#DNSSEC

4 posts3 participants0 posts today

JP MensI just glanced at something called a "Nintendo DS emulator", and I've understood it.They have no DNSKEY, you see, so they have to emulate the DS.<a href="https://mastodon.social/tags/dns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dns</a> <a href="https://mastodon.social/tags/dnssec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dnssec</a> <a href="https://mastodon.social/tags/sorry" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#sorry</a> <a href="https://mastodon.social/tags/notDrunk" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#notDrunk</a>

John Shafttl;dr : - env. 4 215 000 domaines enregistrés dans .fr au 31 décembre 2024 - 19,8% des domaines signés avec <a href="https://piaille.fr/tags/DNSSEC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DNSSEC</a> (≈ 835 000). Chiffre pudiquement qualifié de « modeste ». - 31646 <a href="https://piaille.fr/tags/IDN" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#IDN</a> enregistrés, soit ≈ 0,75% du total. Ridiculement bas« Bilan du .fr en 2024 : plus de 800 000 nouveaux noms enregistrés » <a href="https://www.afnic.fr/observatoire-ressources/actualites/bilan-du-fr-en-2024-plus-de-800-000-nouveaux-noms-enregistres/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.afnic.fr/observatoire-ressources/actualites/bilan-du-fr-en-2024-plus-de-800-000-nouveaux-noms-enregistres/</a>

Jan Schaumann"Nope: Strengthening Domain Authentication with Succinct Proofs"<a href="https://nope-tools.org/nope.pdf" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://nope-tools.org/nope.pdf</a>Basically: domain owner <a href="https://mstdn.social/tags/DNSSEC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DNSSEC</a> signs their name, then encodes a proof of that DNSSEC chain into a new domain name, stashes that in a SAN in the cert and wants the client to verify the proof against... the root ZSK? Which it fetches via DoH from Google DNS, but... doesn't verify?Not sure I get it.<a href="https://mstdn.social/tags/realworldcrypto" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#realworldcrypto</a> <a href="https://mstdn.social/tags/dns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dns</a>

Jan SchaumannPost-Quantum <a href="https://mstdn.social/tags/DNSSEC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DNSSEC</a> Testbed with BIND and PowerDNS <a href="https://pq-dnssec.dedyn.io/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://pq-dnssec.dedyn.io/</a><a href="https://mstdn.social/tags/dns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dns</a> <a href="https://mstdn.social/tags/RealWorldCrypto" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RealWorldCrypto</a> <a href="https://mstdn.social/tags/pqc" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#pqc</a>

Death by Lambda<a href="https://infosec.exchange/@rmd1023" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@rmd1023</a> <a href="https://mstdn.social/@jschauma" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@jschauma</a> is the one you want to ask. <a href="https://mastodon.social/tags/DNS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DNS</a> <a href="https://mastodon.social/tags/DNSSEC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DNSSEC</a>

gregR ☯<a href="https://mastodon.gougere.fr/@bortzmeyer" class="u-url mention">@bortzmeyer</a> le principal intérêt de <a href="https://mamot.fr/tags/dnssec" class="mention hashtag" rel="tag">#dnssec</a> <a href="https://www.bortzmeyer.org/dns-afrinic-stale.html" target="_blank" rel="nofollow noopener noreferrer" translate="no">https://www.bortzmeyer.org/dns-afrinic-stale.html</a> Mais vous le connaissez :) Le reste <a href="https://ianix.com/pub/dnssec-outages.html" target="_blank" rel="nofollow noopener noreferrer" translate="no">https://ianix.com/pub/dnssec-outages.html</a> Avec un petit faible pour Slack <a href="https://lists.dns-oarc.net/pipermail/dns-operations/2021-September/021340.html" target="_blank" rel="nofollow noopener noreferrer" translate="no">https://lists.dns-oarc.net/pipermail/dns-operations/2021-September/021340.html</a>

Stéphane BortzmeyerFormation <a href="https://mastodon.gougere.fr/tags/DNSSEC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DNSSEC</a> toute la semaine prochaine. Si vous avez des exemples de trucs DNSSEC rigolos (par exemple des erreurs de configuration, ou au contraire des déploiements réussis), c'est le moment de les citer.

