045 - Why is It ALWAYS DNS?!?

046 - Can Claude Code Help SysAdmins? Scripting, Log Analysis, and the Claude.md workflow

The skepticism is earned. Most AI demos are built for developers. Most AI hype is vendor noise. And most SysAdmins have better things to do than adopt another tool that solves a problem they may or may not have. That said: this is Andy putting the grumpy SysAdmin argument aside for an hour to make the honest case for Claude Code in SysAdmin workflows. With caveats. With the parts that still fall short. With a clear line between where it helps and where you should keep your hands on the wheel. The episode also covers a rough few weeks for the Linux kernel: three local privilege escalation vulnerabilities publicly disclosed in quick succession. All local, not remote. Still worth knowing about before your next patch cycle. In this episode: - A rundown of the three recent Linux kernel LPE vulnerabilities (Fragnesia, DirtyFrag, and CopyFail) and what they mean for SysAdmins running Linux in their environments - Nerd Hour: Restic offsite backups via Hetzner storage, Beszel and Uptime Kuma monitoring running on K3S - What Claude Code actually is, and why the CLI-based workflow changes the value proposition compared to chatbot-style AI use - The CLAUDE.md file: the single biggest thing most SysAdmins are missing when they try AI tools. What it is, how to build one, and how it turns Claude into something that actually knows your environment - Practical use cases: script generation with real AD and environment context, incident triage as a thinking partner, log analysis, documentation from terminal history, run book drafting, and YAML/Kubernetes help - Where to stay skeptical: sensitive data, the "do whatever you want" permission mode, and always reviewing AI-generated scripts before running them anywhere near production The tool amplifies competence. It doesn't substitute it. That framing is the whole episode. --- ## Resources and Show Notes ### Linux Vulnerabilities: - Fragnesia (CVE-2026-46300): https://www.helpnetsecurity.com/2026/05/14/fragnesia-cve-2026-46300-linux-lpe-vulnerability/ [https://www.helpnetsecurity.com/2026/05/14/fragnesia-cve-2026-46300-linux-lpe-vulnerability/] - DirtyFrag (CVE-2026-43284 + CVE-2026-43500): https://www.helpnetsecurity.com/2026/05/08/dirty-frag-linux-vulnerability-cve-2026-43284-cve-2026-43500/ [https://www.helpnetsecurity.com/2026/05/08/dirty-frag-linux-vulnerability-cve-2026-43284-cve-2026-43500/] - CopyFail (CVE-2026-31431): https://www.helpnetsecurity.com/2026/04/30/copyfail-linux-lpe-vulnerability-cve-2026-31431/ [https://www.helpnetsecurity.com/2026/04/30/copyfail-linux-lpe-vulnerability-cve-2026-31431/] ### Claude Code: - Claude Code Security Documentation: https://code.claude.com/docs/en/security [https://code.claude.com/docs/en/security] - Claude Code Permissions Documentation: https://code.claude.com/docs/en/permissions [https://code.claude.com/docs/en/permissions] ### Tools Mentioned: - Restic Backup: https://restic.net [https://restic.net] - Beszel Monitoring: https://beszel.dev [https://beszel.dev] - Uptime Kuma: https://github.com/louislam/uptime-kuma [https://github.com/louislam/uptime-kuma] - Hetzner Object Storage: https://docs.hetzner.com/storage/object-storage/ [https://docs.hetzner.com/storage/object-storage/] - Hetzner Object Storage + Restic Setup Guide: https://docs.hetzner.com/storage/object-storage/howto-backups/restic/ [https://docs.hetzner.com/storage/object-storage/howto-backups/restic/] ### Community: - Friends and Family IT Support Stories on GitHub Discussions: https://github.com/ProjectRunspace/sysadmin-weekly/discussions [https://github.com/ProjectRunspace/sysadmin-weekly/discussions] - Andy's Music TUI Terminal Apple Music Controller: https://github.com/asyrewicze/music_tui [https://github.com/asyrewicze/music_tui] ### Previous Related Episodes: - SysAdmin Weekly 008 - Getting Started with GitHub Copilot: https://open.spotify.com/episode/2eTtoAgeKEikKeLzYExfOY?si=ySl9Ho7mQ861mHAKiTAQ5w [https://open.spotify.com/episode/2eTtoAgeKEikKeLzYExfOY?si=ySl9Ho7mQ861mHAKiTAQ5w] - SysAdmin Weekly 016 - AI Agents for IT Admins episodes featuring Mike Nelson: https://open.spotify.com/episode/7u5T3Tp04EEP0hZRst3KPZ?si=zTpzVTXZR42vle4Gk0-tow [https://open.spotify.com/episode/7u5T3Tp04EEP0hZRst3KPZ?si=zTpzVTXZR42vle4Gk0-tow] ## Chapters 04:32 - Community Comments and News React 07:16 - Linux Vulnerabilities Overview 10:08 - Nerd Hour: Personal Projects and Backups 13:21 - Exploring Claude Code for Sysadmins 16:09 - The Grumpy Sysadmin and AI Adoption 19:24 - Understanding Claude Code's Functionality 22:35 - Use Cases for Claude Code 30:01 - The Importance of Documentation in Sysadmin Work 32:52 - Leveraging Claude.md for Enhanced Context 37:27 - Practical Applications of Cloud Code in Sysadmin Tasks 42:11 - Challenges and Limitations of Cloud Code 53:54 - Future of Cloud Code and Its Value in Sysadmin Work

