What's at the Other End of 8.8.8.8?

8.8.8.8 is Google’s “free, global DNS resolution service”, so popular that it’s been lampooned by XKCD. It has a wonderfully straightforward front-end: the IP address 8.8.8.8. But that begs the question: what’s on the back-end? Do the authoritative nameservers receive queries from 8.8.8.8 or some other IP address? Spoiler: the queries don’t originate from 8.8.8.8; instead, the queries originate from a range of IP addresses, some IPv4, some IPv6. Testing 8.8.8.8 To see how 8.8.8.8 queries authoritative nameservers, I need an authoritative nameserver. Luckily, I happen to be in possession of such a nameserver (well, four such nameservers). ...

September 2, 2025 · 4 min · Brian Cunnie

Debugging the vSphere API via the BOSH vSphere CPI from Your Workstation

This Blog Post Is Not For You This blog post is directed towards people who are working with the BOSH vSphere CPI (Cloud Provider Interface), which is not you. There are more interesting things to read. If you want suggestions, try Ulysses by Sir Alfred Lord Tennyson, a poem about an aged hero seeking to recapture his adventures of youth. Challenge: Extending the Size of the Root Disk I’d like to extend the size of the root partition, but it’s a challenge: if I don’t make exactly the correct vSphere API calls, my changes will fail, and the feedback loop is slow (hot-patching a BOSH Director and then running a deploy takes at least 5 minutes each attempt). ...

January 1, 2024 · 4 min · Brian Cunnie

How to Install a TLS Certificate on NSX 4.1

If you don’t like seeing the “Your connection is not private” or “Warning: Potential Security Risk Ahead” when you browse to your NSX Manager, then you may want to install a TLS certificate from a commercial CA (Certificate Authority). This post tells you how. This NSX manager has a certificate from issued from Sectigo. Note that the padlock in the address bar shows no warning and the certificate’s chain-of-trust can be examined. ...

July 2, 2023 · 6 min · Brian Cunnie

On-premise is Almost Four Times Cheaper * than the Cloud

* If you don’t count the amount of time spent maintaining the on-premise equipment. Abstract My 48-VM (virtual machine) homelab configuration costs me approximately $430/month in hardware, electricity, virtualization software, and internet, but an equivalent configuration on AWS (Amazon Web Services) would cost $1,660/month (almost four times as expensive)! Disclosures: I work for VMware, which sells on-premise virtualization software (i.e. vSphere). I didn’t put a dollar value on the time spent maintaining on-premise because I had a hard time assigning a dollar value. For one thing, I don’t track how much time I spend maintaining my on-premise equipment. For another, I enjoy maintaining on-premise equipment, so it doesn’t feel like work. Shortcomings of On-Premise Time and Effort: Before you leap into on-premise, you need to ask yourself the following, “Am I interested, and do I have the time, to maintain my own infrastructure?” If you like swapping out broken hard drives, troubleshooting failed power supplies, creating VLANs, building firewalls, configuring backups, and flashing BIOS—if you like getting your hands dirty—then on-premise is for you. Only one IPv4 address: This is a big drawback. Who gets the sole IPv4 (73.189.219.4) address’s HTTPS port—the Kubernetes cluster or the Cloud Foundry foundation? In my case, the Cloud Foundry foundation won that battle. On the IPv6 front there’s no scarcity: Xfinity has allocated me 2601:646💯69f0/60 (eight /64 subnets!). Poor upload speed: Although my Xfinity download speed at 1.4 Gbps can rival the cloud VMs’, the anemic 40 Mbps upload speed can’t. I don’t host large files on my on-premise home lab. This may not be a problem if your internet connection has symmetric speeds (e.g. fiber). Scalability: I can’t easily scale up my home lab. For example, my 15 amp outlet won’t support more than what it already has (2 ESXi hosts, 1 TrueNAS ZFS fileserver, two switches, an access point, a printer). Similarly, my modestly-sized San Francisco apartment’s closet doesn’t have room to accommodate additional hardware. Widespread outages: When I upgraded my TrueNAS ZFS fileserver that supports the VMs, I had to power-off every single VM. Only then could I safely upgrade the fileserver. Ground-up Rebuilds: One time I made the mistake of not powering down my 48 VMs before rebooting my fileserver, and I spent a significant portion of my winter break recovering corrupted VMs (re-installing vCenter, rebuilding my Unifi console from scratch). How I Calculated the AWS Costs First, I pulled a list of my VMs and their hardware configuration (number of CPUs (cores), amount of RAM (Random Access Memory)) I used the following govc command: ...

January 4, 2023 · 7 min · Brian Cunnie

The Least Secure Way to Back Up vCenter 8.0 with TrueNAS 13.0

We’re going to set up automated backups for a vCenter which we were forced to rebuild over the winter break because the unexpected reboot of the file server hosting the iSCSI datastore backing the vCenter’s disk drive caused unrecoverable database corruption, and we had no backups. Log into your TrueNAS server via its web interface, e.g. https://nas.nono.io Browse to “Services” Start FTP (by toggling the “Running” slider) and configure it to start automatically Remember to start the FTP service and configure it to start automatically. Once that’s done, you can configure it by clicking on the ✎ icon in the Actions column. ...

January 2, 2023 · 2 min · Brian Cunnie