jazzymc/infrastructure
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update DNS to Quad9 DoH, add port utilization diagrams
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details

Browse Source 
- Both AdGuard instances now use Quad9 DoH (dns.quad9.net)
- Bootstrap DNS: 9.9.9.9, 149.112.112.112
- New 02-PORT-UTILIZATION.md with ASCII diagrams for all devices
- Fixed Tailscale container DNS and route configuration

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
XTRM-Unraid
2026-01-25 19:12:35 +02:00
parent 4f5f9e786d
commit ec75bee323
3 changed files with 217 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

192
docs/02-PORT-UTILIZATION.md Normal file
View File

@@ -0,0 +1,192 @@
# Device Port Utilization
**Last Updated:** 2026-01-25
**Legend:** 🟢 Connected | ⚪ Enabled/No Link | 🔘 Disabled | 🩷 High Speed (≥2.5G)
---
## HAP1 | MikroTik hAP ax³ (192.168.31.1)
```
┌─────────────────────────────────────────────────────────┐
│ MikroTik hAP ax³ │
│ ┌─────┬─────┬─────┬─────┬─────┐ │
│ │ H-1 │ H-2 │ H-3 │ H-4 │ H-5 │ RJ45 Ports │
│ │ 🟢 │ 🟢 │ 🟢 │ 🩷 │ 🔘 │ │
│ │ WAN │ CAP │ CSS │ ZX1 │ - │ │
│ │ 1G │ 1G │ 1G │2.5G │ - │ │
│ └─────┴─────┴─────┴─────┴─────┘ │
│ WiFi: 🟢 wifi1 (5GHz) 🟢 wifi2 (2.4GHz) │
└─────────────────────────────────────────────────────────┘
Connections:
H-1 → Vivacom ONT (WAN)
H-2 → cAP XL ac via PP1
H-3 → CSS326 Port1 (trunk)
H-4 → ZX1 Port1 (2.5G trunk)
H-5 → (unused)
```
---
## CSS1 | MikroTik CSS326-24G-2S+ (192.168.31.9)
```
┌───────────────────────────────────────────────────────────────────────────┐
│ MikroTik CSS326-24G-2S+ 24x 1G + 2x 10G SFP+│
│ │
│ ┌────┬────┬────┬────┬────┬────┬────┬────┬────┬────┬────┬────┐ │
│ │ 1 │ 3 │ 5 │ 7 │ 9 │ 11 │ 13 │ 15 │ 17 │ 19 │ 21 │ 23 │ (odd) │
│ │ 🟢 │ ⚪ │ 🔘 │ 🔘 │ 🔘 │ 🔘 │ 🔘 │ 🔘 │ ⚪ │ ⚪ │ 🟢 │ ⚪ │ │
│ ├────┼────┼────┼────┼────┼────┼────┼────┼────┼────┼────┼────┤ │
│ │ 2 │ 4 │ 6 │ 8 │ 10 │ 12 │ 14 │ 16 │ 18 │ 20 │ 22 │ 24 │ (even) │
│ │ 🟢 │ 🔘 │ 🔘 │ 🔘 │ 🔘 │ 🔘 │ 🔘 │ 🔘 │ ⚪ │ 🟢 │ ⚪ │ 🟢 │ │
│ └────┴────┴────┴────┴────┴────┴────┴────┴────┴────┴────┴────┘ │
│ │
│ SFP+ Ports: ┌──────┬──────┐ │
│ │ SFP1 │ SFP2 │ │
│ │ 🔘 │ 🔘 │ (10G capable, disabled) │
│ └──────┴──────┘ │
└───────────────────────────────────────────────────────────────────────────┘
Port Details:
Port1 🟢 1G HAPax3-H3 Trunk to router
Port2 🟢 100M NanoKVM-E1 Remote KVM
Port3 ⚪ - (enabled) Available
Port4-16 🔘 (disabled) Unused
Port17 ⚪ - PP1-17-B2 Boys Room outlet 2
Port18 ⚪ - PP1-18-B1 Boys Room outlet 1
Port19 ⚪ - PP1-19-M1 Main Bedroom outlet 1
Port20 🟢 1G PP1-20-M2 Main Bedroom outlet 2 (Notebook)
Port21 🟢 100M PP1-21-M3 Main Bedroom outlet 3 (Dell)
Port22 ⚪ - PP1-22-L1 Living Room outlet 1
Port23 ⚪ - PP1-23-L2 Living Room outlet 2
Port24 🟢 100M PP1-24-L3 Living Room outlet 3
SFP1 🔘 - ZX-SW-SFP-1 (reserved for 10G link)
SFP2 🔘 - (disabled) Unused
```
---
## ZX1 | ZX-SWTGW218AS (192.168.31.7)
```
┌─────────────────────────────────────────────────────────┐
│ ZX-SWTGW218AS 8x 2.5G + 2x 10G │
│ │
│ 2.5G RJ45: ┌────┬────┬────┬────┬────┬────┬────┬────┐ │
