docs: Technitium DNS IP — 10.0.20.101 → 10.0.20.201

Stragglers from the same drift as commit b288a59 (monorepo) / the 2026-05-22 viktorbarzin.me apex incident — the `.101` references were left over from the NodePort exposure era. Technitium's actual MetalLB LB IP is `.201` (in pool 10.0.20.200-220). - architecture/vpn.md — Technitium component cell + AdGuard forwarder example + nslookup troubleshooting hint - architecture/networking.md — 502 ingress troubleshooting snippet - plans/2026-02-22-talos-linux-migration-evaluation.md — nameservers example
2026-05-23 08:53:52 +00:00 · 2026-05-23 08:53:52 +00:00 · 0025511b6a
commit 0025511b6a
parent 68a503e29f
3 changed files with 5 additions and 5 deletions
--- a/docs/architecture/networking.md
+++ b/docs/architecture/networking.md
@ -416,7 +416,7 @@ Containerd on all K8s nodes uses `hosts.toml` to redirect pulls to the local cac

 ### Ingress Returns 502 Bad Gateway

-**Symptoms**: Cloudflared tunnel is up, Traefik logs show `dial tcp: lookup <service> on 10.0.20.101:53: no such host`.
+**Symptoms**: Cloudflared tunnel is up, Traefik logs show `dial tcp: lookup <service> on 10.0.20.201:53: no such host`.

 **Diagnosis**: DNS resolution failed. Check:
 1. Is Technitium pod running? `kubectl get pod -n technitium`
--- a/docs/architecture/vpn.md
+++ b/docs/architecture/vpn.md
@ -86,7 +86,7 @@ sequenceDiagram
 | Authentik | OIDC provider | K8s | SSO authentication for Headscale |
 | DERP Relay | Embedded in Headscale | K8s (region 999) | Relay for NAT traversal |
 | AdGuard DNS | Container | K8s | Global DNS resolver with ad-blocking |
-| Technitium DNS | Container | K8s (10.0.20.101) | Internal .lan domain resolver |
+| Technitium DNS | Container | K8s (10.0.20.201) | Internal .lan domain resolver |

 ## How It Works

@ -224,7 +224,7 @@ dns_config:
 - Google: `8.8.8.8`, `8.8.4.4`

 **Conditional forwarding**:
- `viktorbarzin.lan` → `10.0.20.101` (Technitium)
+- `viktorbarzin.lan` → `10.0.20.201` (Technitium)

 **Ad-blocking lists**:
 - AdGuard DNS filter
@ -377,7 +377,7 @@ dns_config:
 **Steps**:
 1. Verify AdGuard is running: `kubectl get pod -n adguard`
 2. Check AdGuard conditional forwarding: Query AdGuard directly: `nslookup nextcloud.viktorbarzin.lan <adguard-ip>`
-3. Check Technitium: `nslookup nextcloud.viktorbarzin.lan 10.0.20.101`
+3. Check Technitium: `nslookup nextcloud.viktorbarzin.lan 10.0.20.201`

 **Common causes**:
 1. **AdGuard not forwarding .lan**: Conditional forwarding rule missing or misconfigured.
--- a/docs/plans/2026-02-22-talos-linux-migration-evaluation.md
+++ b/docs/plans/2026-02-22-talos-linux-migration-evaluation.md
@ -106,7 +106,7 @@ machine:
          - network: 0.0.0.0/0
            gateway: 10.0.20.1
    nameservers:
-      - 10.0.20.101  # Technitium
+      - 10.0.20.201  # Technitium
      - 1.1.1.1
  registries:
    mirrors: