Rafael Kassner<p>TIL: <a href="https://phpc.social/tags/coredns" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>coredns</span></a> <a href="https://phpc.social/tags/dnssec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dnssec</span></a> plugin only supports 3600s as TTL 😢 </p><p>> As the dnssec plugin can’t see the original TTL of the RRSets it signs, it will always use 3600s as the value.</p><p><a href="https://coredns.io/plugins/dnssec/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">coredns.io/plugins/dnssec/</span><span class="invisible"></span></a></p>
techhub.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A hub primarily for passionate technologists, but everyone is welcome
Administered by:
Server stats:
4.6Kactive users
techhub.social: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.3
#dnssec
2 posts · 2 participants · 0 posts today
PowerDNS<p>PowerDNS Authoritative Server 4.9.8 Released</p><p><a href="https://blog.powerdns.com/powerdns-authoritative-server-4.9.8" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blog.powerdns.com/powerdns-aut</span><span class="invisible">horitative-server-4.9.8</span></a></p><p><a href="https://fosstodon.org/tags/dns" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dns</span></a> <a href="https://fosstodon.org/tags/dnssec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dnssec</span></a></p>
dmstork<p>New blog post: Why every organization should enable DANE <a href="https://davestork.nl/why-every-organization-should-enable-dane/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">davestork.nl/why-every-organiz</span><span class="invisible">ation-should-enable-dane/</span></a> <br><a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://mastodon.social/tags/SMTP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SMTP</span></a> <a href="https://mastodon.social/tags/mail" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>mail</span></a> <a href="https://mastodon.social/tags/MSExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MSExchange</span></a> <a href="https://mastodon.social/tags/Microsoft365" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Microsoft365</span></a> <a href="https://mastodon.social/tags/DNSSEC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DNSSEC</span></a> <a href="https://mastodon.social/tags/AzureDNS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AzureDNS</span></a></p>
heise Security<p>Podcast "Passwort" Folge 37: DNSSEC, die DNS Security Extensions</p><p>DNS ist ein Grundpfeiler des Internets – umso wichtiger, dass die Namensauflösung verlässliche Daten liefert. Wie DNSSEC dabei hilft, erklärt ein kundiger Gast.</p><p><a href="https://www.heise.de/news/Podcast-Passwort-Folge-37-DNSSEC-die-DNS-Security-Extensions-10498530.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">heise.de/news/Podcast-Passwort</span><span class="invisible">-Folge-37-DNSSEC-die-DNS-Security-Extensions-10498530.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon</span></a></p><p><a href="https://social.heise.de/tags/Automatisierung" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Automatisierung</span></a> <a href="https://social.heise.de/tags/DANE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DANE</span></a> <a href="https://social.heise.de/tags/DNS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DNS</span></a> <a href="https://social.heise.de/tags/DNSSEC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DNSSEC</span></a> <a href="https://social.heise.de/tags/IETF" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IETF</span></a> <a href="https://social.heise.de/tags/IT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IT</span></a> <a href="https://social.heise.de/tags/PasswortPodcast" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PasswortPodcast</span></a> <a href="https://social.heise.de/tags/Podcast" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Podcast</span></a> <a href="https://social.heise.de/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Security</span></a> <a href="https://social.heise.de/tags/news" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>news</span></a></p>
Internet.nl<p><span class="h-card" translate="no"><a href="https://mastodon.libre-entreprise.com/@camille" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>camille</span></a></span> <br>Thanks for your feedback. Do you have an example domain?</p><p>The test validates <a href="https://mastodon.nl/tags/DNSSEC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DNSSEC</span></a> <a href="https://mastodon.nl/tags/ED25519" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ED25519</span></a> signatures on ed25519.nl and ed25519.no:<br>- <a href="https://internet.nl/site/ed25519.nl/3367385/#sitednssec" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">internet.nl/site/ed25519.nl/33</span><span class="invisible">67385/#sitednssec</span></a><br>- <a href="https://internet.nl/site/ed25519.no/3367390/#sitednssec" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">internet.nl/site/ed25519.no/33</span><span class="invisible">67390/#sitednssec</span></a></p>
