DHCP-DNS on a PiHole

So now is the time to start putting in a PiHole to control DNS access.  All along I have been thinking of constraining the dns connections from the IOT equipment.  There are times when equipment will attempt to get it’s DNS ip addresses through a hard coded IP address.  What I want to do is force the DNS access through the PiHole and have the PiHole get its DNS addresses via DNSSEC to either 1.1.1.1 or 9.9.9.9.  That way I have the PiHole restricting the trackers and the DNSSEC servers to provide restriction from known bad addresses, whether web or ip.  Since I have moved the IOT equipment to one of the Edgerouter-Xs, I should be able to control the DNS access through some judicious ACL setups.  Should be interesting.

First of all the PiHole is put into the IOT lan subnet, and the ER-X then uses the PiHole as both DHCP and DNS services.  I will setup the ER-X to force any DNS service connections to go through the PiHole (https://community.ui.com/questions/Intercepting-and-Re-Directing-DNS-Queries/cd0a248d-ca54-4d16-84c6-a5ade3dc3272 and https://benninger.ca/posts/force-dns-go-through-pihole/ and https://www.myhelpfulguides.com/2018/07/30/redirect-hard-coded-dns-to-pi-hole-using-edgerouter-x/ ).  Since I know all of the equipment in my network, including the IOT network, I will force IP addresses where I want them through Static assignment (TBD).  In addition, I am going to restrict Bonjour access throughout the ER-X lan subnet (TBD).  I will of course restrict changes to the ER-X through my Admin vlan and not through the IOT vlan (TBD).  Anyway that is the idea at the moment.  Time will tell how well this works.

Tips #5 - Alignment 101 on a 3D Printer

After I purchased my Hictop Prusa i3 Clone four years ago, I went through a very trying time attempting to discover what things were going wrong with the printer.  It seemed like I got excellent prints, then there was a disaster, something out of kilter, or even an indication that squares weren't square anymore.  The more I fiddled, the more I discovered some unwritten rules of keeping a 3D printer up to date, at least in alignments.  So here are some tips for making better use of time between issues that arise (note that these items are for Reprap style printers, like the Prusa i3, but the principles are the same with most printers):

Assumptions:

1. Get used to the idea that you will have to re-align the printer every so many prints, even with an auto-leveler
2. Over time the correction adjusters will come loose because of shaking and general acceleration of parts
3. The same shaking will cause corners and cams to come loose
4. Belts do not stay perpetually tight
5. Mechanical stuff will wear out and will need replacing

Rules:

1. Make sure the printer is off, it makes it easier to move things around without having to disable the stepper motors.
2. Start by making sure that all of your 3D printer corners are exactly square.  You may think that you have a 90 degree corner but unless it is measured to be 90 degrees, it is not.  If the corners are not aligned, you will not see a rectangle on prints, you will see a rhomboid, and if it is really bad a trapezoid.
3. First and foremost after squaring the printer, make sure that all bolts are tightened on the printer
4. Make sure that all belts are tight and that the cams are on the stepper motors correctly (usually by having the set screw on the flat portion of the spindle); make sure all cam set screws are tight.
5. Check the movement of the belts as they are moved back and forth.  What you are looking for here is making sure that the belt moves easily without binding, or rubbing on anything; especially important for the X and Y axis belts.
6. Clamp the printer structure to its surface to prevent shaking that might cause the printer to move from its location.
7. Now we start aligning stuff.  Start by making sure the printer structure itself is level in the XY plane, use a level - I prefer a magnetic level and sometimes use a circular level.  You would be surprised to find that most surfaces are not level.  Sometimes some wooden shims are needed to get it level on a table or bench surface.
8. Once the structure is level, level the print bed (moves in the Y axis direction) using the adjustment screws on all four corners.  You need to have it level from corner to corner and diagonally.  I like to start in the middle of the bed checking diagonal level in both diagonals.
9. Apply blue tape if you use it to the bed.
10. Next, check the level of the X axis beam on the metal rods that the print head travels on.  If the metal rod is not level you will need to adjust the Z axis couplers on one side or the other to bring it into a level condition.  If the printer had been on you would need to unlock the stepper motors to do this.
11. Next, check the distance of the print head from the bed by adjusting the Z axis couplers on either side of the bed to bring it up or down as necessary.  I generally find that the width of a separation tool is enough, others like the width of a piece of paper.
12. Recheck the X axis level after changing the Z axis couplers.
13. Turn on the printer.
14. Adjust the auto-leveler so that it just comes on with the present settings.
15. Attempt an auto home. Recheck the distance of the print head from the bed.  If adjustment is needed, unlock the stepper motors prior to moving the Z axis couplers and readjust auto-leveler as per #11 and #14.  Repeat until the distance of the print head is acceptable.
16. At this point you are as aligned as you can be mechanically.
17. To help keep alignment, consider lowering the maximum acceleration level and the xy jerk value; this will also serve to lower the shaking and “walking” that most printers tend to have.
18. Higher temperatures will add to misalignment due to expansion of metal parts.  So recheck alignment of the bed after a high temperature print.

