Random header image

Quickly install DiG on Windows without a full BIND9 install

Today I needed to use - and install - DiG (Domain Information Groper!) on a Windows 10 box. Of course, Windows is useless when it comes to CLI tools - nslookup is past its prime and not even Windows 10 includes much by way of useful tools for DNS queries. It's shipped as part of the BIND9 DNS software from ISC.

So, let's see about DiG... Good news, everyone! - BIND9 is available for Windows, but I don't want to install the whole thing, ain't nobody got time for that. So, let's see about excerpting just the DiG executable and getting it so you can use it without specifying its full path every time, which will require setting its location in the PATH variable.

There's quite a few guides and tutorials to installing DiG on Windows. The simplest one I found was from Websistent, who recommended downloading their own zip of DiG and its necessary DLL dependencies, dropping those into windows\system32 (urk?) and using as normal.

We can do better than that:

Click to see how simple it is!

Fail2ban 0.10 on CentOS6 - yes we can! And my notes on successful manual upgrades

Fail2ban's official compile for CentOS6 has never advanced beyond 0.9.6-1.el6.1. While 0.9.6 works, it's old and has a few major inconveniences:

  1. No IPv6 support ๐Ÿ™
  2. A tendency for the daemon to die when parsing many logs or a high volume of activity
  3. Quite slow to parse logs when restarting after a config change

So, what can we do? Well, compile from source and upgrade with the supplied python script! It's easier than I anticipated, but there's still a few things you need to watch out for.

Read more

Setting up a secure Postfix server in 2019 - what to consider?

Postfix is great, and widely used, but freshly installed it's like a newborn child. Nowadays there's a lot of work required to get it to an acceptable level to face the wild west of the Internet.

NB: This is a living document and will probably change over time as I revise my own methods for managing my servers.

Running an MTA to an 'acceptable' standard now requires lots of additional config and tuning, but it's satisfying once done. Be prepared to learn lots about DNS, TLS, certificate structure, mail filtering (miltering), regular expression and monitoring - crucial once your system is operational.

Once you've had your fill of the RFCs (https://www.fastmail.com/help/technical/standards.html), there's plenty other stuff to learn. http://www.emailarchivestaskforce.org/documents/guide-to-email-standards/ is worth a read, and are you sure you know how to validate an email address? https://haacked.com/archive/2007/08/21/i-knew-how-to-validate-an-email-address-until-i.aspx/

For newcomers, important areas to cover are:

  • understanding quirks of different email clients, some of the odd scenarios with specific email services
  • familiarising oneself with the certificate process
  • how TLS is employed with email
  • Hands-on experience is crucial!
  • Doing dry runs with a dev system is invaluable - you must be able to make and break things without taking down customers' email ๐Ÿ™‚

I administer shared Postfix servers for numerous clients. Some are newest releases of Postfix, and some, due to legacy requirements, are older. Nothing necessarily wrong with that, but some configuration options aren't always available.

If I was setting up a new Postfix server today, I'd go through these steps:

(moreโ€ฆ)

Frameserving from Premiere Pro CC 2019 to FFmpeg

A while ago while working on batches of video edits, I came to the realisation that frameserving is simply the best, most flexible way to encode in some cases. Time marches on, and so did my software - eventually I came to a new machine, new Premiere Pro and - disaster - no apparent support for frameserving. Just when I needed it...

Cleverer people than me have solved the CC2019 problem - for those of you editing in Premiere it's once again fairly easy to frameserve encode. However, it did take a bit of sleuthing to figure out a few things; this tutorial should help you to avoid the same problems I encountered.

November 2019: Vouk's excellent Voukoder plugin for After Effects and Premiere can now accomplish some of what this article covers, and it has an active developer and user community. Vouk includes the FFmpeg/libav filters to enable things like bwdif deinterlacing. There are still some bugs but it's worth a test - it should integrate nicely into an AME or batch workflow. More complicated workflows may still benefit from frameserving, so it's still worthwhile to do.

July 2020: wangqr, the developer of the dfscPremiere.prm patch, informed me by email that he's not maintaining it any more as it's been merged into the main Debugmode Frameserver repository. Download v3.0 for use with CC2019 and above. Thank you for your hard work, Q!

Spoiler: it's a little bit of work, not very difficult, and the results are great

MaxMind GeoLite v1 databases discontinued - install GeoLite2

I noticed recently that a few web sites are miscategorising my ISP's static IP as being in the wrong country. I knew it was a recent reallocation of a new block and suspected the web sites were using a stale version of a GeoIP database - probably MaxMind's GeoLite v1 offering.

If you see stuff like this while surfing the web, your IP is probably in the same boat:

It's such a stupid problem, but it's all due to lazy server admins or designers
I footnotes