kubikpixel, 5 days ago to internet German

»Cloudflare-Alternative:
19 Cloudflare-Alternativen im Überblick«

Hat jemensch von euch Erfahrung mit eines diesen Alternativen oder gar sogar mit einer nicht aufgeführten? Wenn ja, welches könnt ihr aus welchen Argumente und Gründen empfehlen?
(Ich zweifle immer noch welches am "sichersten" und "daten sparsam" ist)

🌐 https://letsbecrazy.de/cloudflare-alternative/

–
#cloudflare #internet #websicherheit #dns #webdev #dnssec #alternative #frage #it

PowerDNS, 6 days ago to random

PowerDNS Recursor 4.8.9, 4.9.6 and 5.0.5 Released
https://blog.powerdns.com/2024/05/14/powerdns-recursor-4-8-9-4-9-6-5-0-5-released-0 #dns #dnssec

bortzmeyer, 6 days ago to random French

Point positif pour la sécurité nationale : 15 des 1031 domaines de gouv.fr sont désormais signés avec #DNSSEC, dont celui de Dati, crucial pour la nation https://botsin.space/@DNSresolver/112438440953456482

(Notez que son copain Le Maire signe mais ne publie pas de DS pour finances.gouv.fr.)

PowerDNS, 7 days ago to random

PowerDNS DNSdist 1.9.4 released
https://blog.powerdns.com/2024/05/13/powerdns-dnsdist-1.9.4-released #dns #dnssec

jpmens, 9 days ago to medical

“I have been procrastinating this migration for years” #dnssec #policy #kasp #bind

It’s almost as though I dictated portions of this blog. Thank you, @fanf for writing it!

https://dotat.at/@/2024-05-11-dnssec-policy.html

jpmens, 10 days ago to random

Authenticated #DNSSEC Bootstrapping in Knot DNS

"DNSSEC Bootstrapping allows the child zone operator to publish a signed copy of the child’s CDS/CDNSKEY records under a different name that has an existing chain of trust."

https://en.blog.nic.cz/2024/05/10/authenticated-dnssec-bootstrapping-in-knot-dns/

jpmens, 20 days ago to random

It's in the DNS. Of course.

antondollmaier, 21 days ago to random German

Montag.
#DANE-Fehler "Server certificate not trusted." Wie vor 60 Tagen schon mal.
Also Anruf beim Dienstleister. "da müssen wir manuell nachjustieren."
seufz

huguei, 23 days ago to random

We have new KSK for the root!
Today a mega ceremony was held where new HSMs were introduced and a new root key was generated in them. This key will be pre-publicated at the end of this year, and the rollover will be at the end of 2026. It'll be the third in the history of the DNS. The first was in 2010 and the second in 2017. #dns #dnssec

A TV screenshot of two HSMs
A person holding a box with cryptographic keys inside.

jpmens, 25 days ago (edited 25 days ago) to random

PSA: diy keyrollovers might lack automation.

#dnssec #sorry

PowerDNS, 26 days ago to random

PowerDNS Recursor Security Advisory 2024-02
https://blog.powerdns.com/2024/04/24/powerdns-recursor-4-8-8-4-9-5-5-0-4-released #dns #dnssec

gregr, 26 days ago to random French

C'est le moment de sous traiter ses projets à la #startUpNation
#dnssec a encore frappé
Ping @bortzmeyer @shaft

altran.com · Zonemaster
https://zonemaster.net/fr/result/815e0e032585842e

jpmens, 1 month ago to random

deleted_by_author

gregr, 1 month ago to random French

QOTD :

> Automating #DNSSEC is still a long way from where it should be

shaft, 1 month ago to random

Here comes a new chall... #DNSSEC Algorithm. Number 23. You will probably never use it (It's a GOST story)

RFC 9558: Use of GOST 2012 Signature Algorithms in DNSKEY and RRSIG Resource Records for DNSSEC
https://www.rfc-editor.org/info/rfc9558

mtxvp, 1 month ago to internet

Root KSK Ceremony - the most meticulous security procedure on the internet https://www.cloudflare.com/dns/dnssec/root-signing-ceremony/
#internet #security #iana #ksk #dnssec

shaft, 1 month ago (edited 1 month ago) to random French

Generating #DNSSEC signatures using the private keys from #RFC 9500 (a bunch a publicly known private keys, which is a strange concept 🤔) : it works nicely. :3 The keytag for "testECCP256" is 56715 or 56716 (whether it's a ZSK or a KSK).

The RFC lacks ed25519 and ed448 keys though

shaft, 1 month ago to random French

Heureusement, je ne serais sans doute plus là, un peu avant 2106, quand il faudra commencer à se faire des nœuds au cerveau avec l'arithmétique des numéros de série du RFC 1982 appliquée au champs de dates des signatures #DNSSEC

La mortalité a du bon.

PowerDNS, 1 month ago to random

PowerDNS DNSdist 1.9.2 Released
https://blog.powerdns.com/2024/04/05/powerdns-dnsdist-1.9.2-released #dns #dnssec

shaft, 1 month ago to random French

Il y a une vingtaine d'années, l' @afnic avait mis en ligne une auto-formation au #DNS, avec un design très CD-ROM interactif typique de la fin 90's / début du siècle :)

Il y a même du #DNSSEC dans la partie avancée : c'est l'époque des KEY, SIG et autre NXT du DNSSEC 1ère génération

https://web.archive.org/web/20081128073423/https://www.afnic.fr/ext/dns/

shaft, 1 month ago to random

OK, draft-rfc8624-bis says:

“This document simply moves the canonical list of algorithms from [RFC8624] to the IANA registry, and defines the registry policies for updating the registry. It does not change the status of any of the algorithms listed in [RFC8624];”

Now, in the table in section 3, column "#DNSSEC Signing", algorithms 5 & 7 are listed as "MUST NOT". They are "NOT RECOMMANDED" in RFC 8624 section 3.1. The recommandation for validation also changes (from "MUST" to "SHOULD NOT")

It is slightly different (for the better imo but still) :)

https://datatracker.ietf.org/doc/draft-hardaker-dnsop-rfc8624-bis/

https://www.rfc-editor.org/rfc/rfc8624.html

bortzmeyer, 1 month ago to random French

Last working group meeting of #IIETF119, the second meetng of dnsop (all things #DNS )

https://datatracker.ietf.org/meeting/119/materials/agenda-119-dnsop-02

bortzmeyer, 2 months ago to random French

dnsop meeting at #IETF119. Let's change the #DNS

https://datatracker.ietf.org/meeting/119/materials/agenda-119-dnsop-01

@ietf_wg_dnsop

bortzmeyer, 2 months ago to random French

Good morning, Brisbane! Second day of the #IETF119 hackathon.
Let's add more bugs to the code written yetesrday. https://wiki.ietf.org/en/meeting/119/hackathon

#DNS #DNSSEC