Wednesday, May 5, 2021

How to setup DNS forwarding for specific domains (i.e. home.lab)

I recently purchased a USG-3P (Unified Secure Gateway) Ubiquiti Unify Home router.

With its DHCP, everything points to this device as the DNS server for the house.  I like this because I don't want to depend on my home lab being up for DNS (Internet) to be working for basic name resolution.  However, I want my xyz.home.lab domains to resolve.  I did a bunch of googling and found I needed to modify the config.gateway.json file, but I couldn't find it on the appliance.  I then found this article, so I just needed to SSH into my USG and run a command such as ---  

set service dns forwarding options server=/lab.dns/

This seemed great, but the command gave me “invalid command”, which it turns out you need to go into configure mode first on the USG,  just type ‘configure’ and hit enter and then run the command above.  After that you type commit, then save. 

This almost makes my home work, but my primary mac machine is always VPN’d into work, and all DNS requests are sent there, so my home.lab still doesn’t work from this machine.

On my mac I needed to mkdir /etc/resolver, then in the /etc/resolver directory, then create a file named home.lab

Adding the following lines ----



After I saved that, I can now resolve my home.lab dns from everywhere, and I get the bonus of being able to still work just fine if the lab (DNS) is down.

Thursday, April 29, 2021

Team Rules

 I dug this up from many years ago, just as good today as it was then!

Team Rules - by Brian Smith

  1. It's all about the customers! We must provide a reliable and cost effective solution!
  2. If there are customers on it, then it is in production and will be treated as production until the customers are off and it is NOT in production.
  3. You can't say that's not my job, you may direct someone to the appropriate person or group if you can’t help them.
  4. All Negative customer experiences must be escalated, no matter who you believe is responsible
  5. If a project deadline is in jeopardy, you must escalate immediately.
  6. There is no excuse use official methods (i.e. Open an Incident in the official ticketing tool)
  7. When you are on call, you must be available to work on an issue.
  8. Document before you execute and open a change for all changes (use official tools)
  9. Do your best to not directly delete anything, take offline for 3-7 days when possible

Wednesday, March 24, 2021


 ok, it's not bingo, but it is a crossword 


What does SRE commonly do, the five principals of SRE

 Here are some slides I've presented at a number of places people have asked me to post.

Lastly i'd like to add that "Self Correcting Systems" are vital to the success of SRE.  Of course we all hear about auto-remediation or self-healing technologies.  While those are self evident I personally recommend you think about your people and processes.  Think about the motivations, rewards and expected human behaviors.  If you focus on a target of reducing false monitoring alarms, someone MIGHT decide to just disable the alarms instead of fixing them.  If you focus on auto-healing too much, you may miss the fact that most things that can/should be fixed by auto-healing is a design flaw/problem.  Unfortunately we tend to ask how many fires we put out, not how many fires we prevented because "fires put out" is easier to count.  We have to educate our stakeholders and leadership to learn that an ounce of prevention is worth a pound of cure!