│ │ 1 │ 2 │ 3 │ 4 │ 5 │ 6 │ 7 │ 8 │ │
│ │ 🩷 │ 🩷 │ 🩷 │ 🔘 │ 🔘 │ 🔘 │ 🔘 │ 🔘 │ │
│ └────┴────┴────┴────┴────┴────┴────┴────┘ │
│ │
│ 10G SFP+: ┌──────┬──────┐ │
│ │ SFP1 │ SFP2 │ │
│ │ 🩷 │ 🔘 │ │
│ └──────┴──────┘ │
└─────────────────────────────────────────────────────────┘
Port Details:
Port1 🩷 2.5G HAP1 H-4 Trunk to router
Port2 🩷 2.5G XTRM-U bond Server NIC 1 (via PP2)
Port3 🩷 2.5G XTRM-U bond Server NIC 2 (via PP2)
Port4-8 🔘 (disabled) Unused
SFP1 🩷 10G CSS326-SFP1 10G backbone (DAC)
SFP2 🔘 - (disabled) Unused
```
---
## PP1 | 19" 24-Port Patch Panel
```
┌─────────────────────────────────────────────────────────────────────────────┐
│ 19" Patch Panel - Room Connections │
│ │
│ ┌────┬────┬────┬────┬────┬────┬────┬────┬────┬────┬────┬────┐ │
│ │ 1 │ 3 │ 5 │ 7 │ 9 │ 11 │ 13 │ 15 │ 17 │ 19 │ 21 │ 23 │ (odd) │
│ │ 🔘 │ 🔘 │ 🔘 │ 🔘 │ 🔘 │ 🔘 │ 🔘 │ 🔘 │ ⚪ │ ⚪ │ 🟢 │ ⚪ │ │
│ ├────┼────┼────┼────┼────┼────┼────┼────┼────┼────┼────┼────┤ │
│ │ 2 │ 4 │ 6 │ 8 │ 10 │ 12 │ 14 │ 16 │ 18 │ 20 │ 22 │ 24 │ (even) │
│ │ 🔘 │ 🔘 │ 🔘 │ 🔘 │ 🔘 │ 🔘 │ 🔘 │ 🔘 │ ⚪ │ 🟢 │ ⚪ │ 🟢 │ │
│ └────┴────┴────┴────┴────┴────┴────┴────┴────┴────┴────┴────┘ │
└─────────────────────────────────────────────────────────────────────────────┘
Room Mapping (PP1 → CSS1):
PP1-17 ↔ CSS1-17 Boys Room B2
PP1-18 ↔ CSS1-18 Boys Room B1
PP1-19 ↔ CSS1-19 Main Bedroom M1
PP1-20 ↔ CSS1-20 Main Bedroom M2 (Notebook) 🟢
PP1-21 ↔ CSS1-21 Main Bedroom M3 (Dell) 🟢
PP1-22 ↔ CSS1-22 Living Room L1
PP1-23 ↔ CSS1-23 Living Room L2
PP1-24 ↔ CSS1-24 Living Room L3 🟢
```
---
## PP2 | 10" 12-Port Patch Panel
```
┌───────────────────────────────────────────────┐
│ 10" Patch Panel - Rack Connections │
│ │
│ ┌────┬────┬────┬────┬────┬────┐ │
│ │ 1 │ 3 │ 5 │ 7 │ 9 │ 11 │ (odd) │
│ │ 🩷 │ 🔘 │ 🔘 │ 🔘 │ 🔘 │ 🔘 │ │
│ ├────┼────┼────┼────┼────┼────┤ │
│ │ 2 │ 4 │ 6 │ 8 │ 10 │ 12 │ (even) │
│ │ 🩷 │ 🔘 │ 🔘 │ 🔘 │ 🔘 │ 🔘 │ │
│ └────┴────┴────┴────┴────┴────┘ │
└───────────────────────────────────────────────┘
Connections (PP2 → ZX1 → XTRM-U):
PP2-1 ↔ ZX1-2 ↔ XTRM-U NIC1 🩷 2.5G bond
PP2-2 ↔ ZX1-3 ↔ XTRM-U NIC2 🩷 2.5G bond
```
---
## Summary Statistics
| Device | Total Ports | Connected | Enabled/NoLink | Disabled |
|--------|-------------|-----------|----------------|----------|
| HAP1 | 5 + 2 WiFi | 4 + 2 | 0 | 1 |
| CSS326 | 24 + 2 SFP | 5 | 7 | 14 |
| ZX1 | 8 + 2 SFP | 4 | 0 | 6 |
| **Total** | **41** | **15** | **7** | **21** |
---
## Backbone Links
```
┌─────────────────────────────────────────────────┐
│ BACKBONE TOPOLOGY │
│ │
┌────────┐ │ ┌────────┐ ┌────────┐ │
│ ONT │ ──────┼────── │ HAP1 │ ────── │ CAP │ │
│ WAN │ 1G │ H-1 │ │ H-2 1G │ WiFi │ │
└────────┘ │ └───┬────┘ └────────┘ │
│ H-3 │ H-4 │
│ 1G │ 2.5G │
│ │ │
│ ┌─────┴─────┐ │
│ │ │ │
│ ▼ ▼ │
│ ┌───────┐ ┌───────┐ │
│ │ CSS326│◄══│ ZX1 │ 10G SFP+ DAC │
│ │ 24x1G │ │8x2.5G │ │
│ └───┬───┘ └───┬───┘ │
│ │ │ │
│ │ ┌────┴────┐ │
│ │ │ 2x 2.5G │ │
│ │ │ bond │ │
│ │ └────┬────┘ │
│ │ │ │
│ ▼ ▼ │
│ ┌───────┐ ┌───────┐ │
│ │ PP1 │ │ XTRM-U│ │
│ │ Rooms │ │ Server│ │
│ └───────┘ └───────┘ │
└─────────────────────────────────────────────────┘
```

