bert_hubert, 23 days ago to random

This is quite rare - the C root-servers are out of sync with the rest of the world by 3 days. Since that time there have been no changes in the root zone, except for DNSSEC signature updates. It appears all C instances (operated by #cogent) are serving an outdated zone. For now this has no operational impact, but that might change #DNSSEC

michal, 4 months ago to ipv6

More details about the end of #IPv4 in state services: On 18th of December 2013 Czech #government decided that every service provided by Czech state has to be available on #IPv6 and be protected by #DNSSEC by 30th of June 2015. Yesterday a followed up action has been agreed on. On 6th of June 2032, IPv4 will be disabled on all services offered by Czech republic and they will be only available on IPv6 from that day on. Apart from that, every June starting from 2025, Czech government will get a report on how are the preparations.

Overall seems like a bold move, but I totally support it! IT sends a message, that #IPv4 is over and everybody should move to #IPv6 already. And even government - the definition of conservative and bureaucratic institution - gets it. Then why shouldn't you embrace it 😉

More information in Czech:
https://blog.nic.cz/2024/01/18/kratke-vlny-vladni-restart-podpory-ipv6/
https://blog.nic.cz/2024/01/18/odvazny-krok-ceske-vlady/

todb, 4 months ago to random

I, humbly, consider myself pretty conversant in the basics of (modern and classical) cryptography and information security.

For most of my career, I've been mystified as to what problem #DNSSEC purports to solve.

Has there ever been a case of a DNS-based attack (spoofing, hijacking, transfer, DDoS, etc) that's been thwarted by DNSSEC? Or, in the reverse, has there been an attack that was successful that DNSSEC would have solved?

I don't know what it is, but the upsides of DNSSEC just hasn't clicked in my brain.

huguei, 1 month ago to random

We have new KSK for the root!
Today a mega ceremony was held where new HSMs were introduced and a new root key was generated in them. This key will be pre-publicated at the end of this year, and the rollover will be at the end of 2026. It'll be the third in the history of the DNS. The first was in 2010 and the second in 2017. #dns #dnssec

A TV screenshot of two HSMs
A person holding a box with cryptographic keys inside.

nlnetlabs, 4 months ago to security

Coordinating and responsibly disclosing today’s two #DNSSEC #security vulnerabilities has been a huge coordination effort amongst researchers, #DNS implementers and early-access testing by our collective customers. It is a true testament to #OpenSource security and resilience. Our thanks go out to everyone involved! 💚🛡️💚 https://nlnetlabs.nl/projects/unbound/security-advisories/

selea, 5 years ago to infosec

ICANN recently started to recommend all domains to deploy DNSSEC as a consequence after the first successful attack against a non-signed domain.

Please enable DNSSEC on your domain in order to protect your users.

#mastoadmin #dns #dnssec #infosec

https://www.icann.org/news/announcement-2019-02-22-en

heiseonline, 7 months ago to email German

Transportsicherheit: BSI zertifiziert E-Mail-Dienste nach neuer Richtlinie

Das BSI hat ein neues Zertifizierungsverfahren für E-Mail-Provider auf Basis einer aktualisierten Technischen Richtlinie zur Transportsicherheit aufgesetzt.

https://www.heise.de/news/Transportsicherheit-BSI-zertifiziert-E-Mail-Dienste-nach-neuer-Richtlinie-9349117.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege

#BSI #DNSSEC #EMail #Provider #Security #news

nlnetlabs, 4 months ago to security

🚨 We have released version 1.19.1 of Unbound #DNS resolver, which contains #security fixes for CVE-2023-50387 and CVE-2023-50868. ⚠️ Please update as soon as possible in order to mitigate two #DNSSEC validation vulnerabilities that affect all well-known resolvers. https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/

PowerDNS, 4 months ago to random

PowerDNS Recursor Security Advisory 2024-01
(PowerDNS Recursor 4.8.6, 4.9.3 and 5.0.2 Released)
https://blog.powerdns.com/2024/02/13/powerdns-recursor-4-8-6-4-9-3-5-0-2-released #dns #dnssec

internetsociety, 1 year ago to random

It's great to see Zambia and Kenya's country code Top-Level Domains #ccTLD re-signing with #DNSSEC recently 👏

https://pulse.internetsociety.org/blog/here-today-gone-tomorrow

PowerDNS, 1 month ago to random

PowerDNS DNSdist 1.9.4 released
https://blog.powerdns.com/2024/05/13/powerdns-dnsdist-1.9.4-released #dns #dnssec

danyork, 6 months ago to random

For those of us in the admittedly obscure world of #DNS security and #DNSSEC, this is very important as it marks a transition to elliptic curve algorithms…

