Lots of people have a small home network. Usually you have a combo box which acts as a router/firewall/file server. Then you have a couple of other machines hooked up, and you share the Internet using NAT. A private DNS server is helpful in this kind of scenario for two reasons:

  • Recursive resolver cache can speed up common DNS lookups.
  • Private authoritative resolver lets you easily refer to machine in your home by name, instead of remembering IP addresses.
The DNS Dichotomy For many years there has been a dichotomy in the DNS server implementation world, pretty much between the ISC's BIND and just about everything else. The essence of this dichotomy is that BIND integrates both djbdns, has one tool - tinydns - for the authoritative portion while another - dnscache - implements the caching recursive resolver functionality. Convenience costs you security The monolithic BIND approach has certain limited benefits - mainly that it is convenient to configure and install a private DNS server which acts both as a cache and as an authority for the private domain. Unfortunately, this design has severe implications for the robustness of the software. It serves both to increase complexity within a single process while ignoring the principle of least privilege. Essentially, BIND is a horribly complicated beast, with serious security vulnerabilities being found pretty often - and even the smallest security flaw can result in major problems due to the single process design. Alternative approaches [caption id="attachment_487" align="aligncenter" width="250" caption="Unbound: A modern, secure DNS server"]Unbound[/caption] While djbdns might be one of the better-known BIND alternatives, I recently came across Unbound, a BSD licensed recursive resolver. One of the authors of Unbound is also an OpenBSD developer, which inspires confidence in the security of the software. Unbound also does simple authoritative resolution One of the nifty features of Unbound is that you can very simply configure it to act as an authority for your private domains. Due to this feature, you can have a single daemon on your home network router acting as both a cache and server for your local domain. This is very nice. In fact, I have found the Unbound configuration format to be considerably nicer to deal with than that of BIND. Setup under OpenBSD This describes how I set up Unbound on my OpenBSD machine - it should be a pretty similar procedure on most other operating systems.
# install the package
$ sudo pkg_add -i unbound
Now you have the binaries on disk, you can edit the configuration to set up your private domain. Unbound runs as a recursive resolver out of the box, so this is just about all the configuration you'll need to do.
# edit the config
$ sudo vi /var/unbound/etc/unbound.conf
For a single machine, add the following under 'server', replacing 'inet' with the desired name of your local domain, and 'joust' with the name of your machine:
    local-zone: "inet." static
    local-data: "joust.inet. IN A"
Since you want the DNS server to be accessible from other machines, you probably want it to listen on (all available interfaces). Make sure you have some kind of firewall in place before you do this, though - you don't want to let random Internet hosts query your DNS server:
    # Make sure you have a packet filter to block queries from the Internet.
    # Alternatively, set this only for your local network.
    access-control: allow
Now you can start up Unbound:
$ sudo /usr/local/sbin/unbound
And of course you probably want it to come up on boot, so follow these instructions:
$ pkg_info -D unbound
Information for inst:unbound-1.2.1p0

Install notice:
You should add:

    syslogd_flags="${syslogd_flags} -a /var/unbound/dev/log"

to /etc/rc.conf.local to create a syslog socket in the unbound chroot.

You may also want to add the following to /etc/rc.local to start unbound
at boot:

        if [ -x /usr/local/sbin/unbound ]; then
                echo -n ' unbound'; /usr/local/sbin/unbound 

Niall O'Higgins is an author and software developer. He wrote the O'Reilly book MongoDB and Python. He also develops Strider Open Source Continuous Deployment and offers full-stack consulting services at FrozenRidge.co.

Read and Post Comments

Today on my ride home from work, along Fell St. between Divisadero and Broderick, I saw the guy cycling just in front of me get hit by a car which made a sudden left turn, into the bicycle lane, and into a parking lot.

