Happy New Year!

Recently, I learned about a thing called ‘Catalog Zones’. A relatively new thing in DNS that helps simplify your DNS architecture. A Catalog Zones contains one or more ‘real’ zones. And it can be useful for configuring slave / secondary DNS servers.

(I would rather not get into the naming thing; I just want people to understand what I am writing.)

Before catalog zones, you had to provision each new zone to your slave DNS servers. Updates are no problem, most of the time. Just issue a NOTIFY and your slaves will AXFR the zone from the master. But configuring new zones onto slaves used to be a pain (unless you were using the superslave feature).

TL;DR (lawyers hired by) Odido is threatening to sue me over a joke.

Introduction and background

At the beginning of 2024, I launched a new website: heeftodidoalipv6.nl (translated: ‘does odido have ipv6 already?’).

The website would display a big fat ‘Nee, Helaas! (No, unfortunatley!)’ together with links to competitor ISPs in the Netherlands for every word in their slogan ‘Het kan ook zo’.

This website was meant as a joke and a message to Odido. It’s time to deploy IPv6. And Odido is not only very, very late; they also haven’t communicated about their roadmap in the slightest. Everyone benefits when the world switches to IPv6, so why is it so hard? Everyone has had enough time.

The internet, it’s a series of tubes! Right? It’s a bunch of magic that you pay a company you don’t respect very much to handle.

Most of you know that what we call ’the internet’ is just a ‘bunch’ of networks connected to eachother. Your ISP has a connection with Google, and that’s how you can search and watch YouTube. It also has a connection to Amazon, Apple, and.. even the network that this website is hosted on.

Some say it couldn’t be done, I’d like to prove you otherwise.

I recently did a project where the combination from the title would come in handy. A secure VPN server that uses an existing Windows Active Directory setup.

After everything is setup. You have an OpenVPN server that authenticates using Active Directory and requires a TOTP token, all running on OPNsense

Alright, let’s get to work! First, go to System > Access > Servers and click Add. Use the following info, replace data to fit your enviroment.