045 - Why is It ALWAYS DNS?!?

It's always DNS. Every SysAdmin has said it, usually at the worst possible moment. This episode is the explanation for why that joke is only half a joke. Andy and Eric walk through how DNS actually works from first request to final answer: recursive resolvers, root servers, authoritative name servers, TTLs, and caching. From there they get into Windows Server and Active Directory DNS integration, covering SRV records, dynamic registration, and scavenging. The back half covers DNS security: DNSSEC, DNS over HTTPS, Encrypted Client Hello, DNS-based content filtering, and how attackers use DNS for C2 traffic and exfiltration. Throughout, the guys pull from real war stories, including a ticketing system that silently failed every few weeks because one of four DNS servers had a stale record, and a BIND config that refused to load because of a trailing space. --- ## Show Notes and Resources ### News React - Cloudflare DNS filtering tiers: https://blog.cloudflare.com/introducing-1-1-1-1-for-families/ [https://blog.cloudflare.com/introducing-1-1-1-1-for-families/] - AI token costs exceeding replacement labor costs: https://fortune.com/2026/04/28/nvidia-executive-cost-of-ai-is-greater-than-cost-of-employees/ [https://fortune.com/2026/04/28/nvidia-executive-cost-of-ai-is-greater-than-cost-of-employees/] - Claude deleting company data and backups: https://www.tomshardware.com/tech-industry/artificial-intelligence/claude-powered-ai-coding-agent-deletes-entire-company-database-in-9-seconds-backups-zapped-after-cursor-tool-powered-by-anthropics-claude-goes-rogue [https://www.tomshardware.com/tech-industry/artificial-intelligence/claude-powered-ai-coding-agent-deletes-entire-company-database-in-9-seconds-backups-zapped-after-cursor-tool-powered-by-anthropics-claude-goes-rogue] - Backyard RAM manufacturing: https://www.theregister.com/2026/04/23/youtuber_builds_working_dram/ [https://www.theregister.com/2026/04/23/youtuber_builds_working_dram/] ### Nerd Hour - Andy's PomoCLI app: https://github.com/asyrewicze/pomocli [https://github.com/asyrewicze/pomocli] ### Main Segment Resources - Cloudflare: What is DNS?: https://www.cloudflare.com/learning/dns/what-is-dns/ [https://www.cloudflare.com/learning/dns/what-is-dns/] - MXToolbox: https://mxtoolbox.com [https://mxtoolbox.com] - DNS over TLS vs. DNS over HTTPS - Cloudflare Learning: https://www.cloudflare.com/learning/dns/dns-over-tls/ [https://www.cloudflare.com/learning/dns/dns-over-tls/] - Encrypted Client Hello - the last puzzle piece to privacy: https://blog.cloudflare.com/announcing-encrypted-client-hello/ [https://blog.cloudflare.com/announcing-encrypted-client-hello/] ### Community - GitHub Discussions: Friends and family IT support stories: https://github.com/ProjectRunspace/sysadmin-weekly/discussions/15. [https://github.com/ProjectRunspace/sysadmin-weekly/discussions/15.] ## Chapters 12:45 - Understanding DNS: The Final Boss 25:49 - The DNS Resolution Process 38:43 - Exploring DNS Services and Tools 39:45 - Managing DNS: Windows vs. BIND 43:36 - Active Directory and DNS Integration 48:38 - Dynamic Registration and Scavenging in DNS 52:42 - Understanding DNS Record Types 54:44 - Common DNS Tools and Their Uses 59:28 - DNS Security: Threats and Protections 01:06:27 - DNS Filtering and Content Control 01:12:36 - Should You Run Your Own DNS?