Tips #4 - vlan expressions for documentation

If you have a network running through your house like I do, and have vlans as part of it, then you probably have some so called "trunk" Ethernet cables.  So how do you explain what vlans are where?  This is what I do:

• A port on a router or a switch that has an untagged vlan is noted with brackets around the vlan number like [4] for an untagged port with vlan4 present.
• When designating a "trunk" port on a router or a switch you have tagged vlans and you have a PVID assigned.  I put the PVID first, to know what vlan is used when there is no tagging, a slash, and then a T followed by a list of each of the vlans that are tagged on that port.  So it looks like [6/T4,8,88,123-124,152] for a PVID of vlan6 with tagged vlans: 4, 8, 88, 123, 124, and 152.  I still put brackets around the values to designate that these are vlans I am dealing with.  I use the dashes as a shorthand noting that this includes all of the vlan numbers in between.
• I generally like to make the "trunk" lines between switches and routers have a standard grouping of vlans.  In that way, a shorthand would be [6/T] where the tagged vlans are common across the entire network.
• When I use "trunk" lines, I like to reserve a couple of vlans for specific purposes other than normal traffic.  
• I use vlan850 as a shorthand in a switch to denote that the ports that use vlan850 are all untagged and serve as a short unmanaged switch.  I never allow vlan850 to be included in any "trunk" configurations.
• I use vlan11, always untagged, as a dead port designation.  What this means is that vlan11 does not get assigned to any "trunk" configuration and serves to simply block a port from being useful when it is not used.
• I use several vlans, for example 66 through70, as temporary patch vlans.  What this means is that I can attach an untagged port to a switch on one end of the house and an untagged port to a switch on the other end of the house and effectively have a "patch cable" in between the ports.  One caution, normally you cannot assign one end to the same port as a monitor port on a switch, at least I haven't figured out how to yet.

Tips #3 - Documentation on Networks and Vlans

As your home network grows, so does the level of confusion about what was wired up where and when.  In general, you can document what happened through a journal about changes you have made to the network.  But filtering through that journal when you are in the midst of making lots of changes will be very time consuming.  It is better to keep the information in a separate list.  Normally, devices that you have in the network will retain certain Ethernet addresses, but sometimes the wiring will change and the placement of the equipment as well.  There are four specific documents that I use to document different views of the network and provide an easier way of changing the layout as my equipment, equipment placement, wiring, etc. change over time.  In my case, I keep the four documents as notes in my CellPhone under a classification of HomeNetwork.  The four documents are:

1. Current IPs in the Network
2. Patch Panels
3. Cable Connections
4. Home Vlans

These are described below:

-- Current IPs in the Network

• The "Current IPs in the Network" and "Home Vlans" rarely if ever change.  However, if I move a piece of equipment in my network, "Patch Panels" and "Cable Connections" will be altered.  If I move a piece of equipment from one vlan to another, by definition the "Current IPs in the Network" will change, along with notations about the connections in the other documents.
• The "Current IPs in the Network" note should contain all known IPs that you have in your home network.  I have even included IPs from equipment that are connected to multiple vlans.  That way the document is all inclusive.  I also make sure that all IPs that show up in my network are known.  If it isn't on the list then I know someone has attached themselves to my network that I don't know about and I go and hunt down what it is.  Rogue pieces of equipment or IOT equipment that doesn't behave I disconnect.

-- Patch Panels

• I have already described how I label patch panels here.
• The "Patch Panels" note documents the infrastructure of the network
• The "Patch Panels" note is broken down to each patch panel with what is connected by port number on that patch panel.
• The "Patch Panels" not does not contain any information about what equipment the port connects to, i.e. with a patch cable connection from the device to the patch panel, only documentation of what connections exist.  
• There is an exception where the patch panel port actually goes directly to a device and is designed to be there consistently.  For instance, I have a PiHole in my network and that is connected behind one of my patch panels.  So for the label on that patch panel, I label the port as "PiHole", e.g. PP#3-7 is labeled PiHole so I know where the port goes to.
• I use the term "patch to" when describing the use of a patch cable at a specific patch panel.  For instance one of my patch designations at patch panel 3 port 11 is "PP#3-11 - PP#1-10".  I can usually read where the port is going by looking at the actual patch panel.
• If I have a patch cable going between ports on a given patch panel, my "Patch Panels" note will have something like this: "PP#1-10 - PP#3-11 (patch to PP#1-9)" for the designation on patch panel one port 10, and I will have "PP#1-9 - PP#2-6 (patch to PP#1-10)" for patch panel one port 9.  Note that this shows where my patch cables are and how they connect.  I can always go to the "Patch Panels" note and trace from one point to another to understand where the cable ends.
• If I move/remove the patch cable from a patch panel, then I can simply modify a couple of lines to show how things are connected.  Again, the idea is to be able to trace to the end.
• Note that I do not list any patch cables from devices that are plugged into a port on one end or the other.

-- Cable Connections

• The "Cable Connections" note is where I list the patch cable connections to devices.  It also designates a logical connection to an end point.  Normally there would be a patch cable from a device, and on the other end of the trace there would be a connection to a different device.
• The "Cable Connections" note is grouped by device which allows me to immediately find out where the device is connected by port number.
• In the "Cable Connections" note I describe on a device port where the connection ends up.  For instance, I have a connection from my main switch which is a "trunk" connection to another switch.  The way that I write it is as follows, using the last portion of the switch IP addresses:  ".119-15 - to PP#3-23 -> .118-1 [6/T]" which is a shorthand way of listing where the connection ends up, even though the actual trace through my network goes through 3 patch panels.  I can trace the physical connections through the "Patch Panels" listing and I note the vlan trunk elements (a tip on vlan nomenclature is here).  Correspondingly, I look at the port for the receiving switch and it looks like this: ".118-1 - to PP#4-X -> .119-15 [6/T]" which indicates the reverse direction.  Again, I can look through the "Patch Panels" listing and discover the physical connections through my network.

-- Home Vlans

• The "Home Vlans" note is where I give a listing of each vlan used in my network, including why I have the vlan, what DHCP server address is used, and what DNS server address(s) are used.
• The "Home Vlans" note also contains a line which lists the trunk line vlans for the normal case.

Tips #2 - Network Journal

Having been an engineer for the last 45 years, I do keep track of what I do in my network.  This includes how I wire up things and why, what I do with equipment, things that I am thinking of doing, future projects, documenting current projects, and software changes.  I use a manually maintained engineering notebook format to do this.  In my case, I call it a Network Journal.  I use the following format (based on the principle of linked lists and indexes) when documenting stuff in the Network Journal (it just works for me):

