John Kristoff<p>NIST SP-800-81: Secure Domain Name System (DNS) Deployment Guide initial public draft open for public comments.</p><p><a href="https://csrc.nist.gov/pubs/sp/800/81/r3/ipd" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">csrc.nist.gov/pubs/sp/800/81/r</span><span class="invisible">3/ipd</span></a></p><p><a href="https://infosec.exchange/tags/DNS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DNS</span></a> <a href="https://infosec.exchange/tags/DNSSEC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DNSSEC</span></a> <a href="https://infosec.exchange/tags/NIST" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NIST</span></a></p>
Recent searches
No recent searches
Search options
Only available when logged in.
norden.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
Moin! Dies ist die Mastodon-Instanz für Nordlichter, Schnacker und alles dazwischen. Folge dem Leuchtturm.
Administered by:
Server stats:
3.5Kactive users
norden.social: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.7
#dnssec
3 posts · 3 participants · 0 posts today
Stéphane Bortzmeyer<p><a href="https://mastodon.gougere.fr/tags/DNSSEC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DNSSEC</span></a> <br>Apple is moving from the old RSA with SHA-1 to ECDSA for its TLD <a href="https://dnsviz.net/d/apple/Z_jGvA/dnssec/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">dnsviz.net/d/apple/Z_jGvA/dnss</span><span class="invisible">ec/</span></a></p>
PowerDNS<p>PowerDNS Recursor 5.0.10, 5.1.4 and 5.2.2 Released<br><a href="https://blog.powerdns.com/2024/04/09/powerdns-recursor-5-0-10-5-1-4-5-2-2-released" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blog.powerdns.com/2024/04/09/p</span><span class="invisible">owerdns-recursor-5-0-10-5-1-4-5-2-2-released</span></a> <a href="https://fosstodon.org/tags/dns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dns</span></a> <a href="https://fosstodon.org/tags/dnssec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dnssec</span></a></p>
PowerDNS<p>PowerDNS Recursor Security Advisory 2025-01 (aka PowerDNS Recursor 5.2.1 Released)<br><a href="https://blog.powerdns.com/2025/04/07/powerdns-recursor-5-2-1-released" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blog.powerdns.com/2025/04/07/p</span><span class="invisible">owerdns-recursor-5-2-1-released</span></a> <a href="https://fosstodon.org/tags/dns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dns</span></a> <a href="https://fosstodon.org/tags/dnssec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dnssec</span></a></p>
Stéphane Bortzmeyer<p>223.5.5.5 (AliDNS) seems to be one of the few big public <a href="https://mastodon.gougere.fr/tags/DNS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DNS</span></a> resolvers without <a href="https://mastodon.gougere.fr/tags/DNSSEC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DNSSEC</span></a> validation. Anyone to talk to Xi Jiping about this issue?</p>
Anton<p>Hat hier wer Connections zur IT-Abteilung von aok.de? Die haben gestern das SSL-Zertifikat ihres mx1.aok.de getauscht, aber den TLSA-Record für DANE übersehen...</p><p><a href="https://dane.sys4.de/smtp/service.bw.aok.de" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">dane.sys4.de/smtp/service.bw.a</span><span class="invisible">ok.de</span></a></p><p>20:00 Uhr: geht wieder! Danke :)</p><p><a href="https://mastodon.social/tags/DANE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DANE</span></a> <a href="https://mastodon.social/tags/DNSSEC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DNSSEC</span></a> <a href="https://mastodon.social/tags/TLS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TLS</span></a> <a href="https://mastodon.social/tags/aok" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>aok</span></a></p>
John Shaft<p>tl;dr :<br>- env. 4 215 000 domaines enregistrés dans .fr au 31 décembre 2024<br>- 19,8% des domaines signés avec <a href="https://piaille.fr/tags/DNSSEC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DNSSEC</span></a> (≈ 835 000). Chiffre pudiquement qualifié de « modeste ».<br>- 31646 <a href="https://piaille.fr/tags/IDN" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IDN</span></a> enregistrés, soit ≈ 0,75% du total. Ridiculement bas</p><p>« Bilan du .fr en 2024 : plus de 800 000 nouveaux noms enregistrés »<br><a href="https://www.afnic.fr/observatoire-ressources/actualites/bilan-du-fr-en-2024-plus-de-800-000-nouveaux-noms-enregistres/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">afnic.fr/observatoire-ressourc</span><span class="invisible">es/actualites/bilan-du-fr-en-2024-plus-de-800-000-nouveaux-noms-enregistres/</span></a></p>
