social.dk-libre.fr is a Fediverse instance that uses the ActivityPub protocol. In other words, users at this host can communicate with people that use software like Mastodon, Pleroma, Friendica, etc. all around the world.

This server runs the snac software and there is no automatic sign-up process.

Search results for tag #dns

[?]adrienandrem » 🌐
@adrienandrem@pouet.chapril.org

Dites, le synonyme de « test si connecté au web » = « test de ping 8.8.8.8 » m'a l'air tellement bien gravé chez certains.
On a une alternative UE ou non GAFAM à automatiquement répliquer ?

    JP Mens boosted

    [?]ximon18 » 🌐
    @ximon18@fosstodon.org

    The video of my presentation at DNS OARC 46 about progress on our new Rust based DNSSEC signing software Cascade went online today. It’s always fun to look back and see it from the perspective of the audience! For a higher level introduction to Cascade there’s also a great presentation that @jpmens gave at NLUUG earlier this year. Check them out at youtu.be/rQH3dey6kHI?si=0cqZga and youtu.be/HyAwFhIwxHM?si=QJiUIu. @dnsoarc

      [?]Afnic » 🌐
      @afnic@mastodon.social

      🚁 Can DNS help with remote drone identification?

      🔍 At first glance, the connection isn't obvious. Yet the DNS could also help address this challenge.

      💡 An innovative approach that shows how Internet infrastructure can support new use cases.

      👇 Sandoche Balakrichenan explains how in our latest article: afnic.fr/en/observatory-and-re

      Meeting with Sandoche Balakrichenan How can the DNS help identify drones remotely?

      Alt...Meeting with Sandoche Balakrichenan How can the DNS help identify drones remotely?

        [?]Afnic » 🌐
        @afnic@mastodon.social

        🚁 Le DNS peut-il aider à identifier un drone en plein vol ?

        🔍 À première vue, le lien n'est pas évident. Et pourtant, cette technologie au cœur du fonctionnement d'internet pourrait relever ce défi.

        💡 Une idée originale qui montre que les technologies qui soutiennent les infrastructures du numérique peuvent trouver de nouveaux usages.

        👇 Sandoche Balakrichenan nous explique comment afnic.fr/observatoire-ressourc

        Rencontre avec Sandoche Balakrichenan Comment le DNS peut-il aider à identifier les drones à distances ?

        Alt...Rencontre avec Sandoche Balakrichenan Comment le DNS peut-il aider à identifier les drones à distances ?

        [?]Jerry Lundström » 🌐
        @jelu@mastodns.net

        v0.11.0 released!
        New:
        - Major work on verbose output to render records and rdata (-1 meow)
        - Support for EUI48 and EUI64 records (RFC 7043)
        - Detect NSEC3 records with flags, iterations, or salt inconsistent with NSEC3PARAM
        - New policies: all-algorithms-signed, occluded-records, missing-glue, no-strict-glue
        Fixed:
        - Crashes, data races, memory leaks, buffer overflows and more, see CHANGELOG for complete list

        codeberg.org/DNS-OARC/validns/

          [?]Stéphane Bortzmeyer » 🌐
          @bortzmeyer@mastodon.gougere.fr

          J'étais surpris que les serveurs faisant autorité pour .ru soient en .net mais apparemment, les Russes sont en train de changer cela : mastodns.net/@diffroot/1169204

            [?]Dam H. [lui/il] » 🌐
            @Dam_ned@mamot.fr

            Tiens le joindns4.eu qui bloque orbot.app (le client pour android) 🤔

              [?]B'ad Samurai :ifin: [he/him] » 🌐
              @badsamurai@infosec.exchange

              Well good thing the American federal government doesn’t rely on a single privately-owned third-party digital identity provider operating on .me!

              Calvin change my mind meme with the ID.me logo and “is a national security risk” “change my mind”

              Alt...Calvin change my mind meme with the ID.me logo and “is a national security risk” “change my mind”

                [?]Stéphane Bortzmeyer » 🌐
                @bortzmeyer@mastodon.gougere.fr

                Si vous utilisez le service de messagerie instantanée , vous avez sans doute vu aujourd'hui, que des services ne marchent pas, notamment les liens vers des ressources diverses (images, etc). C'est parce que le registre de noms de domaine du Monténégro l'a décidé. Voyons les détails.

                bortzmeyer.org/telegram-on-hol

                  [?]Maarten Aertsen » 🌐
                  @maarten@techpolicy.social

                  cascaded.service -> cascade.service
                  To rename, or not to rename, that’s the question: github.com/NLnetLabs/cascade/i
                  Would I greatly inconvenience you active testers if this were to change? @jpmens @bortzmeyer @oli

                    [?]ᴏᴏᴍ-ᴋɪʟʟᴇʀ: 333 » 🌐
                    @jae@mastodon.bsd.cafe

                    sometimes you have to solve your own problems. had a specific use-case to not open a browser to check stats/issues on which is an upstream to resolver

                    being more tui/tty oriented, decided to build a tui dashboard. works pretty nicely. also felt it was good to dual-scope the binary so it can run as an optional web front-end that's very lightweight and customized

                    this is a 20mb binary and all you need to do is feed it an api key and profile id (if not on default)

                    we live in an age where it's somewhat trivial to solve your own problems. why wait for others to do it? everything.

                      [?]Teddy / Domingo (🇨🇵/🇬🇧) » 🌐
                      @TeddyTheBest@framapiaf.org

                      Un faux outil d'analyse propage un via 222 dépôts . Un module Go imite un outil de scan et dissimule un chargeur relié à 222 dépôts . Le réseau est actif depuis janvier et diffuse des d’accès distant ainsi que des voleurs de données, selon l’éditeur de Socket
                      clubic.com/actualite-620971-un

                        [?]NLnet Labs » 🌐
                        @nlnetlabs@social.nlnetlabs.nl

                        @bortzmeyer @oli @jpmens For context, we’re now in “signing co.uk on a regular laptop” territory, with more improvements to come.

                          JP Mens boosted

                          [?]NLnet Labs » 🌐
                          @nlnetlabs@social.nlnetlabs.nl

                          It's still Friday and we're still doing a Cascade release, so here's 0.1.0-beta5 'Got that holiday feeling'. 🏖️

                          In this release we're giving you more speed improvements by parallelizing sorting and more memory reduction by improving the handling of NSEC(3) in incremental signing. You can also track all of these improvements with newly introduced metrics.

                          Thanks again to @bortzmeyer, @oli and @jpmens and others for providing valuable feedback!

                          github.com/NLnetLabs/cascade/r

                            AodeRelay boosted

                            [?]GNU/Linux.ch » 🌐
                            @gnulinux@social.anoxinon.de

                            JusProgDNS für Linux

                            Kinderschutz im Netz ist ein sensibles Thema. Einerseits braucht es Schutzmechanismen, andererseits sollen diese Mechanismen nicht selbst zum Hindernis werden. Genau da setzt JusProgDNS an.

                            gnulinux.ch/jusprogdns

                              [?]Censys » 🌐
                              @censys@infosec.exchange

                              Whether you're trying to:
                              ✓ Triage alerts
                              ✓ Investigate incidents
                              ✓ Hunt adversaries
                              ✓ Defend against emerging campaigns

                              DNS is now another layer of the Censys Internet Map helping teams decide faster and more accurately across every stage of the security operations workflow: censys.com/blog/censys-expands

                                [?]Stéphane Bortzmeyer » 🌐
                                @bortzmeyer@mastodon.gougere.fr

                                « Souveraineté numérique : l’Afnic désignée pour gérer et développer les extensions Internet des territoires ultramarins » entreprises.gouv.fr/espace-pre

                                « Transparentes et participatives, avec une gouvernance ouverte et inclusive »

                                  Remi Gacogne boosted

                                  [?]NLnet Labs » 🌐
                                  @nlnetlabs@social.nlnetlabs.nl

                                  Today, we're happy to launch the NSD 4.15.0. This release of our authoritative server includes more than 20 fixes for LLM-assisted security reports. It also improves the Prometheus metrics, as a nice bonus.

