Blog

At the DDI roundtable last April, the conversation turned to "Negative Trust Anchors" (NTAs), as described in RFC7646. As the topic took me completely by surprise, I wasn’t able to contribute much at the time, but I resolved to look into it in more detail. Put simply, NTAs are instructions to resolvers to ignore failed DNSSEC validations for queries regarding records from specific DNS zones designated in the NTA, and to respond as if the zone were unsigned rather than returning an …

Abuse encompasses many dimensions, and because abuse always involves the use of violence against a victimized person or organization, it is difficult to speak objectively and calmly about abuse or how to address it — it is simply associated with far too much harm, and the resulting pain evokes feelings of powerlessness, anger, and hatred. In this article, I would like to discuss my work as head of the “Anti-Abuse” expert group at the eco Association. I want to write about what I have learned in …

If you have a strongSwan VPN server, is is quite easy to connect from hosts that have the strongSwan client installed. This client exists for a wide variety of operating systems and especially for the mobile platforms like Android. But sometimes you want to use the native VPN client of the OS. In this blog article I want to describe the setup of the Windows 11 native client when using certificates. The setup is not quite straight forward since authentication methods, certificate attributes and …

NetBox has powerful search and filter functions that make it possible to find objects in its managed data. These functions have long been available to scripts, API requests and automation tools such as Ansible. The only exception – and the one that hurts the most in everyday use – is the GUI. Or rather, was the GUI, because NetBox 4.5 is making a big breakthrough here. Status QuoUp to and including NetBox 4.4, the filter form for DNS records in the NetBox DNS plugin looks like this: Old DNS …

Netbox offers a variety of customisation features so help with your daily operational work. One possibility is to add Custom Links to objects as a shortcut. In this blog article I want to present two links that make life easier. First I add a ssh link to device objects, so I can open a one-click ssh console to the device. The second custom link refers to the Zabbix monitoring system. So with one click you can open the website with the recent problems for a device. The SSH Console LinkA very …

Host Target in Ansible RulebooksAnsible rulebooks add sources, a policing framework and actions to the ansible ecosystem. A data source of the type webhook can be used by remote systems to pass data to the rulebook. Rulebooks need to identify targets onto whom an action should be applied. An ansible rulebook expects you to pass this information in a meta header named hosts A normal application will not add the meta header, so the rulebooks offer filters that extract the data from within the data …

The VPN Model in netboxOne of the least used models of netbox is perhaps the VPN part. In this article I want to show a way to manage VPN configurations in netbox and to deploy configurations of the strongSwan VPN server based on the data from netbox. The VPN model in netbox follows the Cisco VPN configuration approach with proposals, profiles, and policies. If you want to build the configuration of a VPN server based on these data, you have to remodel the data from netbox to fit the structure …

From version 1.2.7, NetBox DNS offers the option of saving DNSSEC information in NetBox. The plugin provides the configuration parameters required to automate the signing of DNS zones with DNSSEC. Specific key material is not stored in NetBox, as this data can be managed more efficiently and securely by the name server. True to the motto 'eat your own dogfood', I first documented the DNSSEC configuration of my own zones, which have been managed in NetBox DNS for some time, in the same …

Integrating NetBox with Cisco IOS Configuration Management Motivation: Specific Modules or Whole Configurations?Automating network configuration updates is powerful - but risky. Especially with platforms like Cisco IOS that lack native, atomic config replacement. In this article, I will share a practical and resilient approach to managing full-device configuration from NetBox to Cisco IOS. By leveraging NetBox for config generation, ansible for secure deployments, and creatively applying the …

In the article aruba with netbox we used netbox to generate the configuration of a Aruba device from a jinja template. An ansible playbook collects the configuration and sends it to the device. But you still would have to start the playbook manually. In this last article of the series I will show you how to write an Event Driven Ansible (EDA) runbook that runs the playbook automatically. A change of the configuration of the device in netbox triggers a webhook which passes the data to the EDA. …