044 - Hyper-V Failover Clustering in 2026

Failover clustering is the part of Hyper-V that trips up the most people, especially anyone arriving from the VMware side. In this episode Andy Syrewicze and Eric Siron pick up directly where episode 043 left off: you have standalone Hyper-V running, now what does it actually take to make it highly available in 2026? The guys start with the "why bother" question: Azure Local versus a traditional Hyper-V failover cluster comes down mostly to billing and governance overhead, not capability. From there the conversation moves into prerequisites: shared storage options (Storage Spaces Direct, iSCSI, SMB shares, Fiber Channel), Active Directory integration, and the heartbeat NIC myth Eric has been fighting against since he started seeing outdated Microsoft docs still getting passed around. The bulk of the episode is quorum: what split-brain means, why a two-node cluster needs a third vote, and the practical tradeoffs between a file share witness, a disk witness, and a cloud witness in Azure. Dynamic quorum gets its own explanation, including how graceful node shutdowns allow a cluster to shrink without taking everything offline. They close on the creation experience (PowerShell over Windows Admin Center, period), the gotcha that catches every VMware migrant (creating the cluster and adding VMs as clustered roles are two separate steps), live migration and shared nothing live migration. In the news and nerd hour segments this week: the FCC ban on foreign-made consumer routers (with Netgear already approved as an exception before anyone finished reading the press release), 3D printing of circuitry using microwave-based manipulation now down to the width of a human hair, Tim Cook stepping down from Apple, Andy using Claude Code to build a master index of every topic covered across all 43 episodes and every newsletter edition, and Eric deep in research on a home routing setup built around a mini PC with a separate router component so the internet does not require an IT degree to reset when he is traveling. --- ## Episode Resources SysAdmin Weekly Website: https://www.sysadminweekly.com [https://www.sysadminweekly.com] SysAdmin Weekly Companion Newsletter: https://newsletter.sysadminweekly.com [https://newsletter.sysadminweekly.com] Community Discussion Board: https://github.com/ProjectRunspace/sysadmin-weekly [https://github.com/ProjectRunspace/sysadmin-weekly] Share Your Family/Friends IT Support Stories (community post): https://github.com/ProjectRunspace/sysadmin-weekly/discussions/15 [https://github.com/ProjectRunspace/sysadmin-weekly/discussions/15] AndyOnTech: https://www.andyontech.com [https://www.andyontech.com] Project Runspace: https://www.projectrunspace.org [https://www.projectrunspace.org] **Previous episodes referenced in this episode:** - Episode 043: Getting Started with Hyper-V in 2026: https://open.spotify.com/episode/4J77iiMVDWvvf8fshSurAL?si=D1hPaG7eSKiX6uU7UPBL3g [https://open.spotify.com/episode/4J77iiMVDWvvf8fshSurAL?si=D1hPaG7eSKiX6uU7UPBL3g] - Episode 042: Should SysAdmins Job Hop or Stay Put?: https://open.spotify.com/episode/0o7EMW8JTGDm8rJv7Xu6Pg?si=uv1KIDZwS-y4l0g6yIV8jA [https://open.spotify.com/episode/0o7EMW8JTGDm8rJv7Xu6Pg?si=uv1KIDZwS-y4l0g6yIV8jA] - Episode 13: Should Hyper-V Be Domain Joined?: https://open.spotify.com/episode/0KWjIe5xgqZV9XYHuV2UF3?si=oK6XKjJiQ_mvpEEDqY_vyg [https://open.spotify.com/episode/0KWjIe5xgqZV9XYHuV2UF3?si=oK6XKjJiQ_mvpEEDqY_vyg] - Episode 017: Hyper-V Management Story episode: https://open.spotify.com/episode/0rHwIc4U297R7I6KFayhlm?si=oTB7nX3bTgG7xekebnIU5g [https://open.spotify.com/episode/0rHwIc4U297R7I6KFayhlm?si=oTB7nX3bTgG7xekebnIU5g] **Articles referenced in this episode:** - FCC ban on foreign-made consumer routers: https://www.wired.com/story/us-government-foreign-made-router-ban-explained/ [https://www.wired.com/story/us-government-foreign-made-router-ban-explained/] - What's New with Hyper-V in Windows Server 2025 (Microsoft Docs): https://learn.microsoft.com/en-us/windows-server/get-started/whats-new-windows-server-2025#hyper-v-ai-and-performance [https://learn.microsoft.com/en-us/windows-server/get-started/whats-new-windows-server-2025#hyper-v-ai-and-performance] --- ## Chapters 03:30 - Tech News Highlights 14:38 - Nerd Hour: Personal Projects and Innovations 21:02 - Listener Feedback and Career Insights 25:54 - Hyper-V Failover Clustering in 2026 32:56 - Automated Setup and Shared Storage Solutions 35:03 - Active Directory Integration and Clustering Best Practices 36:55 - Understanding Quorum in Failover Clustering 46:15 - Establishing a Failover Cluster: Tools and Processes 57:18 - Live Migration and Storage Migration in Hyper-V 01:01:14 - Day Two Operations and Cluster Management