The car was moving slowly at the time, but the guy was going pretty fast, so it was essentially like he rode into the front of the vehicle at a pretty good clip while getting bumped from the side. Myself and a couple of other cyclists immediately came to his aid. Fortunately, he wasn't badly hurt - his glasses had banged just beneath his left eye so there was some bleeding there, and it looked like he cut his lip - but no broken bones. Of course, he was pretty shocked. The guy who hit him was pretty shocked too. The car driver was - quite pathetically - apologising over and over - as if thats going to make anything better. Nobody seemed to know what to do. So if you are hit by a car, what should you do? According to Cyclist Law.com you should do the following:
When involved in a bike accident, call 911 immediately, assume you are injured and DO NOT REFUSE MEDICAL ASSISTANCE you could be in shock or your injuries just may not be apparent. ALWAYS make sure police are called to the scene and the police take a detailed report. Make certain the other driver has provided his or her driver's license, insurance information, license plate of the vehicle driven, and take a description of the driver and the vehicle.
Other resources for bicycle accident reporting and bicycle safety I have found: San Francisco accident map, a Google Maps mash-up. Bicycling Street Smarts, an e-book about how to ride safely. How not to get hit by cars, another bicycle safety resource. SFBC's Bicycle Safety page, which contains information about law, safety, etc.

Niall O'Higgins is an author and software developer. He wrote the O'Reilly book MongoDB and Python. He also develops Strider Open Source Continuous Deployment and offers full-stack consulting services at FrozenRidge.co.

Read and Post Comments

Track stands for fun and profit

November 21, 2008 at 06:30 PM | categories: Bicycle, Health | View Comments |

I've been riding a fixed gear bicycle daily to work (10 mile commute round-trip) for over a year now. I love riding fixed gear. I wrote several articles about my experiences building my own fixie on this blog. Something I learned how to do pretty recently was to do a track stand. If you haven't heard the term before, a picture speaks a thousand words - here's someone doing a no-hands track stand: Anyway I learned to do a basic track stand - that is standing, with one or two hands on the handlebars, a couple of months ago. My friend Nathaniel Cafolla, who in addition to being a talented marine scientist and all-around great guy has worked a fair bit as a courier in Dublin and has amazing knowledge of all things bicycle, taught me the basic technique over the summer. I must say its a lot of fun, very satisfying to do. Although I'm pretty good at it now, I've embarked on the next step - track stand while seated. I can do this successfully about 70% of the time. My goal is to eventually be able to do a no-hands track stand. I'm working towards that by doing seated track stands with just one hand on the handlebars. I'm pretty sure that within a month or two I'll be able to do it with no hands. So whats the point. Well, its nice not to have to take your feet off your pedals while stopped at a light. It also looks cool, and is fun. Its one of those little skills thats great to work on a little every day. I think it also improves balance to some degree, and forces you to relax into "the zone" - like most balancing feats, its easier if you clear your mind and don't over think what you're doing. I find that track standing on steep hills can require quite a of bit leg strength, too. Just as riding a bicycle regularly is a nice thing to add to your routine, and riding a fixed gear is a nice variation, practicing a track stand is worth mixing in too. A little test of strength, co-ordination and balance is just the thing to spice up your commute while you're waiting for a light to change! Enjoy.

Niall O'Higgins is an author and software developer. He wrote the O'Reilly book MongoDB and Python. He also develops Strider Open Source Continuous Deployment and offers full-stack consulting services at FrozenRidge.co.

Read and Post Comments

Fixed-gear bicycle impressions

August 08, 2007 at 11:26 PM | categories: Bicycle | View Comments |

I already wrote a bit about completing my fixed-gear bicycle last week, and since then I have had the chance to ride it around San Francisco a good bit. I live in the Inner Sunset, by Golden Gate Park, and I work downtown on New Montgomery. Its around four and a half miles from my house to the office - usually I cycle along Market up to Page and then on to Irving. If I stop by Krav Maga on my way home, I end up going along Pine to Masonic, then through the Pan Handle and into Golden Gate Park. The point to all this rambling about my bicycle route is that it has a few quite considerable inclines along it. The main thing that worried me about riding fixed-gear was the hills. Not so much going up them, since I figured if it was too hard I'd simply walk the bicycle up. Going down however, worried me. Leg braking well enough to control descent down some of these hills requires practice - and more importantly, hard leg braking is supposed to be hard on your knees and can even make your muscles weaker. According to Sheldon Brown "Heavy duty resisting is widely reputed to be bad for your legs, and to be counterproductive for building up muscles and coordination for forward pedaling [...] Eccentric contraction is reputed to cause micro-tears to your muscle tissue, so it actually weakens your muscles, unlike other forms of exercise."

