Skip to content

Network Reference

Subnets

Subnet Purpose Gateway
REDACTED/24 LAN / management REDACTED (Bell Giga Hub — active router/DHCP; OPNsense WIP)
REDACTED/24 IT LAN (OPNsense) REDACTED (caneast-site1-fw1)
REDACTED/24 Management VLAN REDACTED (caneast-site1-fw1)
REDACTED/24 ICT / interconnect REDACTED (caneast-site1-fw1)

KVM Bridges on caneast-site1-node3

Bridge Subnet Purpose
lan-bridge REDACTED/24 LAN / management
dmz-bridge-0 -- DMZ (no host IP)
dmz-bridge-1 REDACTED/24 Management VLAN
dmz-bridge-2 REDACTED/24 ICT / interconnect

DNS

See DNS Architecture for the full current-state topology, AdGuard rewrite table, node resolver summary, and WI-248 migration plan.

Service Node Port Notes
AdGuard Home caneast-site1-node2 3080 Internal DNS + ad blocking (primary)
Pi-hole v6 caneast-site1-node1 53 Secondary — to be retired (WI-248, Phase 5)
Cloudflare peries.ca -- Public DNS — external registrar nameservers

AdGuard rewrites: 11 records covering *.peries.ca, *.caneast-site1-node3.peries.ca, and .home shortnames. Full list in DNS Architecture.

Known issue: caneast-site1-node1.home points to REDACTED (wlan0); should be REDACTED (eth0). Fix tracked in WI-248 Phase 1.

VPN

Service Node Notes
WireGuard caneast-site1-node1 Remote access

Firewall Zones

Zone Description
LAN Internal IT network
DMZ Internet-facing services -- Conpot honeypot (Phase 3), jump box
OT Physically isolated -- ESP32, MQTT broker

Public DNS Records (peries.ca)

Name Type Target Notes
peries.ca Worker binding peries-ca.pages.dev Portfolio site
docs CNAME peries-ca-docs.pages.dev Docs site
www CNAME peries-ca.pages.dev Redirect
office CNAME archon-office.pages.dev Archon Office