Jump to content

cjf

  • Posts

    1887
  • Joined

  • Last visited

  • Country

    United States

2 Followers

Retained

  • Member Title
    Junior Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Hello Doc, sorry for the delay in response. At the moment I do not have a weekly reboot setup on the PFSense but I agree this should be done when possible. The past week or so has been a bit special though in that the power company is screwing around with something on the block resulting in power loss at least once a day. So, as a side effect, the PFSense has been rebooted a few times. No difference to report in regards to download speeds though.
  2. I think if someone twisted my arm to point to one thing on my Internal network that "may" be a potential contributing factor to my reduced download speeds while using EDNS then I would probably point to my Linux based Router/Firewall that sits behind my Primary PFSense Firewall. The Linux box is a key component in my setup though so removing it would be a real headache. I do realize though that at some point I will have to face this headache when it gets too old to continue using it. Would my speed issues go away then? Maybe, maybe not. Will see I guess when the time comes. The Linux box handles all of the Internal Routing between Internal network VLANS and is also the Primary "initial" Firewall that Internal network Clients hit first, before being allowed out to the Internet by way of the outer most PFSense Firewall (IOW, there is a DMZ involved here but it shouldn't matter). I use Linux IP Tables on that small Linux Router/Firewall for close lock down of Outbound traffic/ports. Its a very powerful technology in this regard so I continue to use it. But with that said, it is a small Linux box with your typical small Linux appliance hardware specs (Cortex ARM Proc, 256MB RAM). Despite this though, I have never seen it appear/show itself as being busy at any point. Its just the only box that I could potentially point to because it is the one with the least amount of actual compute resources compared to all the other devices in the chain. Ultimately though, the PFSense FW is responsible for all of the EDNS configuration settings. The PFSense is just basically intercepting any regular DNS queries it might receive from Internal network Clients and forces them to use EDNS instead. All the Internal Clients are just pointing to the Default Gateway for the VLAN they are located on as their Primary DNS Server. This ultimately just points to that small Linux Router previously mentioned. So from the Clients standpoint, the small Linux box is their Primary DNS Server. But with all that said, the Linux box does have 1Gb Interfaces across the board and in theory once my DNS query is resolved to an Internet URL and a download is initiated, it shouldn't be a limiting factor. Web pages load quickly as you would expect. Its just during various Download Speed tests is where I can see that I'm not getting my full ISP advertised bandwidth. If I didn't check there I wouldn't know any better because I'm not really a heavy Internet bandwidth user.
  3. Hello, ISP previously was Comcast (200mb) and now its Stratus IQ (300mb). I thought it may just be a Comcast thing because they are terrible in general but with Stratus IQ the same hit to download speeds remains. Both were a coax Cable based hookup and no Fiber options for me unfortunately. I'm not too concerned with it really. I just figured I would mention the potential of seeing a hit to download speeds while using EDNS if someone wanted to give it a try. I think the increase in security is well worth any reduction in download speeds though. I still have plenty of bandwidth for all of my purposes while using EDNS. I'll be switching to Starlink by EOY so it will be interesting to see how this works using a better than average Satellite technology. I suspect I may have to turn it off altogether at that point but will see.
  4. Yes, I am only pointing my Firewall to their two DNS servers. No product/services were purchased from Cloudflare on my part. I've used Google in the past for the same thing and Google was slower.
  5. Can I assume you are already using Encrypted DNS and saw no speed hit after turning it on? If so, then I guess some people luck out and possibly have an ISP provider with more robust equipment in the chain. I wont clutter up the thread listing out all of my equipment in use but I wouldn't disagree that something might be wrong but I'm pretty confident its not on my end (at least not from street to my Internal Network).
  6. Tell that to Cloudflare. I've not seen or heard of an encryption method that is not also resource intensive for both ends of the pipe. I guess you found one that isn't
  7. A few other things people can do at an attempt to achieve some level of additional privacy are below: Configure/Enable DNS over TLS or HTTPS (ie..Encrypted DNS). The Cloudflare DNS servers support it as does Google (oof) and probably some others. A few drawbacks to the above option Reduced Internet connection download/streaming speeds. Upwards of a 50% hit while using Encrypted DNS would not be shocking to see. But if your going to use it, it should be used 24/7/365 or its not worth it. For some the download speed thing can be a real problem, especially if your download speeds aren't that great to begin with. But, for others who have more than they will ever use in terms of connection speed, the download hit may be a non-issue (ie..1GB Fiber to home, fairly light bandwidth User..etc). I suspect (I haven't taken the time to prove it yet) that using Encrypted DNS is problematic while attempting to stream music content above 24/96 from QoBuz But...if you can survive with the reduced Internet download speeds I think this is a very worthwhile step to take. Assuming you have no DNS Leaks taking place, you can confirm the above is working by setting up a "Port mirror" on your Firewalls Outside Interface (I'll assume the person has such an option). From there you can watch all traffic leaving your network with Wireshark to confirm that you no longer see any clear text Internet URL's being shown over Unencrypted DNS Port 53. You should also block all