Jan Schaumann<p>"Nope: Strengthening Domain Authentication with Succinct Proofs"</p><p><a href="https://nope-tools.org/nope.pdf" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">nope-tools.org/nope.pdf</span><span class="invisible"></span></a></p><p>Basically:<br>domain owner <a href="https://mstdn.social/tags/DNSSEC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DNSSEC</span></a> signs their name, then encodes a proof of that DNSSEC chain into a new domain name, stashes that in a SAN in the cert and wants the client to verify the proof against... the root ZSK? Which it fetches via DoH from Google DNS, but... doesn't verify?</p><p>Not sure I get it.</p><p><a href="https://mstdn.social/tags/realworldcrypto" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>realworldcrypto</span></a> <a href="https://mstdn.social/tags/dns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dns</span></a></p>
Jan Schaumann<p>Post-Quantum <a href="https://mstdn.social/tags/DNSSEC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DNSSEC</span></a> Testbed with BIND and PowerDNS </p><p><a href="https://pq-dnssec.dedyn.io/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">pq-dnssec.dedyn.io/</span><span class="invisible"></span></a></p><p><a href="https://mstdn.social/tags/dns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dns</span></a> <a href="https://mstdn.social/tags/RealWorldCrypto" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RealWorldCrypto</span></a> <a href="https://mstdn.social/tags/pqc" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pqc</span></a></p>
gregR ☯<p><span class="h-card" translate="no"><a href="https://mastodon.gougere.fr/@bortzmeyer" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>bortzmeyer</span></a></span> le principal intérêt de <a href="https://mamot.fr/tags/dnssec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dnssec</span></a> <br><a href="https://www.bortzmeyer.org/dns-afrinic-stale.html" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bortzmeyer.org/dns-afrinic-sta</span><span class="invisible">le.html</span></a><br>Mais vous le connaissez :)<br>Le reste <a href="https://ianix.com/pub/dnssec-outages.html" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">ianix.com/pub/dnssec-outages.h</span><span class="invisible">tml</span></a><br>Avec un petit faible pour Slack <a href="https://lists.dns-oarc.net/pipermail/dns-operations/2021-September/021340.html" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">lists.dns-oarc.net/pipermail/d</span><span class="invisible">ns-operations/2021-September/021340.html</span></a></p>
Stéphane Bortzmeyer<p>Formation <a href="https://mastodon.gougere.fr/tags/DNSSEC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DNSSEC</span></a> toute la semaine prochaine. Si vous avez des exemples de trucs DNSSEC rigolos (par exemple des erreurs de configuration, ou au contraire des déploiements réussis), c'est le moment de les citer.</p>
Éric V.<p>For <a href="https://mamot.fr/tags/email" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>email</span></a> configuration and <a href="https://mamot.fr/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> check, the European Commission provides a great tool: MECSA <a href="https://mecsa.jrc.ec.europa.eu/en/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">mecsa.jrc.ec.europa.eu/en/</span><span class="invisible"></span></a><br>conclusion: I still have some improvements to implement on my own server<br><a href="https://mamot.fr/tags/sysadmin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>sysadmin</span></a> <a href="https://mamot.fr/tags/linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>linux</span></a> <a href="https://mamot.fr/tags/postfix" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>postfix</span></a> <a href="https://mamot.fr/tags/DKIM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DKIM</span></a> <a href="https://mamot.fr/tags/DMARC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DMARC</span></a> <a href="https://mamot.fr/tags/DNSSEC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DNSSEC</span></a> <a href="https://mamot.fr/tags/selfhosting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>selfhosting</span></a></p>
ChaCha20Poly1305<p>@bortzmeyer@mastodon.gouger Aurais-tu des conseils pour fournir une zone DNS via un script Python/Perl qui génère des enregistrements à la volée (sans les stocker) et faire du <a href="https://mastodon.libre-entreprise.com/tags/DNSSEC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DNSSEC</span></a> dessus ? Je bataille avec PowerDNS.</p>
PowerDNS<p>First alpha release of PowerDNS DNSdist 2.0.0<br><a href="https://blog.powerdns.com/2025/03/18/first-alpha-release-of-powerdns-dnsdist-2.0.0" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blog.powerdns.com/2025/03/18/f</span><span class="invisible">irst-alpha-release-of-powerdns-dnsdist-2.0.0</span></a> <a href="https://fosstodon.org/tags/dns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dns</span></a> <a href="https://fosstodon.org/tags/dnssec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dnssec</span></a></p>
