Objectives:
1. To build white box for running ESXi
2. Support up to 64GB DDR4
3. Total power consumption below 30 watt on idle
4. Expandable, with PCI expansion slots and multiple SATA ports
5. Cheap as possible

Part lists (as of October 2017)
Intel – Pentium G4560 3.5GHz Dual-Core Processor RM 320.00 (Lazada)
-poor-man’s Core i7 CPU, price vs performance, when it introduced it cannibalized the i3 sales. Intel realized this and slow down the production. Low TDP.

Asus – PRIME B250M-A Micro ATX LGA1151 Motherboard RM 415.00 (Lazada)
-4 DIMM slots and support up to 64GB DDR4. Alternatively, you may consider Gigabyte GA-B250M-D3H.

Avexir Core Series DDR4/2400Mhz/16GB/LED RAM RM 569.00 (Lazada)
Avexir Core Series DDR4/2400Mhz/16GB/LED RAM RM 519.00 (Lazada)
-simply because it is the cheapest. 2x16GB is cheaper than 4X8GB RAM. Furthermore, I have 2 more free DIMMs slots with this configuration.

Corsair – VS 450W ATX Power Supply RM 148.00 (Lelong)
-better than stock PSU

Tecware Quad Mini Cube ATX Case RM 180.00 (Lazada)
-cheap and affordable, importantly it perfectly fit my IKEA rack for space-saving purpose. The size and dimension are resemble the infamous HP Microserver Gen8 (bought it for a year ago then sold it because underutilized, now feeling regretted :P)

Western Digital – Caviar Blue 1TB 3.5″ 7200RPM Internal Hard Drive (Re-Use)

I bought mostly from Lazada due to stock availability and abusing their 10% voucher (price listed above before 10% discount). Price for CPU and RAM is higher due to scarcity and exchange rate.

Power Consumption
Average on 29 watts!!

ESXi running VMs

I just noticed that my VPS just expired 3 weeks ago, and there is no way to retrieve it back. That VPS equipped with 128MB RAM, 10GB HDD space for USD4.99 per year (damn cheap).

Then I’m seeking for another poor man VPS. I do not need humongous memory and disk space, just enough for me to SSH and perform remote network troubleshooting (nmap, nslookup, dig, telnet and sometimes for R&D purpose). Ramnode was the best candidate due to their SSD or SSD-Cached disk, but I want to explore another cheap provider.

I found a good deal with HostUS, for USD12 per year they provide:
– 768MB RAM
– 768MB vSwap
– 1 vCPU Core (Fair Use)
– 20GB Disk Space
– 2TB transfer
– 1Gbps uplink
– 1x IPv4
– 4x IPv6
– OpenVZ / Breeze Panel

Breeze Panel is their modified WHCMS integrated with SolusVM (maybe).
vps1
Benchmark:
hwinfo
bench

USD12/year available from this link (affiliate). You can’t find from their main page. While stock last.

p/s: From TM Unifi, I’m getting better latency when I choose London Data Center.
pp/s: You can also use coupon code TOPPROVIDER for 20% off any unmanaged plans on their site

The purpose of the tutorial is to setup an ads blocking using Bind9 DNS Server. Tutorial is divided into 2 section: Setup Pixelserv and Setup AdBlock script for Bind9.
adblock

1. Setup Pixelserv

Pixelserv is a super minimal webserver, it’s one and only purpose is serving a 1×1 pixel transparent gif file. We will redirect web requests, for adverts, to our pixelserv (running in the same bind9 server).

Install Pixelserv

cd /usr/local/bin/
curl http://proxytunnel.sourceforge.net/files/pixelserv.pl.txt > pixelserv
chmod 755 pixelserv

We now need a simple init script for starting/stopping pixelserv, as /etc/init.d/pixelserv.

#! /bin/sh
# /etc/init.d/pixelserv
#
# Carry out specific functions when asked to by the system
case "$1" in
start)
echo "Starting pixelserv "
/usr/local/bin/pixelserv &
;;
stop)
echo "Stopping script pixelserv"
killall pixelserv
;;
*)
echo "Usage: /etc/init.d/pixelserv {start|stop}"
exit 1
;;
esac

exit 0
chmod 755 /etc/init.d/pixelserv

Add pixelserv to startup

update-rc.d pixelserv defaults

Run pixelserv

/etc/init.d/pixelserv start

bind9

2. AdBlock for Bind9

Create new file, /etc/bind/update.sh

curl "http://pgl.yoyo.org/adservers/serverlist.php?hostformat=bindconfig&showintro=0&mimetype=plaintext" | sed 's/null.zone.file/\/etc\/bind\/nullzonefile.txt/g' > ad-blacklist

Make it executable

chmod +x update.sh

Execute update.sh to download adservers file

./update.sh

Verify file content, make sure the path is changed from:

zone "24pm-affiliation.com" { type master; notify no; file "null.zone.file"; }; to zone "24pm-affiliation.com" { type master; notify no; file "/etc/bind/nullzonefile.txt"; };

Create adblock zone file, we named it as nullzonefile.txt

$TTL    86400   ; one day  
@       IN      SOA     ads.example.com. hostmaster.example.com. (
               2014090102
                    28800
                     7200
                   864000
                    86400 )          
                NS      my.dns.server.org          
                A       $YOUR_DNS_SERVER_IP 
@       IN      A       $YOUR_DNS_SERVER_IP
*       IN      A       $YOUR_DNS_SERVER_IP

Reload bind9 configuration

rndc reload

Test your DNS Server

dig @localhost 24pm-affiliation.com

Should returned your own server ip address.