                                  community.nlnetlabs.nl/t/nsd-4

                                    [?]gregR ☯ » 🌐
                                    @gregr@mamot.fr

                                    @bortzmeyer @shaft QOTD
                                    > Yes, following DNS stuff on Mastodon is now part of maintaining DNS...
                                    Petit jeu : qui est l'auteur ?
                                    La réponse
                                    mail-archive.com/dns-operation

                                      [?]Dๅᴉĸo » 🌐
                                      @djiko_iko@framapiaf.org

                                      Hello, j'ai un domaine dont les NS sont aux US et au Canada. Est ce qu'en soi c'est un problème ? Est ce qu'il existe des NS publics fiables en Europe ? Si je cherche, je tombe bien sur des listes des trucs (genre publicdnsserver.com/switzerlan ). Mais je n'ai aucune idée du sérieux de ce genre de listes, pas plus que de l'utilisabilité de ces serveurs dans ce contexte.

                                      :boost_requested: appréciés

                                        fredix 🐧 boosted

                                        [?]Teddy / Domingo (🇨🇵/🇬🇧) » 🌐
                                        @TeddyTheBest@framapiaf.org

                                        Après les et les , les ayants droit veulent désormais pouvoir bloquer des réseaux entiers. La lutte contre le piratage pourrait bientôt franchir une nouvelle étape en
                                        clubic.com/actualite-620074-ap

                                          JP Mens boosted

                                          [?]Peter Lowe » 🌐
                                          @pgl@infosec.exchange

                                          The @firstdotorg Abuse SIG needs YOU! Even if you're not a member of FIRST.

                                          We have members from all over the DNS industry, from all over the world, and we're looking for members of the DNS security community with an operational background to grow the group. For one reason or another meetings are sometimes a little light on attendees, which is a shame because we're doing some really interesting work. And there's the potential for doing even more cool stuff.

                                          We have biweekly meetings every other Thursday at 21:00 JST (12:00 BST, 07:00 ET) which are friendly, informal, comfortably unstructured Zoom calls where we discuss ongoing work and general DNS topics. There's also a mailing list (which is very low-traffic) and a Slack channel (where most communication happens).

                                          Currently we're working on adjustments to the DNS Abuse Techniques Matrix - changes to the work we've already done - and welcome insight from stakeholders on the topic of DNS abuse, its classification, and how it can be detected, mitigated, and prevented. We also cover adjacent topics, like tooling, use of AI for the website and data, and how best to make it all work.

                                          You don't have to know everything - it's fine if you know one thing that everyone else doesn't. Or can ask a question that nobody else thought of.

                                          To explain the process: applications from people outside of FIRST don't need sponsorship or anything, but they are sent to the group first. If there are no objections after a short time, then your application will be accepted. If not, then we'll explain why. And if you're already in FIRST, then your application is just a formality and we invite you straight away.

                                          "My DMs are open" - message me if you'd like any more info! It's slow season right now so a perfect time to get on board.

                                          Apply to join, and find out more, from our homepage on the FIRST website: first.org/global/sigs/dns/

                                            Pierre-Yves boosted

                                            [?]Orhun Parmaksız 👾 » 🌐
                                            @orhun@fosstodon.org

                                            Found a TUI for handling DNS changes! 🤯

                                            🌐 **dnsglobe** — A global DNS propagation checker

                                            💯 Query 34 DNS resolvers worldwide in parallel, compare results & watch propagation live w/ interactive world map

                                            🦀 Written in Rust & built with @ratatui_rs

                                            ⭐ GitHub: github.com/514-labs/dnsglobe

                                              [?]John Shaft » 🌐
                                              @shaft@piaille.fr

                                              Albania's .al was secured for a week or so. Wonder what happened. 🤔

                                              DS added to root zone : mastodns.net/@diffroot/1168128
                                              DS removed : mastodns.net/@diffroot/1168577

                                                [?]NLnet Labs » 🌐
                                                @nlnetlabs@social.nlnetlabs.nl

                                                Please note that we have volunteered to have all of our products and libraries analyzed by LLM tooling, so you can expect security releases for pretty much everything, down to libraries like rpki-rs and projects in maintenance mode like ldns.

                                                  Fred de CLX boosted

                                                  [?]NLnet Labs » 🌐
                                                  @nlnetlabs@social.nlnetlabs.nl

                                                  We have been working incredibly hard on patching all of the LLM-assisted security reports for our authoritative server NSD.

                                                  Today, we're happy to launch the NSD 4.15.0rc1 pre-release so you can test the 20+ fixes that are included. This release also improves the Prometheus metrics, as a nice bonus.

                                                  community.nlnetlabs.nl/t/nsd-4

                                                    AodeRelay boosted

                                                    [?]NLnet Labs » 🌐
                                                    @nlnetlabs@social.nlnetlabs.nl

                                                    @benjojo While we love working in Rust, designing and building a resolver for the modern era is a massive undertaking.

                                                    Simply rewriting Unbound in Rust is a non-starter. We are taking gradual steps in reinventing our DNS stack by putting ldns in maintenance mode and investing in our domain library, and sunsetting OpenDNSSEC by launching Cascade.

                                                    Doing an authoritative server in Rust is definitely in the cards. Then, we can imagine putting all puzzle pieces together for a new resolver.

                                                      [?]ézéo » 🌐
                                                      @ezeo@piaille.fr

                                                      Où vont les e-mails de la presse française ?

                                                      On a épluché les DNS de 50 médias : Le Monde, Libération, Ouest-France, Mediapart, Charlie Hebdo, Splann!...

                                                      Résultat : une majorité confie sa messagerie à Google ou Microsoft. Sous juridiction américaine, Cloud Act inclus.

                                                      Les médias indépendants s'en sortent généralement mieux.

                                                      Données publiques, méthodologie ouverte.

                                                      👉 quihebergelesmails.fr/press

                                                        mmu_man boosted

                                                        [?]Stéphane Bortzmeyer » 🌐
                                                        @bortzmeyer@mastodon.gougere.fr

                                                        Le sachiez-tu ? Le nom de domaine sci-hub.se n'existe plus mais il y a toujours des FAI français qui le censurent sur leur résolveur (et renvoient 127.0.0.1) atlas.ripe.net/measurements/18

                                                          [?]Stéphane Bortzmeyer » 🌐
                                                          @bortzmeyer@mastodon.gougere.fr

                                                          - Désignation officielle de l'Afnic comme registre de .mq, .gp, .gf, .re, .tf, .yt, .pm et .wf

                                                          legifrance.gouv.fr/jorf/id/JOR

                                                          legifrance.gouv.fr/jorf/id/JOR

                                                            [?]rabenou » 🌐
                                                            @rabenou@mastodon.online

                                                            - Désignation de l'AFNIC comme office d'enregistrement chargé de la gestion des noms de domaines de premier niveau en :

                                                            - « .mq, « .gp », « .gf », « .re » et « .tf » : legifrance.gouv.fr/jorf/id/JOR

                                                            - « .yt », « .pm » et « .wf » : legifrance.gouv.fr/jorf/id/JOR

                                                              [?]signifier of eschaton » 🌐
                                                              @lw@mastodon.bsd.cafe

                                                              looking for a database of DNS IOCs, e.g. "if a client queries for domain <X>, it's probably compromised by <Y>". does this exist?

