Level1 Presents: THE FORBIDDEN ROUTER II - DIAL-UP BY DAWN

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
so what's the software stack look like on the forbidden router well it's really exciting it doesn't even have to be on the forbidden router we've talked about it before we're going to update it some there's a how-to guide on the forum this is so cool check this out humor me for a second let's go to msn [Music] okay we're on msn but all the ads are missing what what have you done with the ads they're in a black hole or a pie hole i should say pie hole is so cool but also what about steam i'm downloading its steam at 90 megabytes per second that's not even impressive that's gigabit speed what if you could download from steam at 10 gigabit speed you can do that with this setup i'm going to show you how the forbidden router part two so here's our setup if you saw last time we set up pfsense as a virtual machine which is a little bit of a no-no not recommended you don't have to do that if you have a hardware pf sense machine this will work just the same but the next step we're going to configure a linux machine i've selected alma linux and if you're following along i'm assuming that you know how to do the linux thing and you can do the command line but it's not a terrible first ish project with linux so all my linux basically you log into your management ui and you create a virtual machine and you download the alma linux iso that's in the in the guide on the level 1 forum i just use wget to dump it in the in the folder not a big deal at a very high level what we're going to do is set up pi hole which does dns filtering for ads and a little bit of malware filtering but it also gives you control over it so it gives you a web management gui to do some fun stuff i really think that routers need to build in this technology there's no reason that you know uh asus or netgear or somebody like that is not selling you something that can run these little docker containers because it's so cool it's so handy you can customize your router to do whatever you want but what it's doing is filtering ads and ads can be a vector for malware and doing this at the router level is really super awesome and it's really not super hard but i wanted to go fast and the forbidden router is using those f series epic cpus so we start with linux we can run containers docker containers so we set up alma linux we configure docker and then the first docker container that we set up other than hello world because we need to make sure that everything's actually working is called portainer portainer is an incredible gui for docker and if you're not using this for a home setup or something like that you should definitely give them a few bucks or subscribe to one of their more commercial offerings because poor tainer really makes your life a lot easier if you have to manage these things oh and i should quickly have an aside in the red hat ecosystem they're working to replace docker with something called podman and we've talked about that a little bit on the level one forum there's a lot of really interesting stuff podman is an incredible replacement for docker it uh you know the docker people have made some changes because they're trying to make money and commercialize things with it red hat is also in this whole cloud hosting business so they're offering podman as basically a drop-in replacement for docker and if you want to go the red hat enterprise linux route red hat does actually offer 16 free licenses for usage and you can do pretty much all of this with portainer there's a couple of gotchas there's a couple of pitfalls that you might fall into this is basically ready made to go on all my linux 9 and that's because red hat 9 with docker ce they're having a little spat and there weren't really usable sources for that for a while but anyway so there's a docker container a docker compose script which will create one or more docker containers as needed for the solution we've got that for pi hole and we've got that for lan cache which does steam caching not just steam but also windows updates that are unencrypted blizzard basically anything that's not encrypted that has to do with games there's a list of servers that it replaces you can check that out in the form if you don't know exactly what it does the how-to guide will link you to the dns that takes over but it's doing all this magic through dns and dns is a separate conversation that we need to have if we're going to have this conversation about steam cash and pie hole we have to have a larger conversation about dns because dns is important it's always dns when you're troubleshooting dns benchmarking is kind of weird because it's not something a lot of people talk about but if your dns performance is bad anything that you do on the internet is going to feel weird and sluggish what i mean by that when you click on a link on a web page how quickly it does something if dns is slow your whole connection is going to be slow even if you can download files really fast or if it feels like you can download files really fast steam's moving at 100 megabytes per second the full you know bandwidth that you would get from gigabit speed but you click on a website and it's slow that's probably dns intermittent weird problems it's probably dns it's kind of a joke among system administrators it's like there's no way it can be dns oh yeah no totally turns out it was in fact dns steam cache and pi hole both mess with dns they are both dns services as far as i know there's not a container that contains services for both what pie hole does and what steam cash does and if you look at how those things work they depend on dns manipulation starting with steam cash if we talk about how steam cash works it's a huge list of uh dns names and i call it steam cash but it's really not steam cash anymore it's based on a a project called steam cash that became land cash became something else but this project doesn't actually even maintain its own list of dns names to be messed with and so what it does is it takes this list of dns names you know certain website urls like google.com is a dns name and there are known dns names for windows updates and steam game updates and steam powered and like the steam powered store and updates all this other kind of stuff and instead of sending you to valve or sending you to microsoft or sending you to whatever it sends those to your steam cache appliance or your lan cache appliance where things hopefully are cached then that thing knows what the real addresses are and it'll reach out and grab them this is totally normal in fact isps often will host their own steam cache system uh ryan's isp hosts a steam cache server the problem is that it's garbage and overloaded and so it's much faster if he bypasses that using a third-party dns service than it is to use his isp steam cache because his isp steam cache tops out of downloads of like a megabyte per second and if he just doesn't use his isps dns server then those things will come in at more like 100 megabytes per second instead of one and that's basically what we're doing here with dns dns manipulation so we manipulate dns so that the files will try to come from the local cache first before they come from valve same kind of thing with pi hole except instead of speeding things up we want to block things that we don't need which will speed everything else up so how we have to set this up is basically a hierarchy we have to do a dns lookup and then pass that request it's like hey where's google it's like okay that's not valve i'll pass that on and then it's like oh that's not you know pie hole i'll pass that on or oh that's not whatever i'll pass that on it would be better if one resolver could resolve both things where something in say pie hole dns knew that steam was a thing and it was in the local database and it would handle it but since that's not a thing we have to string together two different things and it ends up being a little weird because when your computer goes to look up google.com it'll have to check first the local pi hole and then the steam cache and then your isp's dns server and then one farther out on the internet this introduces a lot of potential for dns to break and so i want to show you dns benchmarking first without this video getting overly long because i don't want a whole separate other video about dns but suffice it to say on windows pretty much the best dns benchmarking utility is dns bench which is freeware from grc steve gibson you might have heard that name before it's a really smart guy works on a lot of stuff but dns benchmark is a great windows gui for doing this kind of thing google themselves actually came out with a utility called name bench which is for the cli you can get binaries for that for windows mac os and linux there's some replacements for name bench you can just google name bench replacement because it's been like eight years since google updated that and what those programs do is they run a bunch of dns queries against the uh public list of resolvers you know google provides some public dns in case your isp is that level of trash uh mci sprint link there's a whole bunch of free dns servers that provide the service because they're able to sort of look at what you do and harvest traffic and say oh there's a lot of people that are going to google and bing maps and you know whatever and maybe there's some marketing data that can be sold there based on dns lookups so this will run benchmarks against a whole bunch of them you should definitely customize this list and add your isps dns servers to this list as well as other ips around it that may re respond to your queries not any dns server will respond to any query from any ip address if you just you know use an arbitrary name server's ip address and it doesn't trust your ip address it may just ignore you or it may work for a little while and then you'll get blocked so uh there's some caveats there's some gotchas but you absolutely need to be able to measure your dns latency in order to understand the effect that you're having on the network so in the graph here it's showing us some different colors and uh response time the bigger the green bar the worse it is you want to check the check box that puts the fastest at the top because the fastest at the top is what you want sprint link level three ultra dns cloud flare open dns google and quad 9 those are just some of the the free dns providers but this is by no means comprehensive and in fact you definitely shouldn't run with this list you should try to add your isps dns servers in here and maybe their isps dns servers because hey if your isp uses sprint link or level 3 you might be able to use their dns servers and they might be faster than your isps dns servers you just have to check it may very well be that your isps dns servers aren't very good and adding steam cache plus pi hole to your network doesn't really make any negligible difference however there are some people that will run pie hole on a raspberry pi and there's nothing wrong with that but my network is kind of big there's a lot of dns traffic and a raspberry pi doesn't really respond fast enough compared to something that's like an air fire breathing forbidden router with its you know epic f series cpus so it would uh negatively impact my performance to use a raspberry pi because a raspberry pi can't service those dns requests in microseconds which is what i want i want that snappy awesomeness i also want kind of a large cache because well it makes things go faster steve gibson's dns benchmarking utility is great because it walks you through all this and if you read it it tells you everything that i just told you it so it'll sort of walk you through it it's really good at the command line interface you don't necessarily get that level of hand holding but i told you everything you needed to know you're gonna have to dot the eyes across the t's come to the level one forums if you get stuck but this is something you should know before embarking on configuring the dns hierarchy oh and if you're really precocious and you set up a windows home network with active directory it turns out your active directory controllers also want to be your dns servers so if you're thinking about implementing this on your homeland or you've got a small business server or something with active directory or azure active directory uh the dns settings matter a whole bunch but uh yeah we don't need to worry about that for this video all we need to do get our virtual machine set up get our containers set up on the virtual machine for pi hole and steam cache and we're off to the races but this is everything you need to know about dns in about 10 minutes so now that you've got a cursory understanding of dns and how important it is for your network and you understand what's going on here we will set up steam cache as sort of the first thing and then steam caches upstream dns server will be pi hole so when your computers do a dns lookup they'll hit the container for steam cache first and then see if there's anything oh is this a steam related request no okay we'll travel up the hierarchy and then we'll go up the hierarchy to your isp's dns server or whatever dns server you found is actually faster using your dns benchmarking utilities you gotta figure out which dns server is faster because we're sort of chaining these things together and yes technically it would be better if we had a single dns server that combined the lan cache capabilities with pihole uh one would only hope that pihul the pilot people do a plugin or an extension system or something so that we can bring in that list of dns ip addresses that need to be redirected to the local lan cache monolithic if you look into the docker compose file for lan cache it's actually two containers one for dns and one for proxying the files now for my setup i'm still working on this rack mount system look it's just splayed out all over the desk here i'm gonna do another video with the actual physical hardware build i'm hoping that we end up with an enormous amount of flash maybe some mechanical storage but depending on what your parameters are is how much you want to cache and you you probably do want to cache two three four 20 terabytes of games on steam so that when you go to download those games it's going to be really fast and don't worry it'll catch the updates and everything else but you have to configure that through the container file um that's posted on the level one forum and it walks you through doing that in portainer so as you go through the portain or gui it's really not complicated so at the end of the day when you're done in the xcpng interface we've got the alma linux 8 virtual machine and then we've got the portainer web gui which shows we're running pi hole land cache monolithic lan cache dns and then the container for portainer itself we're running pertainer in the container isn't that really cool the links for lancashire monolithic don't do anything because it's expecting outbound http request because it's a proxy so there's not really a web gui for the lan cache part of it but if you want to verify that it's working you can go to the console and run tail dash f on the logs and see if you're getting hits and misses on the cache a hit means that it came from local and a miss means that it missed that it has to go to the internet and get it and the pothole web gui will show you what sort of dns traffic it's seeing and and what ads it's blocked and all of that sort of stuff currently there's 143 000 domains on the ad list oh the ad networks have been busy fine hole is a community project and they do have a donate link at the bottom that i'll call attention to if you try this and your mind is blown about how much better your internet experience is because you're blocking a lot of ad scripts and trackers and things like that definitely send potholes some money because hey that's the thing there's another aspect of that in that some creators get paid via ads but the risk of malware and the stewardship of how well those ads are taken care of is maybe a conversation for another day and hey sometimes in these videos we make in a sponsor spot and this is not going to i'm not going to do anything with that obviously it's just the random other crap it's not really the anti-ad part of this that i'm interested in it's more ads is a vector for malware and basically shutting that down before it has a chance to take over and for that this is amazing and there you have it that's pretty much all there is to it you do want to set this virtual machine to start automatically and you do want to reconfigure pf pfsense your dhcp server probably to hand out the ip address that you set of the container of the steam cache or lan cache container in your dhcp server because your dhcp server is what your computers use to automatically know what settings to use on the network and so in the dhcp server you can configure the ipedas now normally pf sense sets itself and it's got a little cache and then it'll use whatever dns servers your isp gave you but if you do the dns benchmarks you may find that your your isps dns is basically garbage like i was saying and so you'll want to use something that's faster there's no there's no real downside for that except that the person that you're using for dns traffic you can see your dns queries and it's also a little bit of a wild card with something like firefox because firefox will do dns over http and so those queries may not actually go through pi hole you might have to turn off dns over http if you want pi hole to do the filtering because that is a different mechanism and works a little differently and again if you get lost or there's i'm speaking some kind of crazy moon language come to the level one forum and i'll try to help you but generally this is pretty good and pertainer is a really slick gui for managing docker you don't have to drop the command line and copy paste do all this other kind of stuff it just works generally and that's really really awesome plus also being able to download your steam games that you've got cached at basically wire speed as fast as you would copy them off an ass also very nice without having to think about it it just works and not just steam epic and a whole bunch of other things you can check the level one guy there's a little block there that shows you exactly what it does but i'm window this is level one this has been the forbidden router part two part three we're gonna put it in a nice little physical package because like i say it's just splayed out all over the desk you can hear it in the background it doesn't have a case it doesn't have a body it's just laying there on the desk i'm older this is level one i'm signing out you can find me in the level one forums [Music] you
Info
Channel: Level1Techs
Views: 48,024
Rating: undefined out of 5
Keywords: technology, science, design, ux, computers, hardware, software, programming, level1, l1, level one
Id: MBY_QNN3owc
Channel Id: undefined
Length: 18min 48sec (1128 seconds)
Published: Thu Jun 09 2022
Related Videos
Level1 Presents: THE FORBIDDEN ROUTER PART III - THE FINAL CHAPTER
Level1Techs
27K
Level1 Presents: THE FORBIDDEN ROUTER
Level1Techs
140K
You're running Pi-Hole wrong! Setting up your own Recursive DNS Server!
Craft Computing
1.2M
I hope you don't need internet.... - PfSense Router Update
Linus Tech Tips
2.4M
What Is ZFS?: A Brief Primer
Level1Linux
195K
XCP-ng: A Different Kind of Virtualization Platform?
Level1Linux
95K
SON OF THE FORBIDDEN ROUTER! How to Build a Blazing Fast Router on a Budget
Level1Techs
106K
45 Drives HomeLab HL 15: Why the Chassis is Important
Level1Techs
74K
I ditched my Raspberry Pi for this
NetworkChuck
472K
Some Off-Label Uses for Small Form Factor Machines
Level1Techs
51K
The Ideal Home Server! Is it Possible?
Level1Techs
227K
Home Server Hardware Round-Up
Level1Techs
157K
The ULTIMATE Raspberry Pi 5 NAS
Jeff Geerling
1.6M
Exploring Nutanix from a VMware User's Perspective
2GuysTek
30K
The Petabyte Pi Project
Jeff Geerling
2.2M
Reliving the Dial-Up Internet Experience in 2020
Gough Lui
533K
NSA Backdoor in Windows? This and more from the guy who created Windows Task Manager!
David Bombal
453K
Better than Disney+: Jellyfin on my NAS
Jeff Geerling
1.1M
Getting the Most Performance out of TrueNAS and ZFS
Techno Tim
75K
What's On My Home Server? Storage, OS, Media, Provisioning, Automation
Wolfgang's Channel
1.1M
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.