17
docs/06-CHANGELOG.md
View File

@@ -28,3 +28,20 @@
## Previous Changes
See git history for earlier changes.
## 2026-01-25 (Update 2)
### DNS Configuration
- [DNS] Updated both AdGuard instances to use Quad9 DoH
- [DNS] MikroTik AdGuard: upstream=https://dns.quad9.net/dns-query
- [DNS] Unraid AdGuard: upstream=https://dns.quad9.net/dns-query
- [DNS] Bootstrap DNS: 9.9.9.9, 149.112.112.112
### Containers
- [CONTAINER] Fixed Tailscale container authentication
- [CONTAINER] Tailscale DNS changed from 8.8.8.8 to 172.17.0.1,1.1.1.1 (fallback)
- [CONTAINER] Tailscale route fixed: 100.64.0.0/10 → 172.17.0.3
### Documentation
- [DOCS] Created 02-PORT-UTILIZATION.md with ASCII port diagrams
- [DOCS] Updated 09-MIKROTIK-ADGUARD-DOT-DOH.md with Quad9 DoH config

16
docs/09-MIKROTIK-ADGUARD-DOT-DOH.md
View File

@@ -43,9 +43,9 @@ Single DNS endpoint for both internal and external clients with ad blocking and
│ ▼ │
│ Upstream DNS │
│ ┌──────────────────┐ │
│ │ 192.168.31.4 │ ◄── Unraid AdGuard (primary)
│ │ 8.8.8.8 │ ◄── Google (fallback)
│ │ 1.1.1.1 │ ◄── Cloudflare (fallback)
│ │ Quad9 DoH │ ◄── dns.quad9.net/dns-query
│ │ 9.9.9.9 │ ◄── Quad9 bootstrap
│ │ 149.112.112.112 │ ◄── Quad9 secondary
│ └──────────────────┘ │
└─────────────────────────────────────────────────────────────────────┘
@@ -189,13 +189,13 @@ chain=forward action=accept src-address=172.17.0.0/24
- **Web UI:** http://192.168.31.1:3000
### Upstream DNS
1. 192.168.31.4 (Unraid AdGuard - primary, has filter lists)
2. 8.8.8.8 (Google - fallback)
3. 1.1.1.1 (Cloudflare - fallback)
1. https://dns.quad9.net/dns-query (Quad9 DoH - malware blocking)
2. 9.9.9.9 (Quad9 bootstrap)
3. 149.112.112.112 (Quad9 bootstrap secondary)
### Bootstrap DNS
- 8.8.8.8
- 1.1.1.1
- 9.9.9.9
- 149.112.112.112
## Usage