PowerDNS<p>PowerDNS Recursor 5.1.7 and 5.2.5 Released</p><p><a href="https://blog.powerdns.com/powerdns-recursor-5.1.7-and-5.2.5-released" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blog.powerdns.com/powerdns-rec</span><span class="invisible">ursor-5.1.7-and-5.2.5-released</span></a></p><p><a href="https://fosstodon.org/tags/dns" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dns</span></a> <a href="https://fosstodon.org/tags/dnssec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dnssec</span></a></p>
ChaCha20Poly1305<p><span class="h-card" translate="no"><a href="https://mastodon.nl/@internet_nl" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>internet_nl</span></a></span> your <a href="https://mastodon.libre-entreprise.com/tags/DNSSEC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DNSSEC</span></a> test seems to be unable to validate <a href="https://mastodon.libre-entreprise.com/tags/ED25519" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ED25519</span></a> signatures.</p>
:hacker_p: :hacker_f: :hacker_t:<p>The suggestion that <a href="https://infosec.exchange/tags/dnssec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dnssec</span></a> is not important because we have <a href="https://infosec.exchange/tags/tls" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tls</span></a> certs blows my mind. Domain validation (over DNS) <em>is</em> mandatory for every <a href="https://infosec.exchange/tags/x509" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>x509</span></a> cert containing domain names (in the Web PKI ecosystem). If your DNS is compromised, your TLS cert is useless.</p>
tsk<p>Like little lightbulbs turning on over one's head...<br><a href="https://infosec.exchange/tags/dnssec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dnssec</span></a> <a href="https://infosec.exchange/tags/https" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>https</span></a> <a href="https://infosec.exchange/tags/tls" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tls</span></a> <a href="https://infosec.exchange/tags/pki" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pki</span></a></p><p><a href="https://www.theregister.com/2025/07/25/systems_approach_column_dns_security/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">theregister.com/2025/07/25/sys</span><span class="invisible">tems_approach_column_dns_security/</span></a></p>
The New Oil<p><a href="https://mastodon.thenewoil.org/tags/DNS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DNS</span></a> security is important but <a href="https://mastodon.thenewoil.org/tags/DNSSEC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DNSSEC</span></a> may be a failed experiment</p><p><a href="https://www.theregister.com/2025/07/25/systems_approach_column_dns_security/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">theregister.com/2025/07/25/sys</span><span class="invisible">tems_approach_column_dns_security/</span></a></p><p><a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a></p>
JP Mens<p>Via a mailing list, I get to see a very impressive-looking <a href="https://mastodon.social/tags/DNSSEC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DNSSEC</span></a> waterfall:</p><p><a href="https://dnsviz.net/d/time.nist.gov/aID54g/dnssec/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">dnsviz.net/d/time.nist.gov/aID</span><span class="invisible">54g/dnssec/</span></a></p><p><a href="https://mastodon.social/tags/kaputt" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>kaputt</span></a></p>
Loki the Cat<p>DNSSEC: officially the "worst performing technology" of internet protocols at 34% adoption after 28 years. Meanwhile HTTPS is living its best life at 96%. Sometimes being invisible isn't a superpower! 👻</p><p><a href="https://it.slashdot.org/story/25/07/25/1714202/dns-security-is-important-but-dnssec-may-be-a-failed-experiment" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">it.slashdot.org/story/25/07/25</span><span class="invisible">/1714202/dns-security-is-important-but-dnssec-may-be-a-failed-experiment</span></a></p><p><a href="https://toot.community/tags/DNSSEC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DNSSEC</span></a> <a href="https://toot.community/tags/DNS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DNS</span></a> <a href="https://toot.community/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a></p>
rvstaveren<p>For what it is worth, earlier this month my private <a href="https://mastodon.online/tags/dns" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dns</span></a> zone was <a href="https://mastodon.online/tags/dnssec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dnssec</span></a> signed 20 years ago. </p><p>First with the perl based RIPE DISI tools, then I tried opendnssec in a way to complicated setup with a nsd/bind combo or bind with separate signed/unsigned views (can’t remember), then it became zkt to end up with running with bind’s dnssec-policy</p><p> What a ride</p>
PowerDNS<p>PowerDNS Authoritative Server 5.0.0-beta1 Released</p><p><a href="https://blog.powerdns.com/powerdns-authoritative-server-5.0.0-beta1-released" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blog.powerdns.com/powerdns-aut</span><span class="invisible">horitative-server-5.0.0-beta1-released</span></a></p><p><a href="https://fosstodon.org/tags/dns" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dns</span></a> <a href="https://fosstodon.org/tags/dnssec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dnssec</span></a></p>