Despite many people riding fixies without any brakes, I thought it wise to put on a front brake a) because I don't yet know how to brake properly b) in an emergency, if the chain comes off or breaks, how do you stop? c) to reduce stress on knees, especially on steep hills. The disadvantages of having a front brake are: it costs about $20, it takes a bit of work to install, it weighs a little more, and perhaps it makes you seem less macho. None of these disadvantages bothered me - what is $20 for something which could easily save your life? The extra work to install was an enjoyable educational experience to me. Increased weight only means increased resistance. Finally, I'd rather be alive than macho and dead any day.

In practice, I find myself using the front brake very heavily on steep hills with a four-way stop at the bottom. I don't yet have the strength and/or knack to control my speed on these very steep hills using just my legs yet. For predictable stops - e.g. intersections, lights and so on, leg braking is fine. Letting legs go limp and simply weigh on the pedals while seated is sufficient to brake at a low speed, at higher speeds, a similar approach but while standing on pedals does the job.

As for going up steep hills, I was surprised to find I could manage it. A fixed-gear drive train is supposed to be more efficient than a derailer, and it feels it! Also the moustache handlebars are better for climbing compared to the drop bars I was using previously. Additionally, if you are climbing a steep hill on a fixed-gear with SPDs, there is considerable incentive to push yourself. If you let yourself go too slow, you will fall over! I have been having fun on my commute trying to beat fellow cyclists with geared bicycles up hills. While they can switch into lower gears for maximum efficiency, I must mash my way past them. I can see how cycling fixed-gear makes you stronger!

I agree with the general attitude that fixed-gear is more interesting and more challenging. It also feels somehow smoother and closer to the bicycle than a freewheel. Overall I enjoy it very much, this project has made me feel much more enthusiastic about bicycles and cycling in general. Its put a lot more fun into bicycling for me. All in all I heartily recommend a fixed-gear project!

Niall O'Higgins is an author and software developer. He wrote the O'Reilly book MongoDB and Python. He also develops Strider Open Source Continuous Deployment and offers full-stack consulting services at FrozenRidge.co.

Read and Post Comments

Building a Fixie #4 - Completion! Satisfaction!

August 05, 2007 at 10:45 PM | categories: Bicycle | View Comments |

I finished my bicycle a few days ago, and have been riding it an tweaking it since. The Shimano UN-53 works fine on the Italian frame and crankset fits perfectly. For the moment I've mounted my old, standard road pedals - I'll put on the SPD pedals once I am more used to riding fixed gear.

Was a fun challenge figuring out how to re-pin links in the chain after having broken it somewhat hastily. Chainline seems ok, although there is some creaking - not necessarily under load, but happens once per revolution. Could be that some links are stiff. Also I noticed the crankset took a 1/8" chain - which is fine since I am running a 1/8" chain - but the track cog was 3/32". Seemed to run fine, but perhaps it could cause wear on either the sprocket teeth or the chain, so I decided to get a 1/8" track cog. In the process I moved from 15T to 17T (chainwheel is 44T) and popped on a 17T freewheel. This yields a lower gear ratio which suits me fine given the hilly context of SF.

Installing the front brake was fun too - I totally botched the first attempt but cutting the cable housing and the inner cable, and had to start from scratch. Still could make the brake a little tighter.

The headset rattles a little over bumps, feels like it is loose for some reason. I tightened the lockring which helped a bit, but I probably need to wrench it. Don't have a fitting wrench yet though.

These niggling issues aside, it is wonderfully satisfying to ride a bike that I put together myself. I learned a great deal - I would feel confident making just about any bicycle repair at this stage. If you want to learn more about bicycles, I can heartily recommend a project of constructing your own as a perfect pedagogical exercise. My next post is going to cover my impressions of riding the bicycle, and of riding fixed-gear in general. Here is a photo of the finished bicycle:

Niall O'Higgins is an author and software developer. He wrote the O'Reilly book MongoDB and Python. He also develops Strider Open Source Continuous Deployment and offers full-stack consulting services at FrozenRidge.co.

Read and Post Comments

Next Page ยป