043 - Getting Started with Hyper-V in 2026

Hyper-V has been around since 2008, runs Azure, runs Xbox, and still gets overlooked by shops fleeing VMware/Broadcom pricing. In this episode Andy Syrewicze and Eric Siron go back to basics: what Hyper-V actually is under the hood, why it is still worth your attention in 2026, and everything you need to know to stand it up and run your first virtual machine without losing your mind in the process. They walk through licensing (Standard versus Data Center, OSEs, core-based math, and the very short answer: call your licensing rep), then peel back the architecture to explain why Hyper-V is a genuine Type 1 hypervisor even though it boots into Windows. From there the conversation covers hardware requirements, the virtual switch types that trip up every VMware migrant, storage options, Gen 1 versus Gen 2 VMs (short answer: go Gen 2), Integration Services, and Dynamic Memory. Checkpoints and clustering get flagged as topics that deserve their own full episodes. In the news and nerd hour segments this week: CPU component prices climbing again with Intel and AMD reportedly raising costs by 15% or more, Microsoft announcing plans to rebuild Windows apps natively instead of relying on WebView, the MacBook Neo stirring up comparisons to the original Surface, Eric's week spent patching NetScaler appliances through a critical CVE while fighting Citrix's new licensing model, and Andy's experience standing up a Forgejo self-hosted git forge and putting Claude Code to work as a local repository agent. --- ## Episode Resources SysAdmin Weekly Website: https://www.sysadminweekly.com [https://www.sysadminweekly.com] SysAdmin Weekly Companion Newsletter: https://newsletter.sysadminweekly.com [https://newsletter.sysadminweekly.com] Community Discussion Board: https://github.com/ProjectRunspace/sysadmin-weekly/discussions [https://github.com/ProjectRunspace/sysadmin-weekly/discussions] Share Your Family/Friends IT Support Stories (community post): https://github.com/ProjectRunspace/sysadmin-weekly/discussions/15 [https://github.com/ProjectRunspace/sysadmin-weekly/discussions/15] AndyOnTech: https://www.andyontech.com [https://www.andyontech.com] Project Runspace: https://www.projectrunspace.org [https://www.projectrunspace.org] Forgejo (self-hosted git forge): https://forgejo.org [https://forgejo.org] Claude Code: https://claude.ai/code [https://claude.ai/code] **Previous episodes referenced in this episode:** - VMware/Broadcom coverage: https://open.spotify.com/episode/764MqlqHjNimkiAdoWNoRb?si=pLZoVGM9RCivR6iBOW7b0A [https://open.spotify.com/episode/764MqlqHjNimkiAdoWNoRb?si=pLZoVGM9RCivR6iBOW7b0A] - Hyper-V management tools episode: https://open.spotify.com/episode/0rHwIc4U297R7I6KFayhlm?si=X_lxLkBDTuejzC_NCsoo2w [https://open.spotify.com/episode/0rHwIc4U297R7I6KFayhlm?si=X_lxLkBDTuejzC_NCsoo2w] --- ## Chapters 02:50 - Getting Started with Hyper-V in 2026 15:25 - Nerd Hour: Personal Projects and AI Tools 27:47 - Main Segment: Hyper-V Fundamentals 29:06 - The Evolution of Hyper-V31:33 - Understanding Hyper-V Licensing 37:53 - Navigating Hyper-V Licensing Complexities 41:44 - Hyper-V Architecture Explained 56:40 - Getting Started with Hyper-V 01:03:45 - Understanding Hyper-V Networking Challenges 01:08:45 - Exploring Hyper-V Storage Options 01:13:29 - Choosing Between Generation 1 and Generation 2 VMs 01:18:34 - Key Features of Hyper-V: Integration Services and Dynamic Memory 01:20:50 - Managing Hyper-V with System Center Virtual Machine Manager