Jan Schaumann<p>System Administration</p><p>Week 7, The Domain Name System, Part III</p><p>In this video, we try to wrap up our discussion of the Domain Name System by addressing the nature of the root nameservers, looking at various different resource record types, observing reverse lookups, and thinking about how we can have assurance of authenticity and integrity of the <a href="https://mstdn.social/tags/DNS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DNS</span></a> results returned to us via <a href="https://mstdn.social/tags/DNSSEC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DNSSEC</span></a>.</p><p><a href="https://youtu.be/XDJEJFVNoko" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">youtu.be/XDJEJFVNoko</span><span class="invisible"></span></a></p><p><a href="https://mstdn.social/tags/SysAdmin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SysAdmin</span></a> <a href="https://mstdn.social/tags/DevOps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DevOps</span></a> <a href="https://mstdn.social/tags/SRE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SRE</span></a></p>
gregR ☯<p><span class="h-card" translate="no"><a href="https://mastodon.online/@unixtippse" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>unixtippse</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.social/@jpmens" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>jpmens</span></a></span> they are looking for the DS key maybe ?<br><a href="https://mastodon.gougere.fr/@DNSresolver/114126039762798724" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">mastodon.gougere.fr/@DNSresolv</span><span class="invisible">er/114126039762798724</span></a><br><a href="https://mamot.fr/tags/dns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dns</span></a> <a href="https://mamot.fr/tags/DNSSEC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DNSSEC</span></a></p>
John Shaft<p>So smol 🥺</p><p><a href="https://piaille.fr/tags/DNSSEC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DNSSEC</span></a> <a href="https://piaille.fr/tags/ed25519" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ed25519</span></a></p><p><a href="https://piaille.fr/@shaft/114115244980271165" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">piaille.fr/@shaft/114115244980</span><span class="invisible">271165</span></a></p>
John Shaft<p>Ah! .fj going back to secure. A <a href="https://piaille.fr/tags/TLD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TLD</span></a> using ed25519, sounds like a first 🤔</p><p>Ping <span class="h-card" translate="no"><a href="https://mastodon.social/@jpmens" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>jpmens</span></a></span> </p><p><a href="https://piaille.fr/tags/DNSSEC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DNSSEC</span></a></p><p><a href="https://mastodns.net/@diffroot/114112383277192436" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">mastodns.net/@diffroot/1141123</span><span class="invisible">83277192436</span></a></p>
John Shaft<p>Have not pay much attention to the Compact Denial of Existence in <a href="https://piaille.fr/tags/DNSSEC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DNSSEC</span></a> yet.</p><p>Should have : there are nice straws for the <a href="https://piaille.fr/tags/DNSCamel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DNSCamel</span></a>. :3</p><p>Eg. A new optional EDNS0 header flag (CO - for "Compact Answers OK"). Would be the first one since DO.</p><p><a href="https://datatracker.ietf.org/doc/draft-ietf-dnsop-compact-denial-of-existence/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">datatracker.ietf.org/doc/draft</span><span class="invisible">-ietf-dnsop-compact-denial-of-existence/</span></a></p>
nan0<p>Does anyone has a contact to the Joint Research Centre (<a href="https://chaos.social/tags/JRC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>JRC</span></a>) [0] or My Email Communications Security Assessment (<a href="https://chaos.social/tags/MECSA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MECSA</span></a>) [1] (both from the <a href="https://chaos.social/tags/EU" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>EU</span></a>)?</p><p>I find the tool great... if it would parse <a href="https://chaos.social/tags/SPF" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SPF</span></a>/#IPv6 correctly und actually check for <a href="https://chaos.social/tags/DNSSEC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DNSSEC</span></a>...</p><p>I've tried emailing them, but no response :/</p><p>Links:<br>[0]: <a href="https://joint-research-centre.ec.europa.eu/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">joint-research-centre.ec.europ</span><span class="invisible">a.eu/</span></a><br>[1]: <a href="https://mecsa.jrc.ec.europa.eu/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">mecsa.jrc.ec.europa.eu/</span><span class="invisible"></span></a></p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload