HopBox | Blog

Welcome to HopBox Blogs

Fri, 07 Nov 2025 00:00:00 GMT

Welcome to the official HopBox blog! This is where we’ll share product updates, technical tutorials, networking insights, and stories from the team behind HopBox.

What to Expect

We’re building HopBox in the open, and this blog is part of that commitment to transparency. Here’s what you can look forward to:

Product Updates — New features, firmware releases, and cloud dashboard improvements.
Technical Deep-Dives — Detailed posts on DNS, SD-WAN, VPN configurations, firewall management, and network architecture.
How-To Guides — Step-by-step tutorials for getting the most out of your HopBox deployment.
Industry Insights — Our take on trends in enterprise networking, open-source infrastructure, and network security.

Built on Open Source

HopBox is built entirely on Free and Open Source Software. We believe that critical network infrastructure should be transparent and auditable. Every component — from the firmware running on your device to the cloud dashboard managing it — is open for inspection and contribution.

Stay Connected

We publish new posts regularly. Whether you’re a network engineer managing hundreds of devices or an IT admin setting up your first SD-WAN, there’s something here for you.

Have a topic you’d like us to cover? Reach out to us at info@unmukti.in — we’d love to hear from you.

Happy networking!

Healthchecks based loadbalance and failover with DNS using PowerDNS

Sun, 29 Jun 2025 00:00:00 GMT

Nowadays many enterprise DNS providers provide healthchecks based DNS failover solution, including from AWS Route 53. The premise of this is directing the traffic towards the available nodes only using the DNS authority chain for the records.

At Hopbox, we manage a bunch of our domains in-house using BIND9 and PowerDNS. We wanted to make sure the application is actually listening and available on a server before directing the traffic to it. In case one of the servers is not available or service is down, its IP address is removed from the DNS responses. We have chosen PowerDNS Lua Records for this purpose.

Lua records are Lua statements in PowerDNS, which need to be enabled using the [enable-lua-records] 1 flag in config. Lua records are quite simple to define:

app IN LUA A ( "ifportup(9001, {'192.0.2.1', '198.51.100.39', '203.0.113.126'," "{selector='all'}) ")

In the above statement, an A record for the subdomain app is defined, which monitors reachability on port 9001 for three defined nodes, i.e., 192.0.2.1, 198.51.100.39 and 203.0.113.126 and returns all up nodes in response (defined by selector=’all’). 2

That’s a mouthful of explanation for sure. In short, for a DNS query for the subdomain app, PowerDNS would return all available nodes (based on port 9001 availability).

selector can be changed based on geography as well:

app IN LUA A ( "ifportup(9001, {'192.0.2.1', '198.51.100.39', '203.0.113.126'," "{selector='pickclosest'}) ")

This modifies query response to direct traffic to the closest node on the basis of the requestor’s geographic distance. Monitoring or availability checks are done in an async manner in the background, and we have observed check frequency varying from 2 to 5 seconds. The default TTL for response seems to be 120 seconds.

A full list of Lua functions available in PowerDNS can be found here. Most can be combined to do fine-grained load balancing.

From Lua Records documentation:

This is a PowerDNS specific feature, and is not (yet) standardized by the IETF or other standards bodies. We are committed however to interoperability, and strive to turn this functionality into a broadly supported standard.

So AXFR is only supported to other PowerDNS secondaries only.

At Hopbox, we also provide Managed DNS services, where you can point a CNAME for your application subdomain towards us, and we manage the healthchecks (port specific too) based on DNS responses (with our diverse, highly available DNS infrastructure). You may Contact us to enquire abut how we can help optimise your application delivery.

Hopbox Public GNU software mirror

Tue, 04 Jun 2024 00:00:00 GMT

We at Hopbox have been Free Software users and contributors for more than a decade now. We were looking to contribute more to the community in a different from usual way. Downloads from GNU FTP mirrors were slow in India and there existed only 1 mirror (when we decided) for whole of India. As of 4th April 2024, we’re only GNU mirror in India.

GNU is an extensive collection of software packages like Bash, Emacs, Octave and various coreutils. So after a quick discussion, we started hosting a GNU software mirror on our locally hosted Chromebox. The mirror is available on both http://mirrors.hopbox.net/gnu/ and https://mirrors.hopbox.net/gnu/.

As most Free Software don’t have commercial backing and require heavy downloads, the concept of software download mirrors helps take the traffic load off of the primary server, leading to geographical redundancy, higher availability and faster download in general.

At Hopbox, we regularly build a in-house customized version of OpenWrt, a GNU/Linux distribution for routers and embedded devices, which in turn uses GNU coreutils for compilation. Having a local mirror gives us speeds faster than 1 Gbps which is many times faster than our internet speeds, as traffic gets served locally.

The mirror is running on a Dell Optiplex 3020 solely dedicated for mirroring purposes behind a Hopbox APU gateway. The mirror right now is running on base Debian 12 bookworm.

Presently the mirror is serving 30-50 GB of traffic daily since becoming the sole GNU FTP mirror in India with Emacs and Octave fighting for top downloaded package. We generally see traffic from India and neighboring countries.