Homelab Update - June 2025

It's been quite some time since I posted anything to my blog that wasn't a monthly lifenotes post so I figure it was about time.

This isn't a technical update and any sort of configuration guide, it's a quick post with an update on the state of play.

As I've mentioned before, I'm trying to clean up the mess of our homelab servers to make things easier to understand and manage. One of the tools I've been using for that is Ansible. I'm defining as much as possible using Ansible playbooks so I can repeat the process with multiple machines reliably and if I have to rebuild a server it should be simply a case of running the playbook again. But, I'm also not a programmer of any sort and so it takes me a while to wrap my head around the tasks I needed to perform and so as is often the case, I just procrastinated, until this week.

This week I'm home alone as Mrs P is down at her companies head office for a few days so that means I have a bit of a maintenance window where I can break things and not get in too much trouble. So I began...

Job one is to replace my piHole server with Unbound and NSD running on a pair of OpenBSD VM, one on each of my Proxmox hosts. Why did I choose these tools? Simply because they are included in the base OpenBSD installation and as they are also managed by plain text files (as is the BSD way) I should be able to automate the process with Ansible. Well dear reader, that's how this week started but it was not plain sailing. In fact, I'm still unsure how the heck to get reverse DNS working as neither the IPv6 or legacy IP reverse zones appear to be working, but I've put them on hold for now and I'm focussing on the regular forward DNS. Having completely misunderstood that if you don't enable "remote control" in nsd, you can't even run local reload/restart commands on the server itself, I spent a lot of time rebooting the entire servers between config updates, like a caveman. But, that's now fixed.

I've partly got a script running that pulls in the same DNS blocklist I was using on piHole and formats it for Unbound to use. I say partly because the list was empty this morning so something is still screwed up somewhere. However, having switched a few of the home VLAN's over to the new servers I noticed that the performance it just amazing. I had thought that with piHole filtering out the bad stuff, websites and apps were hanging waiting to retrive things until they failed and continued to load the pages but even with the block lisk in place on the new servers the performance of many sites and services is amazing. It "feels" like an order or magniture faster. Now I want to be clear, I'm not crapping on piHole here, it's a fantastic application but I suspect my elderly Pi 3B+ is just showing its age.

Lastly, for this update at least, I was prompted to take a look at IPv6 DNS resolution. We have a mix of Android devices, IoT stuffs and Windows laptops (for the $dayjob) at home and I remember Windows being finicky about DNS on IPv6 and not using the DNS records provided in the IPv6 Router Announcements (like Andoid devices do) and that I needed DHCPv6 running. I've looked at this before but for some reason never took the plunge. Well, on pfSense, our home router, it took me 5 minutes. Enable DHCPv6 for the VLAN, put in a min and max allowed IP (I used the whole prefix), add the DNS servers, click save and apply. Then hop to the router advertisments for the VLAN and switch it to "Stateless DHCP" which pfSense describes in the help text as "Will advertise this router with SLAAC and other configuration information available via DHCPv6". A soon as I clicked save I noticed my Windows laptop was showing the IPv6 DNS servers in ipconfig and it started sending DNS requets over IPv6. Cool.

Anyway, that's enough for now. Just wanted to get a quick update out. I might sit down and document the setup process for Unbound / NSD if I get chance and motivation. Maybe.