All Jupiter Broadcasting Shows Uptime Funk | LINUX Unplugged 651
Jan 25, 2026
They dig into DNS across LANs and mesh VPNs, explaining name resolution and multi-mesh challenges. They explore Pi-hole, Nebula/Tailscale strategies, and NACME automation for certificate onboarding. Monitoring gets attention with Uptime Kuma, Prometheus/Grafana, federated metrics, blackbox checks, and Alertmanager escalation plans. They also touch on resource trade-offs, declarative configs, and community tooling picks.
AI Snips
Chapters
Transcript
Episode notes
Multi-Layer DNS Exposure Protection
- When exposing DNS across mesh networks, bind services only to VPN interfaces and use application-level restrictions.
- Add network ACLs (iptables/nftables) as a second layer to prevent accidental public exposure.
Automate Nebula Certificate Minting
- Automate Nebula host onboarding by signing host certificates via an API key service to avoid manual key shuffling.
- Use a client that requests signed host certs before starting Nebula for smoother provisioning.
Move To Text-Driven Monitoring When Scale Grows
- Start with Uptime Kuma for simple HTTP/TCP checks, then migrate to Prometheus/Grafana when you need declarative configs and nuanced alerts.
- Prefer text-defined dashboards and exporters to avoid tedious GUI entry for many checks.