                                                                [?]Ténno Seremél’ » 🌐
                                                                @tennoseremel@gts.skobk.in

                                                                *looks at domain prices* Nope, DNS is still a scam.

                                                                #lang_en #thoughts #DNS

                                                                  [?]Stéphane Bortzmeyer » 🌐
                                                                  @bortzmeyer@mastodon.gougere.fr

                                                                  Tiens, le résolveur 1.1.1.1 (Cloudflare) a désormais des non-opaques (on reconnait le code des aéroports, au lieu de l'ancien système opaque).

                                                                    [?]Sheldon [he/him] » 🌐
                                                                    @sysop408@sfba.social

                                                                    Underrated reason to have proper SPF setup for all of your hosted domain names to hard fail improper sending routes... when you forget to turn off the mail sender on your dev server and you run a batch action that sends out tens of thousands of emails to users.

                                                                    I saw my inbox fill up with thousands of email notifications since a lot of the notifications were sent to me. The only reason I'm not panicking is because I looked at the mail headers and saw that because the emails were sent from my computer instead of my server, they failed both SPF and DKIM verification checks so any damage should be limited.

                                                                    Ugh. 😓

                                                                      [?]John Shaft » 🌐
                                                                      @shaft@piaille.fr

                                                                      vannes.bzh ne réponds toujours pas.

                                                                      Le domaine à 2 serveurs faisant autorité déclarés dans la zone parente :

                                                                      - sdns2.ovh.net : Il refuse de répondre (comprendre : il dit ne pas faire autorité)
                                                                      - sdns.pointbzh.fr : serveur également chez OVH et qui lui ne réponds pas

                                                                        mmu_man boosted

                                                                        [?]Stéphane Bortzmeyer » 🌐
                                                                        @bortzmeyer@mastodon.gougere.fr

                                                                        La Bretagne est épargnée par la canicule mais pas par les pannes . vannes.bzh ne répond plus.

                                                                          [?]Stéphane Bortzmeyer » 🌐
                                                                          @bortzmeyer@mastodon.gougere.fr

                                                                          Cours jeudi et vendredi. Comme d'habitude, si vous avez des domaines cassés et/ou rigolos, n'hésitez pas à les indiquer, on les fera analyser par les étudiant·es.

                                                                            AodeRelay boosted

                                                                            [?]LinuxNews.de » 🌐
                                                                            @linuxnews@social.anoxinon.de

                                                                            [?]Miod Vallat [he/him] » 🌐
                                                                            @miodvallat@hostux.social

                                                                            Q: How do secondary DNS servers know how to update their zones? [SENSITIVE CONTENT]

                                                                            A: they read about them on AXFR News.

                                                                              [?]gregR ☯ » 🌐
                                                                              @gregr@mamot.fr

                                                                              Je dis ça je dis rien... mais le point.final client.rdap.org/?type=domain&o n'est pas encore enregistré
                                                                              @shaft

                                                                                John Shaft boosted

                                                                                [?]NLnet Labs » 🌐
                                                                                @nlnetlabs@social.nlnetlabs.nl

                                                                                Cascade supports incremental DNSSEC signing.

                                                                                It doesn't use a jitter-based mechanism for this like OpenDNSSEC has, but rather a “re-signing schedule” approach.

                                                                                To help you understand what to expect from the output, and how the associated settings will affect Cascade's behavior, we have documented the functionality here: cascade.docs.nlnetlabs.nl/en/l

                                                                                  Breizh boosted

                                                                                  [?]Codimp » 🌐
                                                                                  @codimp@social.lithio.fr

                                                                                  Tient on dirait que c'est plus dur qu'avant de trouver un TLD qui héberge un site web.

                                                                                  On dirait que "ai" et "pn" qui le faisaient avant ne le font plus.

                                                                                  Et je n'ai trouvé que "uz" qui le fasse (mais en https et sans le certificat pour "uz") …

                                                                                  #DNS

                                                                                    [?]Afnic » 🌐
                                                                                    @afnic@mastodon.social

                                                                                    📧 DMARC évolue avec la publication de la RFC 9989.

                                                                                    Nouvelle méthode de découverte des politiques (DNS Tree Walk), évolution de la gestion des sous-domaines et nouvelles recommandations de déploiement : cette mise à jour peut avoir un impact sur la délivrabilité de vos emails et la protection contre l’usurpation.

                                                                                    👉 Découvrez les principaux changements et les bonnes pratiques à adopter lors de notre prochain webinaire : webikeo.fr/webinar/dmarc-2026-

                                                                                    [?]Stéphane Bortzmeyer » 🌐
                                                                                    @bortzmeyer@mastodon.gougere.fr

                                                                                    @firefoxwebdevs Or use the yourself, may be through a fediverse gateway: mastodon.gougere.fr/@DNSresolv

                                                                                      [?]Stéphane Bortzmeyer » 🌐
                                                                                      @bortzmeyer@mastodon.gougere.fr

                                                                                      Le sachiez-tu ? Un nom de domaine peut parfaitement être enregistré (et donc ne plus être disponible) sans pour autant être publié dans le . Cela peut être un choix du titulaire ou bien une opération par le BE ou le registre mais le résultat est le même : le DNS vous répond NXDOMAIN (No Such Domain) mais le domaine n'est pas libre. Utilisez donc RDAP (ou whois pour les plus de 60 ans comme moi) pour savoir si le domaine est enregistré.

                                                                                      (Testez, par exemple, avec en.fr.)

                                                                                        [?]Marcus Adams » 🌐
                                                                                        @gerowen@mastodon.social

                                                                                        It still can't do DoH to an upstream DNS server, but it'll at least encrypt DNS queries within the local network now.

                                                                                        Title: Windows Server gets DNS over HTTPS (DoH) support

                                                                                        Subtitle: has finally flipped the switch on a long-awaited Server security upgrade, bringing encrypted to enterprise networks.

                                                                                        Link: neowin.net/news/windows-server

                                                                                          [?]NLnet Labs » 🌐
                                                                                          @nlnetlabs@social.nlnetlabs.nl

                                                                                          It’s Friday release day again with Cascade 0.1.0-beta2 'Donde comen dos, comen tres'. Thanks to the amazing feedback from @jpmens and @gryphius and hard work from the team, our DNSSEC signer has a bunch of fixes and improvements.

                                                                                          github.com/NLnetLabs/cascade/r

                                                                                            AodeRelay boosted

                                                                                            [?]NLnet Labs » 🌐
                                                                                            @nlnetlabs@social.nlnetlabs.nl

                                                                                            Today we released ldns 1.9.1, which contains a security fix for CVE-2026-10846: Insufficient verification that responses belong to a query. Thanks Pablo Ruiz from ‘codecome.ai’ for the report.

                                                                                            Read more in the release post:
                                                                                            community.nlnetlabs.nl/t/ldns-

                                                                                              JP Mens boosted

                                                                                              [?]Jerry Lundström » 🌐
                                                                                              @jelu@mastodns.net

                                                                                              v2.16.0 released!
                                                                                              - Fixed an 8 year old refactor bug in priming query filter, many thanks to @jens for the fix!
                                                                                              - Updated funny class/qtype list, now based on IANA DNS parameters
                                                                                              - Support for reading DLT_LINUX_SLL2 PCAPs

                                                                                              codeberg.org/DNS-OARC/dsc/rele

                                                                                                JP Mens boosted

                                                                                                [?]NLnet Labs » 🌐
                                                                                                @nlnetlabs@social.nlnetlabs.nl

                                                                                                With Cascade 0.1.0 beta1 “Slàinte mhath” we begin our journey to the first production release of our signing solution.

