Virgin Media  DNS hijacking 

Having own DNS servers is a good practice, rather than letting your ISP to direct traffic to their liking. Virgin Media's stupid landing page for unresolved DNS was driving me nuts. Even after running my own bind9 I noticed that the DNS queries  are still being hijacked by VirginMedia and reroute via their garbage .   The simple test to prove this  is dnsleak . 

 

The ISP column will have a Virgin Media entry.

Lets see how we can work around this . 

• setup a £5/month VPS &  run bind9 on it
•  link the home gateway & VPS via wireguard  & point all DNS upstream to this VPS
  
• add iptables rule to PREROUTE   plus usual masquarding rules on wireguard interface
  

iptables -t nat -A PREROUTING -p udp --dport 53 -j DNAT --to 192.168.6.1:53

 

where 192.168.6.1 is the VPS  

• run dnsleak test again

 

yay ! its the cloud provider's DNS - which I dont mind. 

 

a few days later I get a letter in the post ...  

 

 According these wankers my router is "misconfigured" -  ODNSR  vulnerability my arse !

 

 

 

 

External USB disk storage for Zoneminder

Its often useful to have an external storage for ZM videos , stills and events

Create usb disk , partition & format with label ZMDATA

create a directory  /var/lib/zmdata

edit /etc/fstab and add entry :

LABEL=ZMDATA    /var/lib/zmdata    ext4    defaults    0    0

mount  the disk and create directories :

/var/lib/zmdata/zoneminder/{events,images}

edit  / create a new file  /etc/zm/conf.d/03-usbmount.conf with contents

ZM_DIR_EVENTS=/var/lib/zmdata/zoneminder/events
ZM_DIR_IMAGES=/var/lib/zmdata/zoneminder/images

set permissions,  chown -R 33.33  /var/lib/zmdata/zoneminder/

add the new storage and delete default, restart zoneminder