Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://oldbytes.space/@drscriptt" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>drscriptt</span></a></span> again: I'd see this as more error-prone than <a href="https://infosec.space/tags/DNSSEC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DNSSEC</span></a> and only hindering the transition from <a href="https://infosec.space/tags/IPv4" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IPv4</span></a> to <a href="https://infosec.space/tags/IPv6" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IPv6</span></a> if not bricking <em>proper <a href="https://infosec.space/tags/DualStack" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DualStack</span></a></em>…</p>
Administered by:
#dnssec
6 posts5 participants1 post today
Thinking of moving my domains' DNS hosting to deSEC at https://desec.io. They require enabling #DNSSEC. Any reasons this a bad idea? #DNS.
desec.iodeSEC – Free Secure DNS
Yesterday I started testing the #DNS4EU servers on my #pihole regarding ad blocking and child protection. Seems to work well so far after using it through the day.
https://www.joindns4.eu/learn/dns4eu-public-service-launched
Then I stumbled over the article below. I definitely need to look into the details myself.
https://cybernews.com/security/european-independent-dns-relies-on-cloudflare-google/
What‘s your thoughts on this? Is it a usable alternative?
www.joindns4.euDNS4EU Goes live: A European Alternative to Google and Cloudflare DNS, Powered by WhaleboneWhalebone’s DNS4EU Public Service is a free and secure DNS service protecting EU citizens’ privacy and supporting Europe’s digital independence.
Protect your financial institution’s reputation and customer trust. Choose DNSimple for your .BANK domain hosting.
Help your customers bank securely
Eliminate spam and phishing
Enhance your brand with new opportunities
DNSimple's managed #DNS service is fully compliant with all .BANK security requirements. Including #DNSSEC, multi-factor authentication, strong encryption, and #DDoS protection.
DNSSEC 101:我們為什麼需要 DNSSEC?
➤ 保護網路根基:DNSSEC 的重要性
✤ https://howdnssec.works/why-do-we-need-dnssec/
DNS(網域名稱系統)最初設計時未將安全性納入考量,容易受到篡改。DNSSEC(網域名稱系統安全延伸)正是在此背景下應運而生的,它透過驗證 DNS 回應的真實性,確保使用者能正確連接到目標網站,並防止惡意重導。雖然 DNSSEC 不像 HTTPS 那樣提供加密功能,但它能偵測 DNS 資料是否被竄改。
+ 聽起來 DNSSEC 就像是網路世界的身份證,可以驗證網站的真偽,讓人更安心上網!
+ 以前總覺得 DNS 只是個電話簿,沒想到它其實也需要安全防護,DNSSEC 真是個重要的技術。
#網路安全 #DNS #DNSSEC
howdnssec.worksHow DNSSEC worksLearn why DNS needs security through tacos, crabs, and cryptographic laughs. How DNSSEC Works turns complex internet plumbing into an illustrated adventure.
A taco explains how DNSSEC works! via 
Ah, DNSSEC—the digital equivalent of locking the barn door after the data has bolted 
. Who knew securing a system designed with all the foresight of a toddler with a crayon could be so "urgent"? 
Clearly, the internet was built on trust, much like a pyramid scheme but with fewer yachts. 
https://howdnssec.works/why-do-we-need-dnssec/ #DNSSEC #internetsecurity #cybersecurity #humor #trustissues #HackerNews #ngated
howdnssec.worksHow DNSSEC worksLearn why DNS needs security through tacos, crabs, and cryptographic laughs. How DNSSEC Works turns complex internet plumbing into an illustrated adventure.
Mongolia's IDN TLD, мон., just switched from the very old algorithm 5 (RSA-SHA1) to elliptic curves \o/
MastoDNSTootzonechanges (@diffroot@mastodns.net)🇲🇳 мон. ( xn--l1acc. ) : Algorithm Rollover - Changed DS
- 45112 5 1
- 45112 5 2
+ 47327 13 2
+ 47327 13 4
Replied in thread
And yes, it works! Here are #DNSSEC keys in the YubiHSM, created via PKCS#11 using kmip2pkcs11 with KMIP queries sent by domain KMIP key code.
The goal for this approach is to shield an application against an untrusted PKCS#11 library.