My experimental authoritative name server deployed on the IETF network for the #IETF119 hackathon receives requests for sl/ANY (it rejects them).
I was wondering why someone is interested in Sierra Leone but it turns out its authoritative name servers accept QTYPE=ANY and return > 5 kB of data, with several keys, signatures and even NSEC records to prove that they have returned everything they know.
Damn #ipv6 you just keep coming back up in the #homelab!! Can we make a ipv5.5432 or something that I can wrap my head around this shit easier! It's the adkjlfa;dljfklad:adlkjfal;dkfja:a;lkdjlfkjfjd:123:1233435:3434:22123233 that throws me off. Then here comes them network heads be like.. You dummy the fuck wrong with you that's easy as shit to see.. It's the 3rd semicolon from the back.. you ass hat.. ummm what! 😐
We're implementing fast_reload in Unbound #DNS resolver. It works by creating a thread that reads the configuration and allocates memory. Then, it quickly halts the other threads, updates the config and swaps the trees of forwards and stubs in place, and continues the other threads. A test with thousands of forwards has a reload time of 0.027s with 0.0003s spent in halting the other threads. https://github.com/NLnetLabs/unbound/pull/1015
Das geplante Tutorial zu #RethinkDNS für das erste Quartal 2024 ist auf unbestimmte Zeit verschoben. Auch Version 0.5.5c ist mir persönlich noch zu buggy bzw. es treten seltsame Situationen/Schwierigkeiten im Betrieb auf. Da muss noch etwas Fleiß und Arbeit reinfließen, bevor ich dazu ein Tutorial erstelle.
Since last November, we've been quite busy with security releases for Unbound. Now, with this latest bug fix release out the door, our aim is to get some features released we've been preparing, such as DNS-over-QUIC and upstream #DNS cookies. 🍪🍪 #DoQhttps://github.com/NLnetLabs/unbound/milestone/3
Je viens juste de me rendre compte que #TCPFastOpen n'était pas activé sur mes 2 serveurs faisant autorité acceptant les requêtes via #TLS (chiffrement opportuniste, les certificats sont auto-signés — mais vérifiables via #DANE/TLS). J'étais donc en (léger) froid avec la section 4.1 du RFC 9210 (aka BCP 235) :
Spread the #DNS news: BIND 9.16 is approaching its End of Life (EOL). April 2024 will be the last release for the 9.16 branch. Users are encouraged to migrate to 9.18.
On this episode of "managing your #HomeLab the same way you manage your day job": I've been discussing with my wife an appropriate change window to migrate our home #DNS server. She's my Change Advisory Board. 🤣
To all who are hosting their own #dns#authoritive server with #dnssec - what do you use in 2024?
#Ed25519 or #ECDSA-P256 or still on some #RSA algorithms? Shorter key length is especially in DNS a benefit but still not all resolvers may be able to support this in 2024?!
If you have #DNS research in an early stage and would like some feedback, please consider submitting a one page-abstract to the DINR workshop https://ant.isi.edu/events/dinr2024/
Deadline will be extended until 7 March