, so there is a delay in normal networks and it doesn't cause any problems...This means that if you are watching an online news story or reading it, 20 milliseconds and 60 milliseconds is not much different for you and you can easily read it..The TCP // IP protocol itself is responsible for counteracting the impact of Jitter on networks. In networks used for VoIP communications, Jitter is very important, and if you send and receive data packets within 10 milliseconds. This delay should not be increased because the sound quality will be very low.
The shorter the delay, the better the quality of your service. In fact, when you want to send information from point A to point B, this information is sent in the form of information packets from point A to B at regular intervals.An information packet may reach in 20 milliseconds and an information packet in 10 milliseconds, and the next one in 60 milliseconds and this delay time is Jitter.
My purpose in posting this article was to help you understand the concept of Jitter in the shortest possible time.
Do not doubt that this article will be useful for you in the future and I hope this article has been useful for you.
If I haven't explained something and you know it, please teach us by sending a post in this thread. You can discuss in this thread.
Thank you for reading my article. I'm a writer, but I publish all my articles on my website, and this is the first article I've published on post4vps forum. Please give me reputation if this article is helpful.
good luck my friend's.

.png   jitterlogo-post4vps-jittersoundlogo-jitterinfo-jitter.lookthat-HaMeD.png (Size: 8.96 KB / Downloads: 31) ]]> In this article, all these questions will be answered.
Note: that this article was written by me and one of my friends helped me to write this article and translate it, so if there is a problem in translating the article, please help me by sending a private message or sending a topic.
Today I want to explain the concept of jitter to post4vps members .
And before I start, I would like to ask those any want to use this article for their website please put this website address of the post4vps forum as  source on their website to get a useful backlink for this forum. Otherwise, your work is a theft, and I, as the author of this article, am not satisfied with your work.(copy without perm...).

Start the article

In very, very simple language, Jitter is the difference between the time our data packet passes from the moment it is sent to the network until it reaches its destination. To give a simpler example, look at two computers, either on an internal network or on a network with very large global dimensions, when they want to communicate with any communication device, whether a Telephone Tablet or even a website their communication is done through the transfer of information packets, these information packets remain on the network for a while to reach the destination, each information packet contains a header and footer and a number that is connected to the previous and next packet. The time it takes for this information packet to stay on the network to reach its destination is called latency.However, our information packages are not always received in a row and in order at the destination, but the information packages may be back and forth, and on the other hand, some information packages may be delayed by 20 milliseconds and others may be delayed. They reach their destination in 60 milliseconds, so there is a delay in normal networks and it doesn't cause any problems...This means that if you are watching an online news story or reading it, 20 milliseconds and 60 milliseconds is not much different for you and you can easily read it..The TCP // IP protocol itself is responsible for counteracting the impact of Jitter on networks. In networks used for VoIP communications, Jitter is very important, and if you send and receive data packets within 10 milliseconds. This delay should not be increased because the sound quality will be very low.
The shorter the delay, the better the quality of your service. In fact, when you want to send information from point A to point B, this information is sent in the form of information packets from point A to B at regular intervals.An information packet may reach in 20 milliseconds and an information packet in 10 milliseconds, and the next one in 60 milliseconds and this delay time is Jitter.
My purpose in posting this article was to help you understand the concept of Jitter in the shortest possible time.
Do not doubt that this article will be useful for you in the future and I hope this article has been useful for you.
If I haven't explained something and you know it, please teach us by sending a post in this thread. You can discuss in this thread.
Thank you for reading my article. I'm a writer, but I publish all my articles on my website, and this is the first article I've published on post4vps forum. Please give me reputation if this article is helpful.
good luck my friend's.

.png   jitterlogo-post4vps-jittersoundlogo-jitterinfo-jitter.lookthat-HaMeD.png (Size: 8.96 KB / Downloads: 31) ]]> <![CDATA[What is differances between default hosting and Offshore Hosting]]> https://post4vps.com/Thread-What-is-differances-between-default-hosting-and-Offshore-Hosting Fri, 10 Apr 2020 10:12:35 +0000 Pacific Spirit]]> https://post4vps.com/Thread-What-is-differances-between-default-hosting-and-Offshore-Hosting In this thread I like to talk about and to explain what Offshore hosting is for non-professionals.

