• 0 Posts
  • 6 Comments
Joined 1 year ago
cake
Cake day: June 12th, 2023

help-circle

  • You can disable cloudflare’s tls termination by setting the DNS record to DNS only. Be aware that this then bypasses their cdn, probably making things slower, and bypasses most of the security they put in place for you.

    Other cdns may or may not do similar. It’s hard to do WAF when you can’t see the traffic.

    Note that a registrar and a cdn are different things. It’s possible to remain on cloud flare for your domain registration and DNS while using a different cdn.




  • Tail scale is great but the way its magic dns works has broken my device’s Internet more than thrice. Primarily on Android (there’s a long standing bug report) but also on Linux (before I fixed the firewall). If Android is your primary device I would absolutely not recommend tail scale for ha.

    The problem is that to make magic dns work, it has to override your local dns settings, which is fine until it breaks. For example, if private DNS is enabled in Android (which it is by default) then when your phone switches networks, dns straight up doesn’t work until you toggle TS off and on. Which means your internet doesn’t work. And magic dns is “needed” to get a TS https certificate (if you have another valid cert, this is less important).

    On my Android I have private DNS on and a tasker profile to toggle TS whenever the network changes. It is not ideal.