John ShaftDr. Dre is going elliptic <a href="https://piaille.fr/tags/DNSSEC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DNSSEC</a> <a href="https://mastodns.net/@diffroot/114202594031197957" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://mastodns.net/@diffroot/114202594031197957</a>

Éric V.For <a href="https://mamot.fr/tags/email" class="mention hashtag" rel="tag">#email</a> configuration and <a href="https://mamot.fr/tags/security" class="mention hashtag" rel="tag">#security</a> check, the European Commission provides a great tool: MECSA <a href="https://mecsa.jrc.ec.europa.eu/en/" target="_blank" rel="nofollow noopener noreferrer" translate="no">https://mecsa.jrc.ec.europa.eu/en/</a> conclusion: I still have some improvements to implement on my own server <a href="https://mamot.fr/tags/sysadmin" class="mention hashtag" rel="tag">#sysadmin</a> <a href="https://mamot.fr/tags/linux" class="mention hashtag" rel="tag">#linux</a> <a href="https://mamot.fr/tags/postfix" class="mention hashtag" rel="tag">#postfix</a> <a href="https://mamot.fr/tags/DKIM" class="mention hashtag" rel="tag">#DKIM</a> <a href="https://mamot.fr/tags/DMARC" class="mention hashtag" rel="tag">#DMARC</a> <a href="https://mamot.fr/tags/DNSSEC" class="mention hashtag" rel="tag">#DNSSEC</a> <a href="https://mamot.fr/tags/selfhosting" class="mention hashtag" rel="tag">#selfhosting</a>

ChaCha20Poly1305@bortzmeyer@mastodon.gouger Aurais-tu des conseils pour fournir une zone DNS via un script Python/Perl qui génère des enregistrements à la volée (sans les stocker) et faire du <a href="https://mastodon.libre-entreprise.com/tags/DNSSEC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DNSSEC</a> dessus ? Je bataille avec PowerDNS.

PowerDNSFirst alpha release of PowerDNS DNSdist 2.0.0 <a href="https://blog.powerdns.com/2025/03/18/first-alpha-release-of-powerdns-dnsdist-2.0.0" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://blog.powerdns.com/2025/03/18/first-alpha-release-of-powerdns-dnsdist-2.0.0</a> <a href="https://fosstodon.org/tags/dns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dns</a> <a href="https://fosstodon.org/tags/dnssec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dnssec</a>

IPFire NewsIPFire protects your DNS requests from being forged by using <a href="https://social.ipfire.org/tags/DNSSEC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DNSSEC</a>

Hacklab LogoutEl dia asollellat del matí 🌅 s'ha quedat en un ideal dia plujós 🌧 per encriptar la resolució de noms ( <a class="hashtag" href="https://bcn.fedi.cat/tag/dns" rel="nofollow noopener noreferrer" target="_blank">#DNS</a> ) que per defecte va sense protegir 🔒 Tutorial! Fem servir <a class="hashtag" href="https://bcn.fedi.cat/tag/resolved" rel="nofollow noopener noreferrer" target="_blank">#resolved</a> per tenir <a class="hashtag" href="https://bcn.fedi.cat/tag/dnssec" rel="nofollow noopener noreferrer" target="_blank">#DNSSEC</a> (autenticitat) i <a class="hashtag" href="https://bcn.fedi.cat/tag/dot" rel="nofollow noopener noreferrer" target="_blank">#DoT</a> <a class="hashtag" href="https://bcn.fedi.cat/tag/doh" rel="nofollow noopener noreferrer" target="_blank">#DoH</a> (confidencialitat i integritat) Evitem la vigilància massiva, protegim-nos contra alguns tipus de censura, i contra alguns atacs informàtics 😼 <a href="https://sindominio.net/logout/web/posts/2025-03-16-protegint-peticions-dns" rel="nofollow noopener noreferrer" target="_blank">https://sindominio.net/logout/web/posts/2025-03-16-protegint-peticions-dns</a>