Sven222Ich bräuchte mal Eure Hilfe. Da ich mir mal für meinen Spielmailserver <a href="https://soc.hardwarepunk.de/search?tag=DANE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DANE</span></a> und <a href="https://soc.hardwarepunk.de/search?tag=DNSSEC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DNSSEC</span></a> anschauen will, habe ich mir bei <a href="https://soc.hardwarepunk.de/search?tag=deSEC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>deSEC</span></a> einen Account geholt und die Nameserver von denen bei <a href="https://soc.hardwarepunk.de/search?tag=Hetzner" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Hetzner</span></a> eingetragen. Wenn ich jetzt einen DNSSEC Validator drüberlaufen lasse, dann sehe ich, dass in der DE Zone logischerweise keine DS Einträge vorhanden sind, die müssen ja über den Registrar dahin. Bei Hetzner finde ich keine Möglichkeit diese Einstellungen irgendwo zu hinterlegen. Weiß jemand ob das geht? Wenn nicht, welchen Registrar würdet Ihr empfehlen, der das kann? Gerne günstig und aus Deutschland. Geht das bei <a href="https://soc.hardwarepunk.de/search?tag=Netcup" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Netcup</span></a>?<br><a href="https://soc.hardwarepunk.de/search?tag=fedihelp" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fedihelp</span></a> <a href="https://soc.hardwarepunk.de/search?tag=admin" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>admin</span></a> <a href="https://soc.hardwarepunk.de/search?tag=dns" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dns</span></a>
PowerDNS<p>PowerDNS Recursor 5.3.0-beta1 Released</p><p><a href="https://blog.powerdns.com/powerdns-recursor-5.3.0-beta1-released" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blog.powerdns.com/powerdns-rec</span><span class="invisible">ursor-5.3.0-beta1-released</span></a></p><p><a href="https://fosstodon.org/tags/dns" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dns</span></a> <a href="https://fosstodon.org/tags/dnssec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dnssec</span></a></p>
O Slovensku<p>Vláda projednala dne 9. července 2025 zprávu předloženou Ministerstvem průmyslu a obchodu, která hodnotí pokrok při zavádění technologií IPv6</p><p>Tón: : mírně pozitivní<br><a href="https://rockosbasilisk.com/tags/%C4%8Desko" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>česko</span></a> <a href="https://rockosbasilisk.com/tags/gdelt" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>gdelt</span></a> <a href="https://rockosbasilisk.com/tags/ipv6" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ipv6</span></a> <a href="https://rockosbasilisk.com/tags/dnssec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dnssec</span></a> <a href="https://rockosbasilisk.com/tags/ministerstvo" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ministerstvo</span></a><br> </p><p><a href="https://mpo.gov.cz/cz/e-komunikace-a-posta/elektronicke-komunikace/zprava-o-podpore-protokolu-ipv6-a-technologie-dnssec-ve-statni-sprave-ceske-republiky--288703/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">mpo.gov.cz/cz/e-komunikace-a-p</span><span class="invisible">osta/elektronicke-komunikace/zprava-o-podpore-protokolu-ipv6-a-technologie-dnssec-ve-statni-sprave-ceske-republiky--288703/</span></a></p>
PowerDNS<p>The all-rounder DNSdist 2.0 is here!</p><p><a href="https://blog.powerdns.com/the-all-rounder-dnsdist-2.0-is-here" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blog.powerdns.com/the-all-roun</span><span class="invisible">der-dnsdist-2.0-is-here</span></a></p><p><a href="https://fosstodon.org/tags/dns" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dns</span></a> <a href="https://fosstodon.org/tags/dnssec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dnssec</span></a></p>
PowerDNS<p>PowerDNS Security Advisory 2025-04<br>(aka PowerDNS Recursor 5.0.12, 5.1.6 and 5.2.4 released)</p><p><a href="https://blog.powerdns.com/powerdns-security-advisory-2025-04" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blog.powerdns.com/powerdns-sec</span><span class="invisible">urity-advisory-2025-04</span></a></p><p><a href="https://fosstodon.org/tags/dns" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dns</span></a> <a href="https://fosstodon.org/tags/dnssec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dnssec</span></a></p>
ChaCha20Poly1305<p><span class="h-card" translate="no"><a href="https://tooter.wishy.co.uk/@wishy" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>wishy</span></a></span> An ISP should have a resolver not lying and not filtering <a href="https://mastodon.libre-entreprise.com/tags/DNSSEC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DNSSEC</span></a> as french ISP <a href="https://mastodon.libre-entreprise.com/tags/Numericable" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Numericable</span></a>/#SFR is doing.</p>
TrendingLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload