PowerDNS, to random
@PowerDNS@fosstodon.org avatar

PowerDNS Recursor 5.0.6 Released
https://blog.powerdns.com/2024/06/05/powerdns-recursor-5-0-6-released

shaft, to random
@shaft@piaille.fr avatar

Lol, KPN (looks like a Dutch ISP) switched from old algorithm 7 to old algorithm 7 🙃

Algorithm 7 (RSASHA1-NSEC3-SHA1) is not recommended for #DNSSEC signing (RFC 8624, section 3.1). It's place is in a museum

https://mastodns.net/@diffroot/112560492075070043

jpmens, to random
@jpmens@mastodon.social avatar

Twelve years ago I was invited to present on #DNSSEC in Moscow. Quite the show actually: we had simulataneous translators (think: EU parliament) who translated my English to Russian and back for questions from the audience.

Imagine my surprise when I met @krisbuytaert there: he too had been invited to give a talk.

The stay was great: it allowed me to brush up on my Russian: I learned how to pronounce 'nyet'.

#historicNotHystericToot #springCleaning

PowerDNS, to random
@PowerDNS@fosstodon.org avatar

PowerDNS Authoritative Server 4.9.1 Released
https://blog.powerdns.com/2024/05/28/authoritative-server-4-9-1

jpmens, (edited ) to random
@jpmens@mastodon.social avatar

"Because of the lack of clear signals of general adoption of DNSSEC over three decades, is it time to acknowledge that DNSSEC is just not going anywhere? Is it time to call it a day for DNSSEC and just move on?"

https://blog.apnic.net/2024/05/28/calling-time-on-dnssec/

bortzmeyer,
@bortzmeyer@mastodon.gougere.fr avatar

@jpmens A few remarks: https://write.as/bortzmeyer/should-we-drop-dnssec

#DNSSEC #TLS

gjherbiet,
@gjherbiet@mamot.fr avatar

@jpmens @bortzmeyer @icing I also think software has matured and more and more RFCs/drafts help automating #DNSSEC (hence reducing human errors which account for a lot of outages).
To do a parallel, #HTTPS was widely adopted only when the proper protocols and tooling (ACME) to automate X.509 certificates management were reliable.
We are are only (slowly) getting there with #DNSSEC.

Tutanota, to privacy
@Tutanota@mastodon.social avatar

Protecting your doesn't stop with our world's first post-quantum email . ⚛️🔒

Tuta uses and to keep you secure. 💪

To learn more 👉👉👉 https://tuta.com/blog/tutanota-uses-dane-on-top-of-ssl-pfs

LGS, to random
@LGS@friendsofdesoto.social avatar

https://arstechnica.com/security/2024/05/dns-glitch-that-threatened-internet-stability-fixed-cause-remains-unclear/?fbclid=IwZXh0bgNhZW0CMTEAAR2WPgK7w_udJdBDN11jHlFzvCjLbnkvjn1WpVm5SF_NEt6oolof74Detfk_aem_AbxrJSovPLKMuPav-bK1-2o7fjfI6CtU6ltS_v4zrr4jIU3-yP37SmZuNFumGwF1jUAKieHsO9MSfTi4An_h8qcs

jpmens, to random
@jpmens@mastodon.social avatar

Yet another #DNS draft: ZONEVERSION

https://datatracker.ietf.org/doc/draft-ietf-dnsop-zoneversion/

I actually like the idea of receiving the SOA serial (zone version) in a response. Makes certain debugs easier

gjherbiet,
@gjherbiet@mamot.fr avatar

@shane_kerr @jpmens I just had the opposite train of thought: (aggressively) discard all cached entries when I know a zone has been updated (increased ZONEVERSION).
Maybe this could make the CDNs stop using dramatically low TTLs on all their records, just in case they might update their zone (or we could more comfortably use higher min-ttl values).
I also some potential to limit of outages caused by bad practice.

jpmens, to random
@jpmens@mastodon.social avatar

Forgive me, @mutax, but I just have to steal that:

the C in c.root-servers.net. stands for "caputt".

jpmens,
@jpmens@mastodon.social avatar

to be clear: if it's a #DNSSEC issue and something's broken, then it's spelled kaputt.

bert_hubert, to random
@bert_hubert@fosstodon.org avatar

This is quite rare - the C root-servers are out of sync with the rest of the world by 3 days. Since that time there have been no changes in the root zone, except for DNSSEC signature updates. It appears all C instances (operated by #cogent) are serving an outdated zone. For now this has no operational impact, but that might change #DNSSEC

kubikpixel, to internet German
@kubikpixel@chaos.social avatar

»Cloudflare-Alternative:
19 Cloudflare-Alternativen im Überblick«

Hat jemensch von euch Erfahrung mit eines diesen Alternativen oder gar sogar mit einer nicht aufgeführten? Wenn ja, welches könnt ihr aus welchen Argumente und Gründen empfehlen?
(Ich zweifle immer noch welches am "sichersten" und "daten sparsam" ist)

🌐 https://letsbecrazy.de/cloudflare-alternative/


#cloudflare #internet #websicherheit #dns #webdev #dnssec #alternative #frage #it

PowerDNS, to random
@PowerDNS@fosstodon.org avatar

PowerDNS Recursor 4.8.9, 4.9.6 and 5.0.5 Released
https://blog.powerdns.com/2024/05/14/powerdns-recursor-4-8-9-4-9-6-5-0-5-released-0 #dns #dnssec

bortzmeyer, to random French
@bortzmeyer@mastodon.gougere.fr avatar

Point positif pour la sécurité nationale : 15 des 1031 domaines de gouv.fr sont désormais signés avec #DNSSEC, dont celui de Dati, crucial pour la nation https://botsin.space/@DNSresolver/112438440953456482

(Notez que son copain Le Maire signe mais ne publie pas de DS pour finances.gouv.fr.)

  • All
  • Subscribed
  • Moderated
  • Favorites
  • JUstTest
  • mdbf
  • ngwrru68w68
  • tester
  • magazineikmin
  • thenastyranch
  • rosin
  • khanakhh
  • InstantRegret
  • Youngstown
  • slotface
  • Durango
  • kavyap
  • DreamBathrooms
  • megavids
  • tacticalgear
  • osvaldo12
  • normalnudes
  • cubers
  • cisconetworking
  • everett
  • GTA5RPClips
  • ethstaker
  • Leos
  • provamag3
  • anitta
  • modclub
  • lostlight
  • All magazines
    •