What is offshore hosting?
Offshore hosting is no ordinary hosting. Who chooses offshore hosting, chooses total privacy. What you do with your hosting package does not interest the host at all. The host doesn't care who you are. As long as you don't host child porn and pay the bill, you can have any kind of website or web service hosted.
[font=Raleway][font=Roboto Slab]ANONYMOUS WEB HOSTING ABROAD
[Image: anonieme-webhosting-169x300.jpg]If you want to set up a website or puppies, a regular web host is excellent. Some people don't have puppy websites, they choose a topic that is more controversial. People who keep a crime blog sometimes want to be completely anonymous. Someone who wants to maintain a torrent or usenet website also wants to be anonymous. Anonymous offshore hosting is very suitable for this type of people. It is almost impossible to find out who is behind such a website. Even the party that offers anonymous hosting does not know who their customer is. Even the domain name is bought anonymously and it is not possible to find out who the owner is.
PAYMENT FOR OFFSHORE HOSTING
Anyone can open a hosting account. Go to a company like Versio or Neostrada and you can open an account. They do not ask for your ID proof and the data you enter will not be checked. However, the payment you make can be traced back to you. You use your own bank account, your PayPal account, or another payment method that can be linked to you.
This works very differently for offshore hosting. You can almost always pay via cryptocurrency, in most cases Bitcoin. Monero is an even more anonymous cryptocurrency than Bitcoin, which is very often accepted by companies that offer offshore hosting. Some people know little about cryptocurrency and therefore choose to pay with a PaySafeCard . A PaySafeCard is for sale at almost every AH supermarket and can therefore simply be bought without tracing it back to the buyer.
Payment for anonymous hosting can therefore be completely anonymous. However, almost all offshore hosting providers also accept iDEAL, credit cards, debit cards, PayPal and other regular payment methods. So it just depends on how anonymous you want to be. If you don't even want the anonymous host to know who you are, you can choose to pay via cryptocurrency or a PaySaveCard.
WHAT DO YOU HOST?
In principle, the host does not look at what you do with your hosting account. And, if people or organizations have complaints about your website, the host rarely does anything about it. A small torrent or usenet website and copyright infringement rarely interest an offshore host. But if you set up a website that openly offers drugs, weapons and other prohibited items, chances are the host will take you offline. Also websites that host child pornography are hardly ever tolerated. People who are involved in these matters do not look for regular or offshore hosting. They offer their mess on the dark web , a part of the internet that is not easily accessible.[/font][/font]
[font=Raleway]WHAT DO THE HOSTING PROVIDER?[/font]
A hosting provider will not do anything about the website until there are many complaints about the reported domain name. Until then, the hosting provider will take no further action. Perhaps if the hosting provider gets complaints about RSA (Anti Fraud Command Center), the hosting provider will take action faster and perhaps take the website off the air.]]> In this thread I like to talk about and to explain what Offshore hosting is for non-professionals.

What is offshore hosting?
Offshore hosting is no ordinary hosting. Who chooses offshore hosting, chooses total privacy. What you do with your hosting package does not interest the host at all. The host doesn't care who you are. As long as you don't host child porn and pay the bill, you can have any kind of website or web service hosted.
[font=Raleway][font=Roboto Slab]ANONYMOUS WEB HOSTING ABROAD
[Image: anonieme-webhosting-169x300.jpg]If you want to set up a website or puppies, a regular web host is excellent. Some people don't have puppy websites, they choose a topic that is more controversial. People who keep a crime blog sometimes want to be completely anonymous. Someone who wants to maintain a torrent or usenet website also wants to be anonymous. Anonymous offshore hosting is very suitable for this type of people. It is almost impossible to find out who is behind such a website. Even the party that offers anonymous hosting does not know who their customer is. Even the domain name is bought anonymously and it is not possible to find out who the owner is.
PAYMENT FOR OFFSHORE HOSTING
Anyone can open a hosting account. Go to a company like Versio or Neostrada and you can open an account. They do not ask for your ID proof and the data you enter will not be checked. However, the payment you make can be traced back to you. You use your own bank account, your PayPal account, or another payment method that can be linked to you.
This works very differently for offshore hosting. You can almost always pay via cryptocurrency, in most cases Bitcoin. Monero is an even more anonymous cryptocurrency than Bitcoin, which is very often accepted by companies that offer offshore hosting. Some people know little about cryptocurrency and therefore choose to pay with a PaySafeCard . A PaySafeCard is for sale at almost every AH supermarket and can therefore simply be bought without tracing it back to the buyer.
Payment for anonymous hosting can therefore be completely anonymous. However, almost all offshore hosting providers also accept iDEAL, credit cards, debit cards, PayPal and other regular payment methods. So it just depends on how anonymous you want to be. If you don't even want the anonymous host to know who you are, you can choose to pay via cryptocurrency or a PaySaveCard.
WHAT DO YOU HOST?
In principle, the host does not look at what you do with your hosting account. And, if people or organizations have complaints about your website, the host rarely does anything about it. A small torrent or usenet website and copyright infringement rarely interest an offshore host. But if you set up a website that openly offers drugs, weapons and other prohibited items, chances are the host will take you offline. Also websites that host child pornography are hardly ever tolerated. People who are involved in these matters do not look for regular or offshore hosting. They offer their mess on the dark web , a part of the internet that is not easily accessible.[/font][/font]
[font=Raleway]WHAT DO THE HOSTING PROVIDER?[/font]
A hosting provider will not do anything about the website until there are many complaints about the reported domain name. Until then, the hosting provider will take no further action. Perhaps if the hosting provider gets complaints about RSA (Anti Fraud Command Center), the hosting provider will take action faster and perhaps take the website off the air.]]> <![CDATA[Accurate VPN/Proxy detection]]> https://post4vps.com/Thread-Accurate-VPN-Proxy-detection Sun, 29 Mar 2020 21:08:32 +0000 Decent12]]> https://post4vps.com/Thread-Accurate-VPN-Proxy-detection Hello guys,
I was just wondering which site API should i use for detection of proxy/VPNs as I am currently using this site -> https://www.ipqualityscore.com/ but so far i noticed they are a little bit inaccurate and sometimes this site VPN detector API fails at some time.
If you know any accurate VPN detection API site kindly tell me.]]> Hello guys,
I was just wondering which site API should i use for detection of proxy/VPNs as I am currently using this site -> https://www.ipqualityscore.com/ but so far i noticed they are a little bit inaccurate and sometimes this site VPN detector API fails at some time.
If you know any accurate VPN detection API site kindly tell me.]]> <![CDATA[A Case for systemd-resolved as the default DNS Resolver]]> https://post4vps.com/Thread-A-Case-for-systemd-resolved-as-the-default-DNS-Resolver Fri, 07 Feb 2020 11:52:43 +0000 fChk]]> https://post4vps.com/Thread-A-Case-for-systemd-resolved-as-the-default-DNS-Resolver systemd-resolved as my VPS's default resolver.

A Little Background
systemd-resolved is a stub resolver that is part of systemd; that's to say that it's already installed -by default- on your system if it's systemd-based. However, I can only attest that it's the case for RedHat-based systems (RHEL, CentOS and Fedora.)

This little jewel of software implements a caching and validating DNS/DNSSEC stub resolver, as well as an LLMNR (Link-Local Multicast Name Resolution) and MulticastDNS resolver and responder. Referring to it as a stub resolver means that it does not support recursive mode.

As part of systemd, it integrates with the system's NetworkManager, so that it will automatically use the network-assigned DNS servers, unless overridden in its configuration file. This said, what has most tilted the balance in its favour for my use case, was its supports for DNS-over-TLS (DoT) out-of-the-box.

Unfortunately, although my VPS is using the latest release and packages from CentOS repos (ie, CentOS Linux release 8.1.1911), the systemd version is still 239:
Code:
[root@vps ~]# systemctl --version
systemd 239
(....)
.. which makes it only able to run DoT in an opportunistic mode.

Compare this to Fedora 31:
Code:
[root@vps ~]# systemctl --version
systemd 243 (v243.5-1.fc31)
(....)
.. which makes possible running DoT in the strict mode.

A mini-timeline of systemd's supports for DNS over TLS:
  • version 236 DNSSEC support for RFC 8080 (ed25519 keys and signatures)
  • version 239 systemd-resolved now supports opportunistic DNS-over-TLS, Off by default
  • version 243 systemd-resolved gained support for a new strict DNS-over-TLS mode

Configuration Tips
systemd-resolved configuration file is located in /etc/systemd/resolved.conf and, for my use case, looks like this:
Code:
#  This file is part of systemd.
#  (..........)

[Resolve]
DNS=9.9.9.9
FallbackDNS=1.1.1.1 8.8.8.8
#Domains=
LLMNR=no
#MulticastDNS=yes
DNSSEC=allow-downgrade
DNSOverTLS=opportunistic
#DNSOverTLS=yes
Cache=yes
#DNSStubListener=udp

By setting the DNS directive, I'm overriding the DHCP's assigned DNS server, and I've disabled LLMNR for its uselessness and potential vulnerabilities in my case. The next big thing to note is that the Cache directive is activated (not set by default) and the DNSStubListener must be set to udp to activate the local DNS stub listener on the local loopback interface's IP address 127.0.0.53.

To be clear, systemd-resolved's DoT in the opportunistic mode is unreliable, as both 53 and 853 traffics are used; so NO confidentiality assurance here!

Now is the time to activate our DNS resolver:
Code:
# starting the service
systemctl start systemd-resolved
#Permanently enabling the service
systemctl enable systemd-resolved

Testing using the deprecated netstat:
Code:
netstat -tulpn|grep 53  
udp        0      0 127.0.0.53:53         0.0.0.0:*         18478/systemd-resol
testing using the new ss command:
Code:
ss -tuna | grep :53
udp  UNCONN      0       0           127.0.0.53%lo:53             0.0.0.0:*


Now, to let our local programs issuing DNS requests to this local DNS stub listener, we have to override the default /etc/resolv.conf
Code:
ln -fsv /usr/lib/systemd/resolv.conf /etc

The content of this static resolv.conf is:
Code:
# This file belongs to man:systemd-resolved(8). Do not edit.
#
# This is a static resolv.conf file for connecting local clients to the
# internal DNS stub resolver of systemd-resolved. This file lists no search
# domains.
#
# Run "resolvectl status" to see details about the uplink DNS servers
# currently in use.
#
# Third party programs must not access this file directly, but only through the
# symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,
# replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.

nameserver 127.0.0.53
~                                                                                                                

That should be it; all local clients that bypass local DNS APIs are connected to systemd-resolved.

Next post will expand on the monitoring, operations and troubleshooting issues of systemd-resolved.


last Edited on 8/02/2020
Fixed few typos, rephrased few sentences and added new content as code snippets.]]> systemd-resolved as my VPS's default resolver.

A Little Background
systemd-resolved is a stub resolver that is part of systemd; that's to say that it's already installed -by default- on your system if it's systemd-based. However, I can only attest that it's the case for RedHat-based systems (RHEL, CentOS and Fedora.)

This little jewel of software implements a caching and validating DNS/DNSSEC stub resolver, as well as an LLMNR (Link-Local Multicast Name Resolution) and MulticastDNS resolver and responder. Referring to it as a stub resolver means that it does not support recursive mode.

As part of systemd, it integrates with the system's NetworkManager, so that it will automatically use the network-assigned DNS servers, unless overridden in its configuration file. This said, what has most tilted the balance in its favour for my use case, was its supports for DNS-over-TLS (DoT) out-of-the-box.

Unfortunately, although my VPS is using the latest release and packages from CentOS repos (ie, CentOS Linux release 8.1.1911), the systemd version is still 239:
Code:
[root@vps ~]# systemctl --version
systemd 239
(....)
.. which makes it only able to run DoT in an opportunistic mode.

Compare this to Fedora 31:
Code:
[root@vps ~]# systemctl --version
systemd 243 (v243.5-1.fc31)
(....)
.. which makes possible running DoT in the strict mode.

A mini-timeline of systemd's supports for DNS over TLS:
  • version 236 DNSSEC support for RFC 8080 (ed25519 keys and signatures)
  • version 239 systemd-resolved now supports opportunistic DNS-over-TLS, Off by default
  • version 243 systemd-resolved gained support for a new strict DNS-over-TLS mode

Configuration Tips
systemd-resolved configuration file is located in /etc/systemd/resolved.conf and, for my use case, looks like this:
Code:
#  This file is part of systemd.
#  (..........)