1. I always use quad ruled composition books for my notebooks.  The quad rule gives something for the eye to use when drawing diagrams.
2. Each page in the notebook needs to have a number starting from 0.  The page numbers provide an easy reference point when indexing.
3. Page 0 is reserved for a Table of Contents.
4. The title of the notebook in our case is "Network Journal".  In general, I title each notebook with the subject that the notebook contains.  If this is the second notebook in the subject, it would be titled "Network Journal 2".  Write it in ink.
5. The notebook should be individually numbered, I like to use an abbreviation of the subject, in caps, with a dash and a number.  In this case the number of the notebook would be "NETJRN-1" with "NETJRN-2" for the second notebook in the subject.  It should be written on the front of the notebook and also written across the bottom of the notebook (there should be enough space to write this when holding the pages together.  The purpose is to be able to see the number if the notebook is laid down or is stored vertically in a page sorter used for storing multiple notebooks on different subjects.
6. The rule when referencing page numbers is that if it is in the same notebook you use the page number alone.  If it references a page in a different notebook you reference the notebook number a slash and the page number in that notebook.  If I reference page 53 in the same notebook, it is "->53".  However, if I reference page 87 in a different notebook, say "NETJRN-1" then I use "->87/NETJRN-1".  In this manner I can reference things in all of my notebooks from each other.
7. One specific rule is that I never erase a page in a notebook.  I keep it for posterity, including references.
8. When I put an index on a page, I title the index drawn on a line about 3/4 of an inch below the top.  I underline the title, and put the date that I started the index in the margin to the left.  If this index is a continuation of an index, I use the same title, but reference the page that has the previous index by a back arrow ("<-page_number") with a box around it.  If this index is a lower hierarchy from the previous index, I use an up arrow curving left ("<-|page_number") to reference the page.   Note that if I continue the index to a different page, I use an arrow pointing to the page and draw a box around it - "->page_number".
9. An item to me is an individual thing that I wish to keep track of by referencing it from an index.  This could be meeting minutes if I discuss something with someone, an idea that I want to expand upon, a specific change that I am making to cabling, a new vlan and a description of its purpose, etc.  This includes text, drawings, portions of pages that have been scanned.  Each item has a title and that title should be on the same page
10. When I add an item to an index page, I put the title that I have used on the page in the notebook, put the date in the left hand column, and on the same line I point to the page that the item occurs on "->page_number".  This way I can simply look down the page and go right to the page number of the item I am interested in reviewing.
11. Likewise when items go on a page, if this is the first thing on the page - I put the topic of the index that this page refers to at the very top of the page (if it is not there already).  Note, I limit it to one index topic per page to ensure that everything on the page is of the same index topic.  If there is already some items on the page for the same topic, I draw a line across and continue after the line on the same page.  I start with the title underlined, with the date in the left hand margin, then I put an up arrow curving left ("<-|page_number") with the page of the index that refers to this item.
12. If I need to continue the item on a different page, I just put an arrow pointing to the page I am continuing on and form a box around it ("->page_number").  Then I repeat on the new page.  Note that I don't have to use the very next page, I can even go backwards if necessary.

Tips #1 - Patch Panels and Markings

In my network, I have found that the best way to maintain my understanding of how my house is wired with Ethernet is how that I document my Patch Panels.  I have a few rules that maintain a cohesiveness to this:

• Patch Panels serve to be the ends of Ethernet wires.  In general, I will not have a stray Ethernet cable coming out of a wall.
• I use keystones in all patch panels.  This gives me the choice of terminating Ethernet wires either in a punch-down keystone, or a straight through keystone which has an Ethernet female on both sides.  
• The advantage with using keystones is that they are easy to move around in a patch panel, or in the case of the straight through keystone, Ethernet connections behind them.  Normally equipment moves and cables stay put; the keystones are a way of augmenting that "staying put".
• I refer to an individual keystone as a "port" in a patch panel.  Each "port" must be numbered from 1 to the total number of ports on the patch panel.
• All patch panels in my house are numbered.  If the patch panel serves only to connect to another patch panel on the other side of the wall, I may number it with the same number but I have to use the same "port" numbers on each side.  So if I use "port" 1 on one side, then I must use "port" 1 on the other side so there is no confusion. In this case each patch panel gets the same patch panel number.  I must also ensure that the Ethernet cable is straight through.
• The full designated "port" identifier is patch_panel_number-port_number, e.g. PP#3-12 would refer to keystone (or "port") 12 on patch panel number 3.
• I use a labeler to mark each "port" on each patch panel.  When I mark a specific "port" I label it with the "port" that it connects to on the other end of the Ethernet cable.  For instance, if PP#3-12 connects to PP#1-6 then on patch panel number 1, "port" 6 would be labeled PP#3-12, and on patch panel number 3, "port" 12 would be labeled PP#1-6.  That way I always know where the Ethernet cable is connected and to what patch panel.
• If a cable is moved from one keystone to another on a patch panel, the label goes with it and I make up a new label for the port that it connects to so I am consistent.  For instance, if PP#3-12 connects to PP#1-6, and I move the Ethernet cable from port 12 to port 10 on patch panel 3, then I move the PP#1-6 label from port 12 to port 10 on patch panel 3, then I make up a new label of PP#3-10, go to patch panel 1, remove the label on port 6, and replace it with the new label of PP#3-10.  I also make note of it on any note that I have.
• Patch panels can always be used as "patch panels", i.e. I have places on patch panels that have a patch Ethernet cable between "ports" on the same patch panel.  That way, it can form one long Ethernet connection.