Reference:
https://charlieharvey.org.uk/page/adblocking_with_bind_apache
The Best Ad Blocking Method
http://box.matto.nl/dnsadblok.html
http://www.deer-run.com/~hal/sysadmin/dns-advert.html

Using BIND to reduce ad server content

Incoming search terms:

  • bind9 block ads
  • ad block DNS ipv6 server
  • ad blocking with your own dns
  • adblock bind hosts
  • bind adblock
  • ipv6 dns server adblock

This article will guide you step by step to get Bind DNS running.

Install Dependencies:

[email protected]:~# apt-get update
[email protected]:~# apt-get upgrade
[email protected]:~# apt-get install build-essential openssl libssl-dev libdb5.1-dev

Download Bind:

[email protected]:~# wget ftp://ftp.isc.org/isc/bind9/9.9.7/bind-9.9.7.tar.gz

Unpack Bind:

[email protected]:~# tar zxvf bind-9.9.7.tar.gz

Configure and then compile Bind9 source pre:

[email protected]:~# fakeroot ./configure --prefix=/usr --mandir=/usr/share/man --infodir=/usr/share/info --sysconfdir=/etc/bind --localstatedir=/var --enable-threads --enable-largefile --with-libtool --enable-shared --enable-static --with-openssl=/usr  --with-gnu-ld --with-dlz-postgres=no --with-dlz-mysql=no --with-dlz-bdb=yes --with-dlz-filesystem=yes  --with-dlz-stub=yes  CFLAGS=-fno-strict-aliasing --enable-rrl --enable-newstats

If compile success, you will see below screen:

========================================================================
Configuration summary:
------------------------------------------------------------------------
Optional features enabled:
Multiprocessing support (--enable-threads)
Response Rate Limiting (--enable-rrl)
New statistics (--enable-newstats)
Print backtrace on crash (--enable-backtrace)
Use symbol table for backtrace, named only (--enable-symtable)
Dynamically loadable zone (DLZ) drivers:
Berkeley DB (--with-dlz-bdb)
Filesystem (--with-dlz-filesystem)
Stub (--with-dlz-stub)

Features disabled or unavailable on this platform:
GSS-API (--with-gssapi)
PKCS#11/Cryptoki support (--with-pkcs11)
Allow 'fixed' rrset-order (--enable-fixed-rrset)
Automated Testing Framework (--with-atf)
XML statistics (--with-libxml2)
========================================================================

Compile and install bind9:

[email protected]:~# make install

Last step, we need to manually create the /var/cache/bind directory:

[email protected]:~# mkdir /var/cache/bind

Start the service:

[email protected]:~# sudo /etc/init.d bind9 start

Hopefully, bind9 will start just fine.

Explanation:

Tell Bind9 to utilize DLZ (Dynamically Loadable Zones) using BDB.

--with-dlz-postgres=no
--with-dlz-mysql=no
--with-dlz-bdb=yes
--with-dlz-filesystem=yes

Enable Response Rate Limiting, to limit DNS answer and help mitigate DNS amplification attacks

--enable-rrl

Readings:
https://kb.isc.org/article/AA-01000/0/A-Quick-Introduction-to-Response-Rate-Limiting.html
https://nlnet.nl/project/bind-dlz/200205-sane/paper.html
http://bind-dlz.sourceforge.net/

Incoming search terms:

  • Bind dlz mysql configuration
  • debian bind9
  • enable-largefile bind

Since CloudFlare acts as a reverse proxy for websites, CloudFlare’s IPs are going to show in your server logs. This can be easily identified from awstats or webalizer.
cloudflare
There is an easy fix to restore original visitor IP for any web server.
1) Copy the source file mod_cloudflare.c to your web server.
wget https://raw.github.com/cloudflare/CloudFlare-Tools/master/mod_cloudflare.c
2) Make sure that the command apxs or apxs2 is installed somewhere.
If you are running Ubuntu or Debian, this can be installed with:

apt-get install apache2-prefork-dev

If you are running Fedora or CentOS, this can be installed with:

yum install httpd-devel

3) Execute this command as root:

apxs2 -iac mod_cloudflare.c

4) Restart apache.
5) Lastly, make sure that mod_cloudflare is working by tailing your access.log file. ou should see that the remote_ip field here is no longer that of the CloudFlare CDN IP ranges. You can execute this command to verify mod_cloudflare is loaded into Apache:

apachectl -t -D DUMP_MODULES | grep cloud

Related article

Incoming search terms:

  • apache show cloudflare source ip in log
  • cloudlare visitor ip

How Does CloudFlare’s Technology Work

CloudFlare’s technology is built like a CDN (content delivery network). It is a cloud-based, distributed network, which means it has multiple data centers spread across the web. When you add a domain to your CloudFlare account, CloudFlare acts as a proxy. This means that your visitor’s requests to your website are routed through the CloudFlare network.

To start using CloudFlare is fairly simple, go to https://www.cloudflare.com and add you site there. It takes around 1 minutes for CloudFlare to check your DNS record. Once verification finished, you must change your nameserver using CloudFlare’s predefined DNS server.