[Resolve]
DNS=9.9.9.9
FallbackDNS=1.1.1.1 8.8.8.8
#Domains=
LLMNR=no
#MulticastDNS=yes
DNSSEC=allow-downgrade
DNSOverTLS=opportunistic
#DNSOverTLS=yes
Cache=yes
#DNSStubListener=udp

By setting the DNS directive, I'm overriding the DHCP's assigned DNS server, and I've disabled LLMNR for its uselessness and potential vulnerabilities in my case. The next big thing to note is that the Cache directive is activated (not set by default) and the DNSStubListener must be set to udp to activate the local DNS stub listener on the local loopback interface's IP address 127.0.0.53.

To be clear, systemd-resolved's DoT in the opportunistic mode is unreliable, as both 53 and 853 traffics are used; so NO confidentiality assurance here!

Now is the time to activate our DNS resolver:
Code:
# starting the service
systemctl start systemd-resolved
#Permanently enabling the service
systemctl enable systemd-resolved

Testing using the deprecated netstat:
Code:
netstat -tulpn|grep 53  
udp        0      0 127.0.0.53:53         0.0.0.0:*         18478/systemd-resol
testing using the new ss command:
Code:
ss -tuna | grep :53
udp  UNCONN      0       0           127.0.0.53%lo:53             0.0.0.0:*


Now, to let our local programs issuing DNS requests to this local DNS stub listener, we have to override the default /etc/resolv.conf
Code:
ln -fsv /usr/lib/systemd/resolv.conf /etc

The content of this static resolv.conf is:
Code:
# This file belongs to man:systemd-resolved(8). Do not edit.
#
# This is a static resolv.conf file for connecting local clients to the
# internal DNS stub resolver of systemd-resolved. This file lists no search
# domains.
#
# Run "resolvectl status" to see details about the uplink DNS servers
# currently in use.
#
# Third party programs must not access this file directly, but only through the
# symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,
# replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.

nameserver 127.0.0.53
~                                                                                                                

That should be it; all local clients that bypass local DNS APIs are connected to systemd-resolved.

Next post will expand on the monitoring, operations and troubleshooting issues of systemd-resolved.


last Edited on 8/02/2020
Fixed few typos, rephrased few sentences and added new content as code snippets.]]> <![CDATA[DNS-over-HTTPS (DoH) can be easily detected and blocked]]> https://post4vps.com/Thread-DNS-over-HTTPS-DoH-can-be-easily-detected-and-blocked Wed, 25 Dec 2019 15:05:28 +0000 Mashiro]]> https://post4vps.com/Thread-DNS-over-HTTPS-DoH-can-be-easily-detected-and-blocked DNS-over-HTTPS (DoH) can be easily detected and blocked
Johannes B. Ullrich

The security researcher Johannes B. Ullrich has researched if and how DNS-over-HTTPS can be detected and broken or prevented from working WITHOUT the attempt to break the actual TLS connection.

He has managed to do so by analyzing the DoH packets. His research shows that it is possible to detect DoH by size of the payload inside the packets. He has created two forum posts #1 and #2 at the ISC SANS forums where he is sharing and discussing his findings.

In order to make it harder to detect DoH and solve this issue he suggests the use of EDNS padding. For this to work however all DoH servers have to be reconfigured to enable and support EDNS padding. In addition all clients need EDNS padding support, too. Mozilla has a discussion regarding this subject here already.

Another blow to the rollout of DoH. Hopefully a fix will be found and applied soon if all the pro DoH candidates really care about DoH as much as they say. Surely someone will be unhappy while another party will be very happy.]]> DNS-over-HTTPS (DoH) can be easily detected and blocked
Johannes B. Ullrich

The security researcher Johannes B. Ullrich has researched if and how DNS-over-HTTPS can be detected and broken or prevented from working WITHOUT the attempt to break the actual TLS connection.

He has managed to do so by analyzing the DoH packets. His research shows that it is possible to detect DoH by size of the payload inside the packets. He has created two forum posts #1 and #2 at the ISC SANS forums where he is sharing and discussing his findings.

In order to make it harder to detect DoH and solve this issue he suggests the use of EDNS padding. For this to work however all DoH servers have to be reconfigured to enable and support EDNS padding. In addition all clients need EDNS padding support, too. Mozilla has a discussion regarding this subject here already.

Another blow to the rollout of DoH. Hopefully a fix will be found and applied soon if all the pro DoH candidates really care about DoH as much as they say. Surely someone will be unhappy while another party will be very happy.]]> <![CDATA[Google Search getting smarter or dumber ?]]> https://post4vps.com/Thread-Google-Search-getting-smarter-or-dumber Tue, 03 Dec 2019 22:37:10 +0000 rudra]]> https://post4vps.com/Thread-Google-Search-getting-smarter-or-dumber
i was looking for the updated versions of physics books called Karlsruhe physics course. I discovered that Google doesn't even show a link to that page on its first page of results. only a link to one pdf book and that too at the 8th position. I remember the English home page used to be at the top. Then i felt curious and went to DuckDuckGo. voila !! at the top.

here are the pictures..

DuckDuckGo

Google

Google bottom portion

it seems in their search for relevance and accuracy and contextual signal and all that, employing AI and what not,they are returning some really poor results sometimes..

This is just one example. But it makes me happy and hopeful, that may be other engines will get more of the share and loosen the grip with which Google is holding the market.

Such a monopoly is not healthy. It gives them just too much power to control publicity and exposure. not good at all.

please spread the word and ask people to use other search engines too.

oh...i would love if you guys can come up with similar examples of your own and post them below. thanks]]>
i was looking for the updated versions of physics books called Karlsruhe physics course. I discovered that Google doesn't even show a link to that page on its first page of results. only a link to one pdf book and that too at the 8th position. I remember the English home page used to be at the top. Then i felt curious and went to DuckDuckGo. voila !! at the top.

here are the pictures..

DuckDuckGo

Google

Google bottom portion

it seems in their search for relevance and accuracy and contextual signal and all that, employing AI and what not,they are returning some really poor results sometimes..

This is just one example. But it makes me happy and hopeful, that may be other engines will get more of the share and loosen the grip with which Google is holding the market.

Such a monopoly is not healthy. It gives them just too much power to control publicity and exposure. not good at all.

please spread the word and ask people to use other search engines too.

oh...i would love if you guys can come up with similar examples of your own and post them below. thanks]]> <![CDATA[Heads-Up: Firefox rolling DNS-over-HTTPS (DoH)]]> https://post4vps.com/Thread-Heads-Up-Firefox-rolling-DNS-over-HTTPS-DoH Mon, 11 Nov 2019 15:34:29 +0000 fChk]]> https://post4vps.com/Thread-Heads-Up-Firefox-rolling-DNS-over-HTTPS-DoH
Firefox had (in 2017) the brilliant idea to start implementing it natively and with version 70, the feature is fully functional but still not enabled by default (read this article for more: What’s next in making Encrypted DNS-over-HTTPS the Default).

>> A little personal note on this:
I recently changed my ISP to an "underdog" company which happens to have a good 4G-LTE coverage in the different areas where I need it. But to my dismay, I've found that they are filtering out port 53 in such a way that any DNS query to any external nameserver (except theirs of course) is blocked!!!..

I'm aware that there are 2/3 ways to circumvent this, using a VPN, SSH-tunneling, port-forwarding... and DNS-over-HTTPS.

But When I learned about Firefox shipping DoH, I immediately enabled it thus improving the latency/performance (my new ISP DNS server is really that crappy), the Web browsing privacy ISP-wise (letting Cloudflare build that profile instead, for now. )

Now, how you can enable DoH in Firefox; 2 ways:

> about:preferences  -> Network Settings -> Enable DNS over HTTPS (check)
> about:config
                    -> network.trr.mode (2)
                    -> network.trr.uri
                    -> network.trr.bootstrapAddress

See the Mozilla blog article for more on those settings or just see here.]]>
Firefox had (in 2017) the brilliant idea to start implementing it natively and with version 70, the feature is fully functional but still not enabled by default (read this article for more: What’s next in making Encrypted DNS-over-HTTPS the Default).

>> A little personal note on this:
I recently changed my ISP to an "underdog" company which happens to have a good 4G-LTE coverage in the different areas where I need it. But to my dismay, I've found that they are filtering out port 53 in such a way that any DNS query to any external nameserver (except theirs of course) is blocked!!!..

I'm aware that there are 2/3 ways to circumvent this, using a VPN, SSH-tunneling, port-forwarding... and DNS-over-HTTPS.

But When I learned about Firefox shipping DoH, I immediately enabled it thus improving the latency/performance (my new ISP DNS server is really that crappy), the Web browsing privacy ISP-wise (letting Cloudflare build that profile instead, for now. )

Now, how you can enable DoH in Firefox; 2 ways:

> about:preferences  -> Network Settings -> Enable DNS over HTTPS (check)
> about:config
                    -> network.trr.mode (2)
                    -> network.trr.uri
                    -> network.trr.bootstrapAddress

See the Mozilla blog article for more on those settings or just see here.]]> <![CDATA[Is our freedom of the Internet gone?]]> https://post4vps.com/Thread-Is-our-freedom-of-the-Internet-gone Sun, 04 Aug 2019 03:28:45 +0000 deanhills]]> https://post4vps.com/Thread-Is-our-freedom-of-the-Internet-gone
We've just had a major successful hacking of a very large credit card corporation - Capital One - in Canada last week. It involved millions of ID including social insurance numbers. The hacking was done by a crazy IT lady from the States who said she did it just because she could. She announced it in the social media and is now behind bars. That to me means there must have been a vulnerability in Capital One's access system for a crazy person to have been able to hack it. Luckily it doesn't look as though the info was sold, BUT, wow. Where is this going to stop? Like small people like us get to be shunted around by large corporations and governments to trust them with our personal details. These days every one is living with plastic IDs and credit and debit cards that are provided as though that is regular and OK to do. If one questions it, one is seen as "otherwise". I'm otherwise! I don't think the banking or any of the other corporations and governments care one iota about my safety and security. It's all about control for their own agendas and it always ends up with their bottom line. It's cheap to do it this way. And if a large corporation or Government entity gets hacked, maybe that's good for them, as they now have an added excuse to put in more safety and controls, and demand more ID and compliance from every one else. All in the name of safety and security. For me the EU in Europe is a glorified police state. Thank goodness I'm not living there! But I don't think it is farfetched to think that what is happening in Europe is probably going to make its way to the rest of the world as Governments in other countries must be watching what the EU is doing with the Internet ID requirement. WordPress, a US company has even all of the EU docs prepared in new WordPress installations.

The dark net now seems to be looking attractive to me. Where does one start with it? Like can someone really savvy create a "safe zone" in the dark net where Governments and large corporations can't get their greedy fingers in? Confused]]>
We've just had a major successful hacking of a very large credit card corporation - Capital One - in Canada last week. It involved millions of ID including social insurance numbers. The hacking was done by a crazy IT lady from the States who said she did it just because she could. She announced it in the social media and is now behind bars. That to me means there must have been a vulnerability in Capital One's access system for a crazy person to have been able to hack it. Luckily it doesn't look as though the info was sold, BUT, wow. Where is this going to stop? Like small people like us get to be shunted around by large corporations and governments to trust them with our personal details. These days every one is living with plastic IDs and credit and debit cards that are provided as though that is regular and OK to do. If one questions it, one is seen as "otherwise". I'm otherwise! I don't think the banking or any of the other corporations and governments care one iota about my safety and security. It's all about control for their own agendas and it always ends up with their bottom line. It's cheap to do it this way. And if a large corporation or Government entity gets hacked, maybe that's good for them, as they now have an added excuse to put in more safety and controls, and demand more ID and compliance from every one else. All in the name of safety and security. For me the EU in Europe is a glorified police state. Thank goodness I'm not living there! But I don't think it is farfetched to think that what is happening in Europe is probably going to make its way to the rest of the world as Governments in other countries must be watching what the EU is doing with the Internet ID requirement. WordPress, a US company has even all of the EU docs prepared in new WordPress installations.

The dark net now seems to be looking attractive to me. Where does one start with it? Like can someone really savvy create a "safe zone" in the dark net where Governments and large corporations can't get their greedy fingers in? Confused]]>