From dde412a16f3ada224da08b166b5d6de61042cbe0 Mon Sep 17 00:00:00 2001 From: Mike Swanson Date: Sat, 27 Jun 2026 06:54:08 -0700 Subject: [PATCH] sync: auto-sync from GURU-5070 at 2026-06-27 06:53:09 Author: Mike Swanson Machine: GURU-5070 Timestamp: 2026-06-27 06:53:09 --- ...ike-jupiter-plexrequest-seerr-dns-relay.md | 45 +++++++++++++++++++ 1 file changed, 45 insertions(+) diff --git a/session-logs/2026-06/2026-06-27-mike-jupiter-plexrequest-seerr-dns-relay.md b/session-logs/2026-06/2026-06-27-mike-jupiter-plexrequest-seerr-dns-relay.md index eeffa28c..946da594 100644 --- a/session-logs/2026-06/2026-06-27-mike-jupiter-plexrequest-seerr-dns-relay.md +++ b/session-logs/2026-06/2026-06-27-mike-jupiter-plexrequest-seerr-dns-relay.md @@ -131,3 +131,48 @@ general advisory on forcing SharePoint docs to open in desktop Office (no change "Open in the client application"; site-collection feature "Open Documents in Client Applications by Default"; or per-user Sync/"Add shortcut to OneDrive". Caveat: Business Basic (no desktop Office license) users can hit an error instead of browser fallback. + +## Update: 06:52 PT — finish killing the dead `.50` resolver (Jupiter host + pfSense) + +Continuation of the DNS-relay work: eradicated the dead `172.16.3.50` from all active config. + +**1. Jupiter host DNS1 -> 172.16.0.1.** `/boot/config/network.cfg` `DNS_SERVER1="172.16.3.50"` +-> `"172.16.0.1"` (kept `8.8.8.8`/`1.1.1.1` as DNS2/3), and live `/etc/resolv.conf` first +nameserver updated. No network restart (would risk the SSH session). Backups +`network.cfg.bak-20260627`, `resolv.conf.bak-20260627`. Host lookups now fast (was ~5s stall; +the host couldn't use the `.50` relay container due to ipvlan host->own-container). + +**2. pfSense LAN DHCP DNS — already correct, no change.** Read `config.xml`: the only DHCP scope +(`lan`, range `172.16.1.1-254`) already hands out `172.16.0.1` first, then +`8.8.8.8`, `1.1.1.1`. So DHCP was never the source of the dead `.50` — affected hosts were +statically configured (e.g. Jupiter, now fixed) and/or covered by the relay. pfSense system DNS = +`8.8.8.8`/`1.1.1.1`; unbound (DNS Resolver) running on `:53`. + +**3. pfSense OpenVPN wizard state scrubbed.** The only other `.50` in `config.xml` was +`$config['ovpnserver']['step10']['dns1']=172.16.3.50` — pfSense's saved **OpenVPN setup-wizard** +state, NOT a live server (the `` config is empty; remote access is Tailscale/WireGuard). +So it was inert (not pushed to any client) — my earlier "VPN clients get .50" framing was wrong. +Scrubbed to `172.16.0.1` anyway (hygiene; prevents a future wizard re-run reintroducing it) via +`php` `write_config()` using the skill's proven `config.inc` bootstrap, no service reload. Backup +`/tmp/config.xml.predns-20260627.bak` on the box + pfSense config-history revision. The only +remaining `.50` string in config is that revision's own change-note (metadata, scrolls off). + +**Tooling note:** all pfSense access went through the `unifi-wifi` pfSense SSH backend +(`pfsense-ssh.sh infrastructure/pfsense-firewall run ""`) — authenticated path (askpass + +vaulted password, port 2248), not hand-rolled ssh. No dedicated DHCP/DNS verb exists, so used `run`. + +### Update — Configuration Changes +- Jupiter (live): `/boot/config/network.cfg` DNS_SERVER1 -> `172.16.0.1`; `/etc/resolv.conf` live. +- pfSense (live, `config.xml` via write_config): `ovpnserver/step10/dns1` `172.16.3.50` -> `172.16.0.1`. +- No repo files changed in this update (infra-only). `wiki/systems/pfsense.md` note still TODO. + +### Update — Infrastructure & Servers +- **pfSense office gateway** `172.16.0.1`, SSH port **2248**, user `admin`, pfSense 2.8.1 (FreeBSD). + Vault `infrastructure/pfsense-firewall.sops.yaml`. Tailscale `100.79.69.82`/`100.119.153.74`. + LAN DHCP scope `172.16.1.1-254`; unbound resolver on `:53` (verified 0.06s). +- Dead host `172.16.3.50` now fully decommissioned in config; `dns-relay` container still answers + `.50` for any static straggler. New DHCP clients get `172.16.0.1` directly. + +### Update — Pending / Incomplete Tasks +- Optional: note this pfSense `.50` cleanup + DHCP finding in `wiki/systems/pfsense.md`. +- Seerr Plex Scan error follow-up (re-select Plex libraries) still open from earlier.