… but for probably 99.9% of Internet users, this is serious “eyes glaze over” territory. 😃

From: @rr
https://txt.udp53.org/@rr/statuses/01HGT0ZPH6G5E96HZB6GK6E7J1

PowerDNS, 2 months ago to random

PowerDNS DNSdist 1.9.1 Released
https://blog.powerdns.com/2024/03/14/powerdns-dnsdist-1.9.1-released #dns #dnssec

PowerDNS, 2 months ago to random

PowerDNS DNSdist 1.9.2 Released
https://blog.powerdns.com/2024/04/05/powerdns-dnsdist-1.9.2-released #dns #dnssec

zash, 7 months ago to random

As of last night #Prosody trunk now supports #DNSSEC #DANE authentication natively for both incoming and outgoing server-to-server connections! 🎉
#xmpp

madnuttah, 6 months ago to homelab

I've released version 1.19.0-3 of my @nlnetlabs #unbound #docker image with updated build environments and unbound base to #alpinelinux 3.19.0. I have reduced two image layers by adding a separate build stage. The tags of the build environments got pinned for better #reproducibility, too.

Stay safe 💚

https://github.com/madnuttah/unbound-docker

#dns #dnssec #homelab #selfhosting #security #privacy

madnuttah, 3 months ago to Magic

I've made a new #workflow which is tagging and releasing #cd built images automatically too. I can't wait for @nlnetlabs releasing a new #unbound version to watch the #magic. Or to watch it fail.

In my dev-env it works like a charm, though.

I don't want to seem arrogant but I guess this is one of the most feature-rich, secure and advanced image around. And always made with ❤️.

Yeah, I'm a bit proud of myself which is rare.
#ci #dns #dnssec #privacy #opensource

nygren, 6 months ago to random

#DNSSEC: bringing together the legendary robustness and lack of obscure failure modes of the #DNS and a #PKI

PowerDNS, 3 months ago to random

PowerDNS DNSdist 1.9.0 released
https://blog.powerdns.com/2024/02/16/powerdns-dnsdist-1.9.0-released #dns #dnssec

bortzmeyer, 4 months ago to random French

See you in Brussels this week-end for a lightning talk about the .ru #DNSSEC incident https://fosdem.org/2024/schedule/event/fosdem-2024-3740-observations-on-a-dnssec-incident-the-russian-tld/

#FOSDEM

rysiek, 4 months ago (edited 4 months ago) to sysadmin

Hug your #DNS recursive resolver #SysAdmin over the next few days. They might need it.

#DNSSEC #KeyTrap

shaft, 11 months ago to ipv6

The Dutch government official Mastodon instance, social.overheid.nl, has #IPv6 and is signed using #DNSSEC

https://piaille.fr/@shaft/110701891918865732

LGS, 18 days ago to random

https://arstechnica.com/security/2024/05/dns-glitch-that-threatened-internet-stability-fixed-cause-remains-unclear/?fbclid=IwZXh0bgNhZW0CMTEAAR2WPgK7w_udJdBDN11jHlFzvCjLbnkvjn1WpVm5SF_NEt6oolof74Detfk_aem_AbxrJSovPLKMuPav-bK1-2o7fjfI6CtU6ltS_v4zrr4jIU3-yP37SmZuNFumGwF1jUAKieHsO9MSfTi4An_h8qcs #dns #dnssec #t1d

PowerDNS, 16 days ago to random

PowerDNS Authoritative Server 4.9.1 Released
https://blog.powerdns.com/2024/05/28/authoritative-server-4-9-1 #dns #dnssec

jpmens, 20 days ago to random

Yet another #DNS draft: ZONEVERSION

https://datatracker.ietf.org/doc/draft-ietf-dnsop-zoneversion/

I actually like the idea of receiving the SOA serial (zone version) in a response. Makes certain debugs easier