042 - Should SysAdmins Job Hop or Stay Put? There's a Secret Option C....

Andy and Eric Siron tackle one of the most debated questions in IT careers: do you find a company and stay for the long haul, or do you job hop every few years to chase better pay and new challenges? With over four decades of combined industry experience between them, they've lived both sides of the equation and they make the case that the real answer is neither. In News React, Eric calls out Nvidia CEO Jensen Huang's proposal that engineers should burn through AI tokens worth half their salary as a productivity metric, and Andy flags Intel's announced 10% consumer CPU price hike as the compute consolidation squeeze continues to tighten. Nerd Hour covers Andy's maddening K3S node kernel lockup mystery and Eric's journey from WordPress to Hugo for the Project Runspace site. For our main segment the guys walk through the case for staying long term at a job bringing deep institutional knowledge, ownership of your environment, the satisfaction of building something to your standards along with the real downsides: skill calcification, salary stagnation, and the risk of becoming so embedded you can't leave. Then they flip to the case for hopping. This method typically lands meaningful pay jumps, escaping bad culture, and breadth of experience alongside the pitfalls of being labeled a flight risk, never building depth, and fueling the contract economy. The guys then end the episode with Secret Option C.... --- ## Episode Resources - Nvidia CEO Jensen Huang: Engineers Should Spend 50% of Salary on AI Tokens (CNBC) - https://www.cnbc.com/2026/03/20/nvidia-ai-agents-tokens-human-workers-engineer-jobs-unemployment-jensen-huang.html [https://www.cnbc.com/2026/03/20/nvidia-ai-agents-tokens-human-workers-engineer-jobs-unemployment-jensen-huang.html] - Intel (AND AMD!!!) Preparing 15% Consumer CPU Price Increase (PCMag) - https://www.pcmag.com/news/intel-amd-reportedly-set-to-raise-cpu-prices-by-up-to-15-percent [https://www.pcmag.com/news/intel-amd-reportedly-set-to-raise-cpu-prices-by-up-to-15-percent] - SysAdmin Weekly Website - https://www.sysadminweekly.com [https://www.sysadminweekly.com] - SysAdmin Weekly Companion Newsletter - https://newsletter.sysadminweekly.com [https://www.sysadminweekly.com] - AndyOnTech - https://www.andyontech.com [https://www.andyontech.com] - Project Runspace - https://www.projectrunspace.org [https://www.projectrunspace.org] - SysAdmin Weekly GitHub Community Discussions - https://github.com/ProjectRunspace/sysadmin-weekly/discussions [https://github.com/ProjectRunspace/sysadmin-weekly/discussions] - SysAdmin Weekly GitHub Discussion: Share Your Family & Friends IT Support Stories - https://github.com/ProjectRunspace/sysadmin-weekly/discussions/15 [https://github.com/ProjectRunspace/sysadmin-weekly/discussions/15] ## Episode Chapters 00:00 - Introduction to Sysadmin Weekly 03:02 - Navigating Career Choices in IT 17:59 - The Case for Staying in One Organization 34:13 - The Case for Job Hopping 34:40 - The Job Hopping Dilemma 42:42 - Navigating the Contract Economy 47:47 - Finding Your Forever Home in IT 58:22 - Advice for Sysadmins at Different Career Stages