Jan SchaumannSystem AdministrationWeek 7, The Domain Name System, Part IIIIn this video, we try to wrap up our discussion of the Domain Name System by addressing the nature of the root nameservers, looking at various different resource record types, observing reverse lookups, and thinking about how we can have assurance of authenticity and integrity of the <a href="https://mstdn.social/tags/DNS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DNS</a> results returned to us via <a href="https://mstdn.social/tags/DNSSEC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DNSSEC</a>.<a href="https://youtu.be/XDJEJFVNoko" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://youtu.be/XDJEJFVNoko</a><a href="https://mstdn.social/tags/SysAdmin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SysAdmin</a> <a href="https://mstdn.social/tags/DevOps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DevOps</a> <a href="https://mstdn.social/tags/SRE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SRE</a>

gregR ☯<a href="https://mastodon.online/@unixtippse" class="u-url mention">@unixtippse</a> <a href="https://mastodon.social/@jpmens" class="u-url mention">@jpmens</a> they are looking for the DS key maybe ? <a href="https://mastodon.gougere.fr/@DNSresolver/114126039762798724" target="_blank" rel="nofollow noopener noreferrer" translate="no">https://mastodon.gougere.fr/@DNSresolver/114126039762798724</a> <a href="https://mamot.fr/tags/dns" class="mention hashtag" rel="tag">#dns</a> <a href="https://mamot.fr/tags/DNSSEC" class="mention hashtag" rel="tag">#DNSSEC</a>

John ShaftSo smol 🥺<a href="https://piaille.fr/tags/DNSSEC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DNSSEC</a> <a href="https://piaille.fr/tags/ed25519" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ed25519</a><a href="https://piaille.fr/@shaft/114115244980271165" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://piaille.fr/@shaft/114115244980271165</a>

John ShaftAh! .fj going back to secure. A <a href="https://piaille.fr/tags/TLD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TLD</a> using ed25519, sounds like a first 🤔Ping <a href="https://mastodon.social/@jpmens" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@jpmens</a> <a href="https://piaille.fr/tags/DNSSEC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DNSSEC</a><a href="https://mastodns.net/@diffroot/114112383277192436" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://mastodns.net/@diffroot/114112383277192436</a>

John ShaftHave not pay much attention to the Compact Denial of Existence in <a href="https://piaille.fr/tags/DNSSEC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DNSSEC</a> yet.Should have : there are nice straws for the <a href="https://piaille.fr/tags/DNSCamel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DNSCamel</a>. :3Eg. A new optional EDNS0 header flag (CO - for "Compact Answers OK"). Would be the first one since DO.<a href="https://datatracker.ietf.org/doc/draft-ietf-dnsop-compact-denial-of-existence/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://datatracker.ietf.org/doc/draft-ietf-dnsop-compact-denial-of-existence/</a>

John ShaftAh bah j'étais persuadé de ne pas avoir finalisé le roulement de <a href="https://piaille.fr/tags/ZSK" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ZSK</a> sur shaftinc.fr mais en fait si : depuis lundi dernier c'était plié :blobPikaUvU: <a href="https://dnsviz.net/d/shaftinc.fr/Z7xHVQ/dnssec" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://dnsviz.net/d/shaftinc.fr/Z7xHVQ/dnssec</a><a href="https://piaille.fr/tags/DNSSEC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DNSSEC</a>

Carlos Rodrigues 🪣I don't usually post about work-related stuff, but here's something...The state of DNSSEC on the wider Internet is sad, to say the least. Most large services don't sign their domains and most OSes can't do validation — "systemd-resolved" can, but not by default.It looks better regarding encryption at the OS level but, again, not by default.Combining these two, not even 0.5% of queries are fully protected from tampering.<a href="https://blog.cloudflare.com/new-dns-section-on-cloudflare-radar/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://blog.cloudflare.com/new-dns-section-on-cloudflare-radar/</a> 📜 <a href="https://radar.cloudflare.com/dns" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://radar.cloudflare.com/dns</a> 📈<a href="https://mastodon.social/tags/dns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dns</a> <a href="https://mastodon.social/tags/dnssec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dnssec</a>

Recent searches

Search options

Administered by:

Server stats: