Tailscale DNS Updater

One of the very few things that irritates me about TailScale is that it uses ULA addressing and doesn’t allow for custom address block definitions (i.e., I can’t use my own GUA block). While this is definitely a “me problem”, it is something that is irksome to me nonetheless. So, in order to get access to my systems over TailScale, over IPv6, I created this python script to grab the v6 addresses and put them into a format conducive to, say, an internal BIND view, or pihole (v5).

Python IPv6 Subnet Planner

IPv6 address planning can be a trial-and-error endeavor. There are useful tools for subnetting, but I couldn;t find anything that would just take a prefix, subnet length, and provide a simple list of the prefixes. (Now, this does exist, and I just simply missed it). I wrote some really simple python that does a few things: Accepts an IPv6 prefix and a new prefix length to generate subnet allocations.

Scripting URL normalization and resolution

From time to time most network and / or security engineers will need to normalize the output of a set of URLs to either IP literals or a formatted list of DNS names. This can be particularly useful for feeding intelligence feeds or creating block/allow lists. There are probably 10,000 other scripts to do this, but this one is mine. Potential use cases: Building custom pihole block / allow lists Building intelligence feeds Creating ACL lists Creating feeds for BGP filters Probably other stuff Benefits / Features

Useful .zshrc formulas for network engineers

Useful .zshrc formulas for network engineers mac will take a MAC address input and provide multiple formats for use on differing systems mac() { if [[ -z "$1" ]]; then echo "Usage: format_mac <MAC>" return 1 fi # Remove all non-hex characters mac=$(echo "$1" | tr -d ':-.') if [[ ${#mac} -ne 12 ]]; then echo "Invalid MAC address format." return 1 fi # Standard colon-separated format (AA:BB:CC:DD:EE:FF) mac_colon=$(echo "$mac" | sed 's/\(.

Cloudflare tunnel for IPv6 only connectivity

Cloudflare offers a powerful tunneling service that allows for a host on a private network to expose a service but retain protection using cloudflares’ powerful CDN tools. At the time of this post that service is a legacy IP first service, but with one minor tweak it can operate with IPv6-only hosts. Meaning one can provision an IPv6-only host, but provide a dual stacked service. If that sounds powerful, that’s because it is.

Mikrotik Winbox linux .desktop file

A minor annoyance, but the linux version of Mikrotik winbox, while possibly the best network interface GUI around, has some quirks. If you want the icons to look correct, do the following (via Jerald Worthington) This file assumes that the .zip from MikroTik is extracted to /opt/WinBox If putting in another location, edit the Exec= and Icon= to match the correct locations Place the WinBox.desktop file in /usr/share/applications Create a symlink in /usr/local/bin to point to /opt/WinBox/WinBox (or wherever you extract the file to) Then whenever you launch from the Application launcher it’ll show the proper icon in the dock.

It’s always MTU, unless it’s DNS

One of the most common questions I hear from small and even medium sized ISPs is “why should I run my own DNS resolver(s)?” The perception that DNS is hard, complicated, or even unnecessary is often cited as a reason to just farm it out to one of the “free” anycast resolver services available across the internet. Now, there are many reasons to be wary of DNS, both from the professional and the consumer side - it is a huge treasure trove of personal information about behavior, and is easily monitized by entities large enough to consume and process it.