destination Internet URL's that are not using Port 443/HTTPS but this can be problematic at times. Another step to consider is that you should try to take full advantage of your Network switch/Routers capabilities. If you have one that supports VLAN's, you should use them. All of them if possible. Lastly, try and group your home network usage into a few categories. Something as simple as ....Trusted, UnTrusted isn't a bad way to start. You could put all the "Shady stuff" like Roku players, Robot Vacuums, Alarm Panels, Gaming Consoles, Alexa's (oof)...etc..etc on the UnTrusted VLAN. You could then put everything else on the Trusted VLAN. From here you could configure some Firewall rules to do something like: Allow all Ports Outbound on the UnTrusted VLAN Then Allow only Ports 80/443 Outbound on the Trusted VLAN. This would block all the remaining 65,533 TCP/UDP Ports from being used by "Sneaky code". In any case, none of the above is foolproof but it sure reduces the attack/information leak surface by quite a bit.
  8. I'm only commenting on the product based on what I see in the pictures. I have not seen or heard of the device before until now so, in other words, I'm guessing and some of this may be considered obvious observation. With the disclaimers out of the way, there is mention of needing two power cables for the device. My guess it that one of them maybe powers the Ethernet guts sitting on top (hard to say if its an actual full bodied, full function switch or two separate Hubs sitting on each side of an Optical device). The other Power Supply Input may be powering the Optical components. My other guess is that the bottom chassis is holding the Input power related components and maybe some other circuit boards required for its functionality. They mention using the "Attached" power adapters to power the unit or the companies own Power Supply via what looks like SpeakOn connectors at the chassis end. The page says the product weighs like 6lbs. Given that the power adapters are external to the unit then that tells me the metal chassis is quite thick OR that maybe they are using some kind of "fill" within the box to maybe dampen the chassis (sand?, dirt?) to account for the listed weight. My last thought is that assuming the optical/switching components can pass the "Bits", in tact, and without adding significant latency, then I guess I don't see why Ravenna would know its even there in the signal chain. Unfortunately, given the lack of product details by the company, the only way to really know would be to take the plunge, poke at it with a stick and then run it thru a bunch of network related tests to see how it fares. Maybe this other product they offer is less of a gamble. Or, what if you opened the box above and saw just one or two of these inside 🤣
  9. A few things to maybe look into if you have not done so already::: 1. After browsing thru the Yamaha MusicCast User Manual and the FAQ it appears to me that this technology has some dependencies on Network Multicast advertisement's. There is mention of having MultiCast enabled on the Wireless Router/AP. Its possible that if this is not enabled some devices might fall of the face of the earth as you describe. At one point, and maybe even still, I believe Roon was doing something similar in order to automatically discover other devices on the same Subnet. The key here being "on the same Subnet". MultiCast basically sends out a giant blast of "Hello is anyone there" type messages in simple terms. This is likely one reason why Roon doesnt support the use of VLAN's or in other words, devices sitting on a different Network than the Core/Brain server. So I would check to confirm if you have any type of check box on your Wireless Router/AP for allowing or sending Multicast messages. 2. There is also an interesting mention in the FAQ about the following: It says something about creating its own 5GHz network that does not rely on the Wireless Infrastructure within your home. I'm not sure if you are using Stereo or Surround mode in your case but the later is where this supposed stand-alone 5GHz network is used. This brings into question whether or not your Laptop or "Source" is located on that same spawned 5GHz network or not. The details of how this spawned 5GHz network actually works are pretty vague unfortunately. Lastly, I see mention of this technology possible preferring 2.4 GHz Wireless networks over 5GHz ones. Not sure which one you have though? If possible, try and confirm the IP Addresses that were given out to all the various devices involved. You should be able to see this within the Router somewhere. Are there any required devices not listed there? If so, maybe they fell on to this spawned network while all the others are on a different network hosted by your Wireless Router/AP?
  10. Hello, I'm curious to know if anyone is aware if or has tried to use the Pono without an Internal battery present? Maybe buy way of some external Power Supply or Battery Bank you are using of equivalent Input/Output Specs of the normal Internal batteries? I also own a Pono Player (Black one) that still functions. I've always been impressed with its SQ for a Portable/Mobile type device. I don't really use mine anymore mostly due to the battery life for "on the move" use cases. I'll admit upfront that I have not spent much time looking into the question above (about bypassing the Internal battery) but this thread reminded me about the Pono that I already own and enjoyed at one point in the past. I think it would be pretty cool if the device could be used without worrying about the tiny Internal battery all the time. I get that its very possible that it sounds the way it does..because of...it running from a battery. So if one wanted to maintain any gains in SQ because of the use of a battery based power supply maybe they could just source their own larger unit which could itself be fed from the wall outlet. I'm thinking along the lines of repurposing a Pono from being a portable device to a "fixed" device where unlimited power could be fed to it via whatever means and that there would be almost no need to pull any cables from it out of fear of wearing out the interface itself.
×
×
  • Create New...