serverfault.com

We recently re-launched our website and migrated it from an old Firebase project to a new Firebase project. Details: Domain: farefirst.com (existing domain, working for years) Registrar/DNS: GoDaddy Hosting: Firebase Hosting After updating the new Firebase IPs in GoDaddy: The site worked normally for a few days. Then it stopped loading on Jio, and later on Airtel networks. It still works fine on all other ISPs. Observation: On Airtel/Jio default DNS, the domain doesn’t load. ping www.farefirst.com on Airtel resolves to: Pinging dotblocking.dummy [13.127.247.216] Request timed out. If DNS is changed to Google (8.8.8.8) or Cloudflare (1.1.1.1), the site loads correctly on Airtel/Jio. This suggests ISP-level DNS blocking, not a hosting issue. Questions: Why would a legitimate domain get blocked after migrating

After the upgrade and fixing WiFi I was surprised that Direwolf stopped working. (Direwolf is a sound modem used for packet radio applications). The reason why it was failing was that it did not find the configured sound card (which worked before upgrade, of course). After some investigation I found this: Before upgrade the on-board HDMI was hw:0, while the USB adapter connected to USB port was plughw:1 (Digirig Mobile, it contains USB hub chip, CM108 and CP2102). After the upgrade it is swapped. This happened even though during my testing to revive the WiFi module after upgrade the USB adapter was not connected... Two questions: Is there a way to configure the system that it puts on-board devices first in the list of sound cards, thus avoiding ambiguity in card and device indexes? I use a special ALSA config to map the USB device to a synthetic device pasym0 which should enable, in the future, if required, that mult

On my local network, I set the System domain-name in my EdgeRouterX to local. For most applications this seems to work fine. I can find a server by navigating to someservername.local, I can SSH into the same server the same way: ssh [email protected]. However, in some cases it does not work. A new Debian machine I set the hostname to debby, but for some reason I can't access it on the network at debby.local. The second issue was I set up homepage (https://gethomepage.dev/) on an old laptop. I can access the page using the laptop's name: t420.local, but proxied calls won't get to the source. For example, if I configure the pihole widget with the pihole's domain name: pihole.local the proxied call fails: "rawError": [500, { "errno": -

I'm attempting to setup a hub and spoke architecture in Azure with a hub VNET that has a NVA (Linux VM as a router) that will forward internet bound traffic to a NAT Gateway. I haven't been able to get internet bound traffic to go from a Windows 11 VM in a spoke VNET > Linux NVA VM in the hub VNET > NAT Gateway I've confirmed the following: Enabled IP Forwarding is set on the Linux NVA NIC net.ipv4.ip_forward = 1 is set on the Linux NVA in the OS settings I ran the following commands for iptables on the Linux NVA: iptables -t nat -F to clear any existing iptables rules iptables -P FORWARD ACCEPT iptables -t nat -A POSTROUTING -j MASQUERADE -o eth0 Both hub VNET and spoke VNET are peered with Allow access and Allow to receive forwarded traffic enabled on both sides of the peering

I am upgrading a network rack where all devices are non-PoE and support up to 1 Gbps. The existing cabling is Cat5e and Cat6 UTP. The plan is to connect all devices to a patch panel, from the patch panel to the switch, from the switch to the router, and from the router to the rooftop AP (currently, all device cables connect directly to the switch). I also need to add new wired connections: one for the plotter one for a printer currently using Wi-Fi one for the label printer one for a new PC Materials to purchase: one Ethernet cable roll (30 m should be sufficient) keystone modules for the patch panel RJ45 connectors with boots 50 cm patch cables, pre-terminated 100 cm patch cables, pre-terminated Questions: Do I need different keystone modules for Cat5e and Cat6, or can a single type be used for all connections? Which criteria should I follow to select the correct mod

I am currently building a 42U rack intended to manage a 10 Gbps PoE network, hosting high-value equipment, but this is not the focus of this discussion. My question concerns exclusively the selection and management of network cabling. For the entire installation, I used Cat 6A U/FTP 23 AWG 100% copper cable. However, this cable is very rigid and difficult to manage inside the rack. For connections between the patch panel and the switch, I am considering using pre-terminated Cat 6A S/FTP patch cables of 0.5 m or 1 m, to avoid terminating a large number of RJ45 connectors. The uncertainty, however, concerns all the other connections: connecting a computer located 2–3 m from the rack; connecting a NAS to the switch; and, in general, all short non-structured links. I initially considered using Cat 6A S/FTP 26/7 AWG 100% copper cable, but when searching for suitable shielded plugs, I did not find clear solutions. In addition, having never te

I am an Infrastructure Engineer for an organization. We have one Root Certificate Authority(RootCA) and one Subordinate Certificate Authority(SubCA). The RootCA is kept in an offline/disconnected state. The master signing certificate is 2048-bit. I did not set the system up and the individual that set the system up is no longer with the organization. The admins are talking about wanting to move to 4096-bit. I have engaged endlessly with AI Chat Bots to research how to accomplish this and they're constantly giving mixed signals. I was under the impression that I could upgrade the RootCA master signing certificate in place so that it still respects the 2048-bit and the new 4096-bit at the same time. In the end, it appears the AI is wrong and that I cannot do an in-place upgrade. I do not feel that I can trust the AI Chat Bots on this. I ask for the wisdom of experienced engineers. Either my google-fu is failing or no one has documented this procedure. The q

I want to mount a RAID1 with 2x 4TB btrfs-HDD and it fails with "invalid argument". The System is an AlpineLinux running on a SBC for a small Nextcloud. btrfsck said /dev/sdb had Checksum verify fail, bad tree block and a Chunk-Root-Error, so I chose to remove the disk, zap the superblocks, reformat it and add it again. Now it's clean again: Opening filesystem to check... Checking filesystem on /dev/sdb1 UUID: d6899d0f-0771-45dc-a917-dc5bc635273a [1/8] checking log skipped (none written) [2/8] checking root items [3/8] checking extents [4/8] checking free space tree [5/8] checking fs roots [6/8] checking only csums items (without verifying data) [7/8] checking root refs [8/8] checking quota groups skipped (not enabled on this FS) found 147456 bytes used, no error found total csum bytes: 0 total tree bytes: 147456 total fs tree bytes: 32768 total extent tree bytes: 16384 btree space waste bytes: 140646 file data blocks allocated: 0 referenced 0

I would like to reset a cisco router following this procedure: https://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/ios-xe-16/217045-troubleshoot-password-recovery-in-cisco.html I use minicom with a serial link to talk with the router. I manage to send the break signal at startup (ctrl-a f), entering the rommon mode: rommon 1 > But then the minicom terminal does not respond: whatever I type on the keyboard, nothing is displayed in minicom.

I’m facing a confusing issue and would really appreciate technical insights from experienced developers or security professionals. In system, the OTP sending port/slot officially opens at exactly 2:00 PM. Before that time, the website does not show the “Send OTP” option. However, we’ve observed that some developers or API users are able to receive OTP codes earlier, around 1:58–1:59 PM, even though: The “Send OTP” button is not yet enabled on the website The email address is already attached (they don’t need to re-enter email or SIM number) Captcha (required for both SMS and email OTP) has not yet been completed OTP is still delivered successfully to email and SMS This raises several questions: How is it technically possible to trigger OTP generation before the frontend enables it? Could this be done by: Directly calling backend or OTP API endpoints? Reusing a