diff --git a/docs/photos/PXL_20211006_142214161_672x504.png b/docs/photos/PXL_20211006_142214161_672x504.png
new file mode 100644
index 0000000..999a53f
Binary files /dev/null and b/docs/photos/PXL_20211006_142214161_672x504.png differ
diff --git a/docs/posts/raspberrypi-lte-failover-router-with-dns-caching.md b/docs/posts/raspberrypi-lte-failover-router-with-dns-caching.md
new file mode 100644
index 0000000..5a9decd
--- /dev/null
+++ b/docs/posts/raspberrypi-lte-failover-router-with-dns-caching.md
@@ -0,0 +1,169 @@
+---
+title: "RaspberryPi LTE-Failover Router With DNS Caching"
+date: 2021-10-06
+draft: false
+tags: ["RaspberryPi", "Arch", "linux", "router", "tethering", "android", "winblows"]
+summaryimage: PXL_20211006_142214161_672x504.png
+summaryimagew: 672
+summaryimageh: 504
+authors: ["trent"]
+post: 23
+---
+date: 2021-10-06
+
+
+## Introduction
+Apparently Windows has a problem resolving hosts when you tether from Mobile HotSpot.
+
+The solution is to build a DNS-Caching router that tethers off the smartphone. This takes
+advantage of Android's ability so transparently fail-over to LTE when residential
+internet service goes down.
+
+This solution also takes advantage of the RaspberryPi's incredibly low price,
+the fact that LineageOS will run on cheap old phones that are no longer supported by the mfgr,
+and the fact that GoogleFi will ship you a data-sim for free.
+
+For instance, I just bought a brand-new, open-box Pixel phone for $85, and presumable the
+MotoX4 can also be had for next to nothing.
+
+## Materials
+* [RaspberryPi](https://www.amazon.com/CanaKit-Raspberry-Starter-Premium-Black/dp/B07BCC8PK7){target="_blank"}
+running [Arch Linux Arm](https://archlinuxarm.org/platforms/armv8/broadcom/raspberry-pi-3){target="_blank"}
+* Old Android Phone Running [LineageOS](https://wiki.lineageos.org/devices/){target="_blank"}
+* [Free Data Sim Card From GoogleFi](https://support.google.com/fi/answer/6330195?hl=en#zippy=%2Corder-your-data-only-sim){target="_blank"}
+
+
+<figure>
+  <img src=../../photos/PXL_20211006_142214161_672x504.png width="100%" />
+  <figcaption>RaspberryPi Router tethered off MotoX4 (running LineageOS)</figcaption>
+</figure>
+
+## Setup
+Personally I would
+
+* [secure the ssh server](https://wiki.archlinux.org/title/OpenSSH#Force_public_key_authentication){target="_blank"}
+* [generate and configure the locale](https://wiki.archlinux.org/title/locale){target="_blank"}
+* [remove the default root password, and default user](https://wiki.archlinux.org/title/users_and_groups){target="_blank"}
+* write your preferred hostname in `/etc/hostname`
+* configure your preferred timezone:
+  ```shell
+  ln -sf /usr/share/zoneinfo/<Zone>/<SubZone> /etc/localtime
+  ```
+
+Additionally, the router won't be accessible for administrative tasks when it
+is behind the _Android Tether_ ; for this I would use a
+[wireguard vpn](https://wiki.archlinux.org/title/WireGuard){target="_blank"}.
+
+## Configure The Router.
+The entire configuration of the router consists of two `systemd-networkd`
+interface definitions, as well as `/etc/resolv.conf`, and `/etc/dnsmasq.conf`.
+### resolvconf
+`systemd-resolved` is no use to us because it only listens on localhost.
+```shell
+# disable systemd-resolved
+systemctl stop systemd-resolved
+systemctl disable systemd-resolved
+unlink /etc/resolv.conf
+```
+After unlinking the symlinked version of `/etc/resolv.conf`,
+write your nameservers and options in a real `/etc/resolv.conf`.
+```cfg
+# the default timeout of 5 seconds is too slow
+options timeout:1
+
+# nameserver when connected to lan
+nameserver 192.168.1.1
+# nameserver when connected to mobile network
+nameserver 8.8.8.8
+```
+### Interface Definitions For `systemd-networkd`
+I believe the usb interfaces are numbered 1-4,
+so either be careful which one you use, or maybe a wildcard name
+will work, i.e. `Name=usb*`
+```cfg
+# uplink
+# /etc/systemd/network/usb0.network
+[Match]
+Name=usb0
+
+[Network]
+DHCP=yes
+DNSSEC=no
+IPForward=yes
+```
+```cfg
+# downlink, ethernet cable
+# /etc/systemd/network/eth0.network
+[Match]
+Name=eth0
+
+[Network]
+Address=10.12.34.1/24
+DHCPServer=yes
+IPForward=yes
+IPMasquerade=both
+```
+### Configuration For `dnsmasq`
+Install [dnsmasq](https://wiki.archlinux.org/title/dnsmasq){target="_blank"},
+and enable it `systemctl enable dnsmasq`.
+```cfg
+# /etc/dnsmasq.conf
+resolv-file=/etc/resolv.conf
+interface=eth0
+no-dhcp-interface=eth0
+```
+## Reboot
+Plug in the Android Phone, reboot the RaspberryPi, and when it comes back up
+toggle on the USB tether on the Android Phone.
+
+Plug ethernet cable into Windows Computer, open **CMD** prompt and type
+`ping google.com` to test connectivity and name resolution. Or on a
+Linux computer type `ping -c 3 google.com`.
+## Alternate DHCP Service
+You can use `dnsmasq` for DHCP Service instead of `systemd-networkd`.
+```cfg
+# downlink, ethernet cable
+# /etc/systemd/network/eth0.network
+[Match]
+Name=eth0
+
+[Network]
+Address=10.12.34.1/24
+# DHCPServer=yes
+IPForward=yes
+IPMasquerade=both
+```
+```cfg
+# /etc/dnsmasq.conf
+resolv-file=/etc/resolv.conf
+interface=eth0
+# no-dhcp-interface=eth0
+dhcp-range=10.12.34.50,10.12.34.150
+```
+## Reference For `systemd-networkd`
+* examples in `/usr/lib/systemd/network/`
+* [Man Page](https://www.freedesktop.org/software/systemd/man/systemd.network.html){target="_blank"}
+
+## Use With Multiple Computers
+Just add an
+[unmanaged switch](https://www.amazon.com/Ethernet-Splitter-Optimization-Unmanaged-TL-SG108/dp/B00A121WN6){target="_blank"}.
+
+## Wifi Instead of Ethernet
+Use downlink definition for `wlan0` instead of `eth0`,
+and install `hostapd`
+```cfg
+# /etc/hostapd/hostapd.conf
+interface=wlan0
+hw_mode=g
+channel=7
+wmm_enabled=0
+macaddr_acl=0
+auth_algs=1
+ignore_broadcast_ssid=0
+wpa=2
+wpa_key_mgmt=WPA-PSK
+wpa_pairwise=TKIP
+rsn_pairwise=CCMP
+ssid=NETWORK
+wpa_passphrase=PASSWORD
+```