Okay, so if that’s your actual DNS Server, can you confirm that it works? dig @yourdns debian.org, for example. Afterwards try to use the default DNS of your system dig debian.org. If both works, your DNS config should be fine. Try a curl debian.org -v too.

debian.org is just a random domain for this, use whatever you want. I don’t see anything badly configured so far.

Okay, no external software for DNS management present here. Is that ip a working DNS Server? Is it your server itself perhaps?

From the output, you don’t have any routing rules for your machine that block outgoing traffic. The dig command confirms that you can talk to servers. 9.9.9.9 is a common DNS Server. Based off of this, it seems like your problem is that your system has a bad DNS configuration (it’s always DNS).

Can you parhaps cat /etc/resolv.con? This file normally contains the used DNS servers for Linux systems, unless using special software.

Can you dig @9.9.9.9? If so, its certainly DNS. If it’s not DNS, perhaps try to check your iptables iptables -L && iptables -t nat -L.

Why would you count Rufus and balena etcher not trustworthy? Sounds like you’re to deep in the paranoia, which I completely understand, but gets just impractical “Man yelling at cloud” depending on how deep you are.

dd is just another program too, why trust dd? Linux is just another Program too, why trust Linux? And so on. You can audit every (OSS) Program if you want in theory, but let’s be real, no one does that because time is better spent elsewhere.

Company: Here is a security vulnerability in your OSS project, please fix our production is vulnerable.

Random Guy working on OSS library in his free time: Sure, I have some time next month.

Random Guy works full-time, has a family and friends. Random Guy is not your supplier and has no obligations and warranties WHAT SO EVER, even implied. That’s what the license of his project says.

If Company wants it fixed, they better allow him to work full time on it, or pay part time work. Or they pay someone else to maintain Project and send the changes to Project so Random Guy can take a little look and merge if he feels like it. Random Guy won’t just merge company code and be done with it, more code in a codebase needs to be maintained now after all.

This also works with features of course. The time of Random Guy is valuable and if Company wants Random Guy to work on something they use, they’d better pay good money for that time.

I didn’t really consider that there are feeds for such things, especially for my distro(s). Embarrassing, but it means you helped making me safer!

I’m now subscribed to the Debian security list, seeing as all my servers run Debian. I just had unattended upgrades with Mail logs before.

Didn’t know this existed. Just subscribed. Thanks

It is really informative! Spread the word.

Same for me. Ventoy is pretty amazing and keeps most of my isos on it. Sadly, sometimes it’s not capable of doing the job, for example when I installed proxmox (based on Debian 12) this week, ventoy couldn’t do it. Apparently this is a known issue in ventoy.

But yeah, for most isos, ventoy is the way of you install OSes somewhat often, as it contains partition layouts and boot records regardless (I think).

There is. Just use a media creation tool, like Rufus. dd’ing onto a drive is a hack.

Recently, I learned that booting from a dd’d image is actually a major hack. I don’t get it together on my own, but has something to do with no actual boot entry and partition table being created. Because of this, it’s better to use an actual media creation tool such as Rufus or balena etcher.

Found the superuser thread: https://superuser.com/a/1527373 Someone had linked it on lemmy

My issue is that I use a self signed CA, there is some progress in that area, but last time I checked not something usable on my device

Why don’t just go to debian.org?

I wouldn’t want to do that, I don’t trust bad computer enough to work on good computer with bad computer