                                                                                                We rewritten our signer from the ground up using a state machine based architecture, ensuring that each zone pipeline is in a single consistent state at all times.

                                                                                                In addition to built-in pre-signing and pre-publication review hooks, there’s now incremental signing, TSIG support, downstream IXFR, zone persistence, metrics and much more.

                                                                                                blog.nlnetlabs.nl/cascade-beta

                                                                                                  JP Mens boosted

                                                                                                  [?]Terence Eden [He/Him/♂/男] » 🌐
                                                                                                  @Edent@mastodon.social

                                                                                                  🆕 blog! “How many consecutive hyphens can you have in a domain name?”

                                                                                                  A seemingly simple question which sent me down into the murky depths of standards. How many consecutive hyphens can you have in a domain name? It probably isn't sensible to name your online presence a----------hyphen.com - but is there anything technically…

                                                                                                  👀 Read more: shkspr.mobi/blog/2026/06/how-m

                                                                                                    [?]NLnet Labs » 🌐
                                                                                                    @nlnetlabs@social.nlnetlabs.nl

                                                                                                    @jpmens Ah yes, this link is a more accurate reflection of the past few days. 😄

                                                                                                    github.com/NLnetLabs/cascade/i

                                                                                                    TSIG is mentioned 6 times!

                                                                                                      [?]NLnet Labs » 🌐
                                                                                                      @nlnetlabs@social.nlnetlabs.nl

                                                                                                      With eight issues and one pull request over the weekend, once again we're incredibly thankful for the effort @jpmens is putting into testing Cascade.

                                                                                                      Luckily, none of the reports seem to be in the “everything is broken”-category! 😅

                                                                                                      github.com/NLnetLabs/cascade/i

                                                                                                        John Shaft boosted

                                                                                                        [?]NLnet Labs » 🌐
                                                                                                        @nlnetlabs@social.nlnetlabs.nl

                                                                                                        With the Cascade beta release, the project now also has a dedicated page on our website:

                                                                                                        nlnetlabs.nl/projects/cascade/

                                                                                                        Next up: a logo!

                                                                                                          Erwan 🚄 boosted

                                                                                                          [?]NLnet Labs » 🌐
                                                                                                          @nlnetlabs@social.nlnetlabs.nl

                                                                                                          After releasing the Cascade beta, NLnet Labs HQ has a @jpmens vs. @bortzmeyer poll going.

                                                                                                          A poll that asks “How many GitHub issues will JP Mens and Stephane Bortzmeyer create by Monday?”

                                                                                                          Alt...A poll that asks “How many GitHub issues will JP Mens and Stephane Bortzmeyer create by Monday?”

                                                                                                            [?]NLnet Labs » 🌐
                                                                                                            @nlnetlabs@social.nlnetlabs.nl

                                                                                                            Cascade 0.1.0 beta1 “Slàinte mhath” is out, so this is your opportunity to kick the tires and take it for a spin around your testing grounds!

                                                                                                            As we gear up to the production release of our DNSSEC signer, we're eager to hear your feedback so we can incorporate it while we add improvements that we still have in the pipeline which we consider essential for production use.

                                                                                                            Read all about it in our blog post!
                                                                                                            blog.nlnetlabs.nl/cascade-beta

                                                                                                              [?]Tom23 » 🌐
                                                                                                              @Tom23@pouet.chapril.org

                                                                                                              Mon problème de merdique à la maison s’est résolu tout seul. Comme c’était arrivé à peu près en même temps que la mise en service de mon et que les symptômes faisaient clairement penser à un truc lié au , j’ai passé pas mal de temps à faire du diag sur le sujet. Mais sans réussir à reproduire significativement les erreurs.
                                                                                                              La seule différence avec aujourd’hui, c’est que les font genre x100 voir x1000 moins de requêtes dns qu’avant.

                                                                                                                [?]gregR ☯ » 🌐
                                                                                                                @gregr@mamot.fr

                                                                                                                > Les SOA quand il y en a un ça va, c'est quand il y en a plusieurs qu'il y a des problèmes…
                                                                                                                atlas.ripe.net/measurements/17

                                                                                                                blaeu blaeu-resolve --type SOA --ipv4 --requested=100 shiabank.com.

                                                                                                                [ns-2evo.shiabank.com. hostmaster.shiabank.com. 1780405930 3600 600 86400 60] : 1 occurrences
                                                                                                                [ERROR: SERVFAIL] : 3 occurrences
                                                                                                                [ns-r6gh.shiabank.com. hostmaster.shiabank.com. 1780405930 3600 600 86400 60] : 1 occurrences
                                                                                                                Test #176129238 done at 2026-06-02T13:12:51Z

                                                                                                                  [?]Jeroen Ruigrok van der Werven » 🌐
                                                                                                                  @asmodai@mastodon.social

                                                                                                                  Given my domain renewal is around the corner, used the opportunity to move this last domain from Gandi to Porkbun.

                                                                                                                  Served me well over the years, but with all the recent changes, putting my (little) money where my mouth is and move to a better registrar.

                                                                                                                    Alexandre :freebsd: boosted

                                                                                                                    [?]BastilleBSD :freebsd: » 🌐
                                                                                                                    @BastilleBSD@fosstodon.org

                                                                                                                    More IDN homograph detection research today. This screenshot is a bit horrifying considering how nearly identical many of the invalid entries visually match the valid entry (top).

                                                                                                                    TIME CLIENT DOMAIN TYPE STATUS SOURCE SEC LATENCY
2026-06-02 01:29 UTC 10.17.89.197 paypal.com. MX CACHE 0.1ms
2026-06-02 01:29 UTC 10.17.89.197 paypal.com. AAAA FORWARD v SEC 43.1ms
2026-06-02 01:29 UTC 10.17.89.197 paypal.com. A CACHE 0.1ms
2026-06-02 01:29 UTC 10.17.89.197 paypal.com. A BLOCKED HOMOGRAPH 0.0ms
2026-06-02 01:29 UTC 10.17.89.197 paypal.com. A BLOCKED HOMOGRAPH 0.0ms
2026-06-02 01:29 UTC 10.17.89.197 paypal.com. A BLOCKED HOMOGRAPH 0.0ms
2026-06-02 01:29 UTC 10.17.89.197 paypat.com. A BLOCKED HOMOGRAPH 0.0ms
2026-06-02 01:29 UTC 10.17.89.197 paypal.com. A BLOCKED HOMOGRAPH 0.0ms
2026-06-02 01:29 UTC 10.17.89.197 paypal.com. A BLOCKED HOMOGRAPH 0.0ms
2026-06-02 01:29 UTC 10.17.89.197 paypat.com. A BLOCKED HOMOGRAPH 0.0ms
2026-06-02 01:29 UTC 10.17.89.197 paypal.com. A BLOCKED HOMOGRAPH 0.0ms
2026-06-02 01:29 UTC 10.17.89.197 paypal.com. A BLOCKED HOMOGRAPH 0.0ms
2026-06-02 01:29 UTC 10.17.89.197 paypat.com. A BLOCKED HOMOGRAPH 0.0ms
2026-06-02 01:29 UTC 10.17.89.197 paypal.com. A BLOCKED HOMOGRAPH 0.0ms
2026-06-02 01:29 UTC 10.17.89.197 paypal.com. A BLOCKED HOMOGRAPH 0.0ms
2026-06-02 01:29 UTC 10.17.89.197 paypal.com. A BLOCKED HOMOGRAPH 0.0ms

                                                                                                                    Alt...TIME CLIENT DOMAIN TYPE STATUS SOURCE SEC LATENCY 2026-06-02 01:29 UTC 10.17.89.197 paypal.com. MX CACHE 0.1ms 2026-06-02 01:29 UTC 10.17.89.197 paypal.com. AAAA FORWARD v SEC 43.1ms 2026-06-02 01:29 UTC 10.17.89.197 paypal.com. A CACHE 0.1ms 2026-06-02 01:29 UTC 10.17.89.197 paypal.com. A BLOCKED HOMOGRAPH 0.0ms 2026-06-02 01:29 UTC 10.17.89.197 paypal.com. A BLOCKED HOMOGRAPH 0.0ms 2026-06-02 01:29 UTC 10.17.89.197 paypal.com. A BLOCKED HOMOGRAPH 0.0ms 2026-06-02 01:29 UTC 10.17.89.197 paypat.com. A BLOCKED HOMOGRAPH 0.0ms 2026-06-02 01:29 UTC 10.17.89.197 paypal.com. A BLOCKED HOMOGRAPH 0.0ms 2026-06-02 01:29 UTC 10.17.89.197 paypal.com. A BLOCKED HOMOGRAPH 0.0ms 2026-06-02 01:29 UTC 10.17.89.197 paypat.com. A BLOCKED HOMOGRAPH 0.0ms 2026-06-02 01:29 UTC 10.17.89.197 paypal.com. A BLOCKED HOMOGRAPH 0.0ms 2026-06-02 01:29 UTC 10.17.89.197 paypal.com. A BLOCKED HOMOGRAPH 0.0ms 2026-06-02 01:29 UTC 10.17.89.197 paypat.com. A BLOCKED HOMOGRAPH 0.0ms 2026-06-02 01:29 UTC 10.17.89.197 paypal.com. A BLOCKED HOMOGRAPH 0.0ms 2026-06-02 01:29 UTC 10.17.89.197 paypal.com. A BLOCKED HOMOGRAPH 0.0ms 2026-06-02 01:29 UTC 10.17.89.197 paypal.com. A BLOCKED HOMOGRAPH 0.0ms

                                                                                                                      AodeRelay boosted

                                                                                                                      [?]BastilleBSD :freebsd: » 🌐
                                                                                                                      @BastilleBSD@fosstodon.org

                                                                                                                      Screenshot from my custom (Rust) DNS filtering-forwarder with new experimental runtime IDN homograph detection against a predefined protected domain list.

                                                                                                                      Screenshot results reflect these punycodes:
                                                                                                                      xn--ggle-55da.com google.com BLOCK
                                                                                                                      xn--pypl-53dc.com paypal.com BLOCK
                                                                                                                      xn--pple-43d.com apple.com BLOCK
                                                                                                                      xn--fiq228c5hs.cn chinese ALLOW

                                                                                                                      TIME CLIENT DOMAIN TYPE STATUS SOURCE SEC LATENCY
2026-06-01 17:30 UTC 10.89.17.11 FZ. cn. A FORWARD - 450.5ms
2026-06-01 17:30 UTC 10.89.17.11 apple.com. A BLOCKED HOMOGRAPH 0.0ms
2026-06-01 17:30 UTC 10.89.17.11 paypal.com. A BLOCKED HOMOGRAPH 0.0ms
2026-06-01 17:30 UTC 10.89.17.11 google.com. A BLOCKED HOMOGRAPH 0.0ms

                                                                                                                      Alt...TIME CLIENT DOMAIN TYPE STATUS SOURCE SEC LATENCY 2026-06-01 17:30 UTC 10.89.17.11 FZ. cn. A FORWARD - 450.5ms 2026-06-01 17:30 UTC 10.89.17.11 apple.com. A BLOCKED HOMOGRAPH 0.0ms 2026-06-01 17:30 UTC 10.89.17.11 paypal.com. A BLOCKED HOMOGRAPH 0.0ms 2026-06-01 17:30 UTC 10.89.17.11 google.com. A BLOCKED HOMOGRAPH 0.0ms

                                                                                                                        [?]John Shaft » 🌐
                                                                                                                        @shaft@piaille.fr

                                                                                                                        This month, Berkeley Internet Name Domain better known as BIND celebrates its 40th anniversary! It was first released with BSD 4.3 in June 1986 🥳🎂🎉

                                                                                                                          Lord boosted

                                                                                                                          [?]Codimp » 🌐
                                                                                                                          @codimp@social.lithio.fr

                                                                                                                          Pour une présentation DNS, est-ce que vous avez des exemples récents de "soucis", genre panne car 2 serveurs DNS seulement dans le même AS/même baie/même bandeau électrique comme BNP Paribas en 2017 ?

                                                                                                                          Ou d'autres exemples amusant sur du DNS

                                                                                                                          Le retoot aide la pédagogie ^^

                                                                                                                          #DNS

                                                                                                                            1 ★ 0 ↺

                                                                                                                            [?]oldsysops » 🌐
                                                                                                                            @oldsysops@social.dk-libre.fr

                                                                                                                            tiens j'ai un nom de domaine (perso) qui s'est fait pirater et qui pointe vers un ns2.emailverification.info/ns1.emailverification.info ...

                                                                                                                            bizarre (heureusement pas en "prod")

                                                                                                                            une recherche rapide m'indique que je suis pas le seul...

                                                                                                                              [?]Cdrik ⏚🌻 » 🌐
                                                                                                                              @Bristow_69@framapiaf.org

                                                                                                                              Je ne comprends pas pourquoi le site web de cette initiative de fourniture de DNS européens (qui inclut un filtrage enfant + antipub) n'est toujours pas traduite en plusieurs langues européennes 🤔

                                                                                                                              joindns4.eu/

                                                                                                                              Les DNS Grand Public :

                                                                                                                              - Protective 86.54.11.1
                                                                                                                              - Protective + Child Protection 86.54.11.12
                                                                                                                              - Protective + Ad Blocking 86.54.11.13
                                                                                                                              - Protective + Child Protection + Ad Blocking 86.54.11.11
                                                                                                                              - Unfiltered 86.54.11.100

                                                                                                                              Logo de DNS4EU, le 4 est en jaune, les lettres en gris.

                                                                                                                              Alt...Logo de DNS4EU, le 4 est en jaune, les lettres en gris.

                                                                                                                                🗳
                                                                                                                                Alexandre :freebsd: boosted

                                                                                                                                [?]BastilleBSD :freebsd: » 🌐
                                                                                                                                @BastilleBSD@fosstodon.org

                                                                                                                                If you run your own local DNS servers at home, do you: (select all that apply)

                                                                                                                                Comment with your preferred DNS stack and privacy friendly DNS providers.

                                                                                                                                Forward to ISP's DNS servers.:0
                                                                                                                                Forward to a DNS service (1.1.1.1, 9.9.9.9, etc).:6
                                                                                                                                Recursively resolve from root servers directly.:7
                                                                                                                                Encrypt my DNS using DoH, DoT, etc.:7
                                                                                                                                  AodeRelay boosted

                                                                                                                                  [?]Larvitz :fedora: » 🌐
                                                                                                                                  @Larvitz@burningboard.net

                                                                                                                                  I self-host the DNS for my domains for more than 20 years now.

                                                                                                                                  2026 now finally was the year, where I decomissioned the last BIND server and replaced it with a PowerDNS, containerized in Podman :podman: and a SQLite backend.

                                                                                                                                  I already migrated the hidden-primariy to PowerDNS in 2022 (because of the REST API, compatibility with Traefik, easier DNSSEC handling and the higher flexibility) and now my secondaries are also migrated.

                                                                                                                                  Nontheless, BIND was one of the most stable pieces of technology that I've ever used. But it also felt a bit unwieldy and old-fashined ins some ways.

                                                                                                                                    JP Mens boosted

                                                                                                                                    [?]NLnet Labs » 🌐
                                                                                                                                    @nlnetlabs@social.nlnetlabs.nl

                                                                                                                                    We released Unbound 1.25.1 just seven days ago and now look at the changelog today. ❤️‍🩹🔥

                                                                                                                                    github.com/NLnetLabs/unbound/b

                                                                                                                                      [?]Stéphane Bortzmeyer » 🌐
                                                                                                                                      @bortzmeyer@mastodon.gougere.fr

                                                                                                                                      @danyork Any city (not too small, however). can do anything.

                                                                                                                                        [?]🫧 Social coding commons » 🌐
                                                                                                                                        @smallcircles@social.coop

                                                                                                                                        @h4ckernews

                                                                                                                                        Yes, gnutella. I remember.

                                                                                                                                        > For most was a file transfer tool. This categorization misses a basic function of the . At its core, Gnutella is just a peer-to-peer engine for blobs.

                                                                                                                                        > We could have used it as a poor man's system, or a global metadata lookup table for key/value pairs, or a matchmaking service for your Unreal Tournament league, but that never really happened. Gnutella was good at providing file downloads that matched search queries, and that is what history remembers it for.

                                                                                                                                          [?]gregR ☯ » 🌐
                                                                                                                                          @gregr@mamot.fr

                                                                                                                                          QOTD
                                                                                                                                          > Technitium DNS Server est un serveur DNS open source complet : autoritaire, récursif, et relais.
                                                                                                                                          @bortzmeyer revenez vite de vacances !

                                                                                                                                            🗳
                                                                                                                                            mc.fly boosted

                                                                                                                                            [?]mc.fly [he/him] » 🌐
                                                                                                                                            @mcfly@milliways.social

                                                                                                                                            So question:
                                                                                                                                            "how many authoritative name servers don't support encryption?"

                                                                                                                                            The internet claims that this is >95%.

                                                                                                                                            My personal feeling is that this is lower but this might be my bubble, that we're the 5%.

                                                                                                                                            What's your feeling?

                                                                                                                                            Plz retoot for reach.

                                                                                                                                            It is our bubble. We're the 5%, noone else cares:10
                                                                                                                                            I think it is higher now - a bit, maybe 10% or so:5
                                                                                                                                            It is significantly higher - more 25%:0
                                                                                                                                            what the hell is DNS query encryption?:16

                                                                                                                                            Closed

                                                                                                                                              Remi Gacogne boosted

                                                                                                                                              [?]NLnet Labs » 🌐
                                                                                                                                              @nlnetlabs@social.nlnetlabs.nl

                                                                                                                                              🚨 SECURITY RELEASE 🚨
                                                                                                                                              Today we released Unbound 1.25.1, which consolidates security fixes for issues reported over a period of time.

                                                                                                                                              There are fixes for CVE-2026-33278, CVE-2026-42944, CVE-2026-42959, CVE-2026-32792, CVE-2026-40622, CVE-2026-41292, CVE-2026-42534, CVE-2026-42923, CVE-2026-42960, CVE-2026-44390 and CVE-2026-44608.

                                                                                                                                              Please read the release notes carefully and plan to upgrade.

                                                                                                                                              community.nlnetlabs.nl/t/unbou

                                                                                                                                                AodeRelay boosted

                                                                                                                                                [?]BastilleBSD :freebsd: » 🌐
                                                                                                                                                @BastilleBSD@fosstodon.org

                                                                                                                                                Pro tip: set `UseDNS no` in your sshd_config to disable reverse DNS lookups for every single ssh connection to your host.

                                                                                                                                                It provides no filtering or validation purpose, afaik, and seems to only generate excess DNS traffic.

                                                                                                                                                This lesson brought to you by the 66k DNS lookups in the past 24hrs from a single public facing forgejo jail.

                                                                                                                                                  JP Mens boosted

                                                                                                                                                  [?]Jerry Lundström » 🌐
                                                                                                                                                  @jelu@mastodns.net

                                                                                                                                                  v0.10.0 released!
                                                                                                                                                  Added:
                                                                                                                                                  - Validate zones signed with Ed25519 and Ed448 (RFC 8080)
                                                                                                                                                  - Validate SVCB (TYPE 64) and HTTPS (TYPE 65) records per RFC 9460, including all nine IANA-registered SvcParam keys.
                                                                                                                                                  - CAA tag-value validation and RFC 8657 contact tags.
                                                                                                                                                  - Support the optional $INCLUDE <domain-name> argument: overrides $ORIGIN for the included file only.
                                                                                                                                                  plus many fixes, see changelog for full details!

                                                                                                                                                  codeberg.org/DNS-OARC/validns/

                                                                                                                                                    [?]Stéphane Bortzmeyer » 🌐
                                                                                                                                                    @bortzmeyer@mastodon.gougere.fr

                                                                                                                                                    chinamobile.com has four name servers and they all have the same set of IP addresses.

                                                                                                                                                      [?]Stéphane Bortzmeyer » 🌐
                                                                                                                                                      @bortzmeyer@mastodon.gougere.fr

                                                                                                                                                      Nice and clever trick to recover some of the "anonymized" IP addresses in root name server traffic. ("Anonymization" is often a joke.)

                                                                                                                                                        [?]Stéphane Bortzmeyer » 🌐
                                                                                                                                                        @bortzmeyer@mastodon.gougere.fr

                                                                                                                                                        If your employer is an OARC member, you have access to the data collected by the root name servers. (Talk by Kazunori Fujiwara)

                                                                                                                                                        As always, working with data is complicated. For instance, some operators (A, B, D, F, H, I, J and L) blur the IP addresses, and it is not documented. (And they don't use the same algorithm.)

                                                                                                                                                          [?]Stéphane Bortzmeyer » 🌐
                                                                                                                                                          @bortzmeyer@mastodon.gougere.fr

                                                                                                                                                          "Gonemaster - A Go implementation of Zonemaster" by Patrik Wallström

                                                                                                                                                          Instead of using AI, let's use Go :-) Among the good things: native concurrency [I approve]

                                                                                                                                                          codeberg.org/pawal/gonemaster

                                                                                                                                                          🐪

                                                                                                                                                            [?]NLnet Labs » 🌐
                                                                                                                                                            @nlnetlabs@social.nlnetlabs.nl

                                                                                                                                                            @ximon18 @dnsoarc after his talk on stage, Ximon will be at the demo table in the lunch area, where he can show all the other tricks Cascade has learned since OARC 45 in Stockholm.

                                                                                                                                                            Also, make sure to bring your zone files so you can for example see how fast parallel signing by @bal4e really is.

                                                                                                                                                              [?]Stéphane Bortzmeyer » 🌐
                                                                                                                                                              @bortzmeyer@mastodon.gougere.fr

                                                                                                                                                              "It's still broken."

                                                                                                                                                                Fred de CLX boosted

                                                                                                                                                                [?]Stéphane Bortzmeyer » 🌐
                                                                                                                                                                @bortzmeyer@mastodon.gougere.fr

                                                                                                                                                                The NS set and the associated glue MUST be consistent between parent and child domain. If they are not, the result will depend on wether the resolver is parent-centric or child-centric.

                                                                                                                                                                (talk by Petr Špaček)

                                                                                                                                                                At a time, it broke the .cd TLD.

                                                                                                                                                                  [?]Haack’s Networking » 🌐
                                                                                                                                                                  @oemb1905@gnulinux.social

                                                                                                                                                                  Webmin is hardened & clustered w/ three total nodes, ns1, ns2, and ns3 etc. I will eventually add clustered nodes on two other locations so records are still served when one cluster's host is down.

                                                                                                                                                                  tech.haacksnetworking.org/2025 feedback welcome.

                                                                                                                                                                  Added larger tmp directory & source-IPd vhost so webmin won't lock. Obv, make sure you use static, dedicated, & fully hardened external IPs for permitted list.

                                                                                                                                                                  haack's networking business logo

                                                                                                                                                                  Alt...haack's networking business logo

                                                                                                                                                                    [?]Stéphane Bortzmeyer » 🌐
                                                                                                                                                                    @bortzmeyer@mastodon.gougere.fr

                                                                                                                                                                    Funny that traffic analysis at Salesforce show still a lot of requests for obsolete types like A6, SPF, DLV.

                                                                                                                                                                      [?]Stéphane Bortzmeyer » 🌐
                                                                                                                                                                      @bortzmeyer@mastodon.gougere.fr

                                                                                                                                                                      Now, let's innovate: about DELEG, the future new system for delegation.

                                                                                                                                                                      "Authoritative Enrollment of DELEG" by Libor Peltan

                                                                                                                                                                        [?]Stéphane Bortzmeyer » 🌐
                                                                                                                                                                        @bortzmeyer@mastodon.gougere.fr

                                                                                                                                                                        root zone key rollover under way. (Planned for 11 october.)

                                                                                                                                                                        "Who in the room has root access to his resolver?" (Lot of hands, this is an OARC meeting.)

                                                                                                                                                                          [?]Stéphane Bortzmeyer » 🌐
                                                                                                                                                                          @bortzmeyer@mastodon.gougere.fr

                                                                                                                                                                          Wonderful list of things that can go wrong (and therefore, will) in operations.

                                                                                                                                                                          (Including an error done on friday afternoon and fixed, will you guess, on monday.)

                                                                                                                                                                            Fred de CLX boosted

                                                                                                                                                                            [?]Stéphane Bortzmeyer » 🌐
                                                                                                                                                                            @bortzmeyer@mastodon.gougere.fr

                                                                                                                                                                            DNessie, official mascot.

                                                                                                                                                                            A cute Loch Ness monster standing in the front of the room.

                                                                                                                                                                            Alt...A cute Loch Ness monster standing in the front of the room.

                                                                                                                                                                              Fred de CLX boosted

                                                                                                                                                                              [?]Stéphane Bortzmeyer » 🌐
                                                                                                                                                                              @bortzmeyer@mastodon.gougere.fr

                                                                                                                                                                              "Modeling DNS Queries and Caching to Evaluate the Merits of QNAME Minimization" by Casey Deccio

                                                                                                                                                                              Great explanation of caching dynamics, by the way.

                                                                                                                                                                                [?]Stéphane Bortzmeyer » 🌐
                                                                                                                                                                                @bortzmeyer@mastodon.gougere.fr

                                                                                                                                                                                Actually measuring the robustness of the Internet is hard. For instance, for resolvers (the current talk by Maynard Koch), good resolvers, actually used by people, are typically not publically reachable. The open resolvers which are easy to study are typically misconfigured and not actually used.

                                                                                                                                                                                  [?]Stéphane Bortzmeyer » 🌐
                                                                                                                                                                                  @bortzmeyer@mastodon.gougere.fr

                                                                                                                                                                                  [?]Stéphane Bortzmeyer » 🌐
                                                                                                                                                                                  @bortzmeyer@mastodon.gougere.fr

                                                                                                                                                                                  Did you know that OARC has its own fediverse instance?

                                                                                                                                                                                  Sticker with a mastodon and the domain name mastodns.net

                                                                                                                                                                                  Alt...Sticker with a mastodon and the domain name mastodns.net

                                                                                                                                                                                    [?]Stéphane Bortzmeyer » 🌐
                                                                                                                                                                                    @bortzmeyer@mastodon.gougere.fr

                                                                                                                                                                                    Good morning, Edinburgh! First day of the OARC workshop.

                                                                                                                                                                                    indico.dns-oarc.net/event/56/

                                                                                                                                                                                    An old stone building (the Writer's Museum).

                                                                                                                                                                                    Alt...An old stone building (the Writer's Museum).

                                                                                                                                                                                      [?]nico » 🌐
                                                                                                                                                                                      @n@gotosocial.tourmentine.com

                                                                                                                                                                                      AodeRelay boosted

                                                                                                                                                                                      [?]BastilleBSD :freebsd: » 🌐
                                                                                                                                                                                      @BastilleBSD@fosstodon.org

                                                                                                                                                                                      Averaging 36.6% block rate on my DNS filtering service across all users.

                                                                                                                                                                                      In the age of enshittification it's not hard to believe that 1/3 of all DNS queries request adware, malware, trackers, and other crap you don't need.

                                                                                                                                                                                        [?]Elena Rossini on GoToSocial ⁂ » 🌐
                                                                                                                                                                                        @elena@aseachange.com

                                                                                                                                                                                        Dear Fedi friends,
                                                                                                                                                                                        You know how grateful I am for your help and expertise. I have a burning question and I know some of you may have the correct answer.

                                                                                                                                                                                        Long story short, I had been doing a deep dive into #WSocial. My exposé published on Friday got 830 retweets!

                                                                                                                                                                                        I am working on a follow-up piece and there's something I don't understand.

                                                                                                                                                                                        The homepage of W Social is now redirecting - from wsocial.eu to wsocial.news

                                                                                                                                                                                        If I put wsocial.news in WHOIS databases, I'm finding very little information about when it was registered. And there's some odd stuff, like showing an IP address in Washington DC - but they are very adamant of being hosted in Europe... and they use bunny.net (Slovenia). What gives?

                                                                                                                                                                                        #AskFedi #DNS #WhoIs

                                                                                                                                                                                        a screenshot of DomainTools showing the WHOis record for WSocial.news - it says name servers are from bunny.net but the IP location and ASN are from Datacamp in the US

                                                                                                                                                                                        Alt...a screenshot of DomainTools showing the WHOis record for WSocial.news - it says name servers are from bunny.net but the IP location and ASN are from Datacamp in the US

                                                                                                                                                                                          [?]John Shaft » 🌐
                                                                                                                                                                                          @shaft@piaille.fr

                                                                                                                                                                                          Just realised that is Internet Standard (STD) 13.

                                                                                                                                                                                          In Western societies it means that DNS brings, obviously, good luck ☝️

                                                                                                                                                                                          rfc-editor.org/info/std13

                                                                                                                                                                                            [?]Stéphane Bortzmeyer » 🌐
                                                                                                                                                                                            @bortzmeyer@mastodon.gougere.fr

                                                                                                                                                                                            Encore un correcteur trop zélé (c'est legarcon.net, pas legarçon.net)

                                                                                                                                                                                              [?]John Shaft » 🌐
                                                                                                                                                                                              @shaft@piaille.fr

                                                                                                                                                                                              @jpmens As expected, it was not a problem. :)

                                                                                                                                                                                                [?]nico » 🌐
                                                                                                                                                                                                @n@gotosocial.tourmentine.com

                                                                                                                                                                                                [?]⁢Ƥĥąɳʈȯɱ :fedora: 🎸 🏳️‍🌈 ⁂ » 🌐
                                                                                                                                                                                                @Steve12L@mamot.fr

                                                                                                                                                                                                ⋅ DNS et certificats SSL : les deux clés d'Internet que l'Europe n'a jamais eu en main

                                                                                                                                                                                                clubic.com/dossier-611791-dns-

                                                                                                                                                                                                  [?]John Shaft » 🌐
                                                                                                                                                                                                  @shaft@piaille.fr

                                                                                                                                                                                                  .de incident is a good reminder that resolver operators really should serve stale data ( 8767) when needed.

                                                                                                                                                                                                  It helps.

                                                                                                                                                                                                    [?]Michał "rysiek" Woźniak · 🇺🇦 » 🌐
                                                                                                                                                                                                    @rysiek@mstdn.social

                                                                                                                                                                                                    DENIC wrote in their status message that "all DNSSEC-signed .de domains are currently affected in their reachability"
                                                                                                                                                                                                    status.denic.de/pages/incident

                                                                                                                                                                                                    But it wasn't just DNSSEC-signed domains! For example, bahn.de was down even though it is not DNSSEC-signed.

                                                                                                                                                                                                    It looks like for DNSSEC-signed zones the DS record in de. was incorrectly signed:
                                                                                                                                                                                                    dnsviz.net/d/nic.de/afpsNg/dns

                                                                                                                                                                                                    And for zones that were not signed, the NSEC3 records proving there is no DS record were incorrectly signed:
                                                                                                                                                                                                    dnsviz.net/d/bahn.de/afpnxQ/dn

                                                                                                                                                                                                      [?]John Shaft » 🌐
                                                                                                                                                                                                      @shaft@piaille.fr

                                                                                                                                                                                                      Please remember that is innocent until proven guilty. AFAIK DNS is working as expected in the case of .de outage

                                                                                                                                                                                                      'DNS is innocent' in caps against a yellow background

                                                                                                                                                                                                      Alt...'DNS is innocent' in caps against a yellow background

                                                                                                                                                                                                        [?]Michał "rysiek" Woźniak · 🇺🇦 » 🌐
                                                                                                                                                                                                        @rysiek@mstdn.social

                                                                                                                                                                                                        Here's a thought:

                                                                                                                                                                                                        The fact that people are experiencing issues with DE sites and asking if CloudFlare is down speaks volumes about the stability of DE ccTLD and the broader DNS compared to big cloud providers.

                                                                                                                                                                                                        :blobcatcoffee:

                                                                                                                                                                                                          [?]Michał "rysiek" Woźniak · 🇺🇦 » 🌐
                                                                                                                                                                                                          @rysiek@mstdn.social

                                                                                                                                                                                                          DENIC's status page:
                                                                                                                                                                                                          status.denic.de/

                                                                                                                                                                                                          Screenshot below in case you're not able to load it (as I said, stuff is going to be intermittently failing).

                                                                                                                                                                                                          DNSSEC disruption affecting .de domainsPartial Service Disruption

Incident Status

Partial Service Disruption

Components

DNS

Services

DNS Nameservice

May 5, 2026 23:28 CEST
May 5, 2026 21:28 UTC
INVESTIGATING

Frankfurt am Main, 5 May 2026 – DENIC eG is currently experiencing a disruption in its DNS service for .de domains. As a result, all DNSSEC-signed .de domains are currently affected in their reachability.
The root cause of the disruption has not yet been fully identified. DENIC’s technical teams are working intensively on analysis and on restoring stable operations as quickly as possible.
Based on current information, users and operators of .de domains may experience impairments in domain resolution. Further updates will be provided as soon as reliable findings on the cause and recovery are available.
DENIC asks all affected parties for their understanding.
For further enquiries, DENIC can be contacted via the usual channels.

                                                                                                                                                                                                          Alt...DNSSEC disruption affecting .de domainsPartial Service Disruption Incident Status Partial Service Disruption Components DNS Services DNS Nameservice May 5, 2026 23:28 CEST May 5, 2026 21:28 UTC INVESTIGATING Frankfurt am Main, 5 May 2026 – DENIC eG is currently experiencing a disruption in its DNS service for .de domains. As a result, all DNSSEC-signed .de domains are currently affected in their reachability. The root cause of the disruption has not yet been fully identified. DENIC’s technical teams are working intensively on analysis and on restoring stable operations as quickly as possible. Based on current information, users and operators of .de domains may experience impairments in domain resolution. Further updates will be provided as soon as reliable findings on the cause and recovery are available. DENIC asks all affected parties for their understanding. For further enquiries, DENIC can be contacted via the usual channels.

                                                                                                                                                                                                            [?]John Shaft » 🌐
                                                                                                                                                                                                            @shaft@piaille.fr

                                                                                                                                                                                                            Ok, is innocent. Most of the time. Curious to know what caused .de outage

                                                                                                                                                                                                              [?]John Shaft » 🌐
                                                                                                                                                                                                              @shaft@piaille.fr

                                                                                                                                                                                                              Am I the only one having problems with ?

                                                                                                                                                                                                              Unbound is throwing me a lot of DNSSEC bogus on some .de domains 🤔

                                                                                                                                                                                                              $ dig welt.de
                                                                                                                                                                                                              ...
                                                                                                                                                                                                              ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 21366
                                                                                                                                                                                                              ...
                                                                                                                                                                                                              ; EDE: 6 (DNSSEC Bogus): (validation failure <welt.de. A IN>: signature crypto failed from 2a02:568:0:2::53 for DS welt.de. while building chain of trust)

                                                                                                                                                                                                                [?]Michał "rysiek" Woźniak · 🇺🇦 » 🌐
                                                                                                                                                                                                                @rysiek@mstdn.social

                                                                                                                                                                                                                At this moment, please send to folks at DENIC. They are dealing with a really bad and stressful situation and I am sure they are doing their best to resolve it as soon as possible.

                                                                                                                                                                                                                  John Shaft boosted

                                                                                                                                                                                                                  [?]Michał "rysiek" Woźniak · 🇺🇦 » 🌐
                                                                                                                                                                                                                  @rysiek@mstdn.social

                                                                                                                                                                                                                  Edit: issue seems fixed.

                                                                                                                                                                                                                  Looks like DE ccTLD is unresolvable due to DNSSEC issue:
                                                                                                                                                                                                                  dnsviz.net/d/nic.de/afpsNg/dns

                                                                                                                                                                                                                  😬

                                                                                                                                                                                                                  🧵👇

                                                                                                                                                                                                                    [?]Michał "rysiek" Woźniak · 🇺🇦 » 🌐
                                                                                                                                                                                                                    @rysiek@mstdn.social

                                                                                                                                                                                                                    RE: mastodon.social/@jpmens/116522

                                                                                                                                                                                                                    IANA has a chance to do the funniest thing ever… :blobcatpeek:

                                                                                                                                                                                                                      [?]nico » 🌐
                                                                                                                                                                                                                      @n@gotosocial.tourmentine.com

                                                                                                                                                                                                                      [?]BastilleBSD :freebsd: » 🌐
                                                                                                                                                                                                                      @BastilleBSD@fosstodon.org

                                                                                                                                                                                                                      I am looking for a few more US-based early adopters to provide feedback on a protective DNS service offering aligned with NIST SP 800-81 Rev. 3 (March 2026).

                                                                                                                                                                                                                      csrc.nist.gov/pubs/sp/800/81/r

                                                                                                                                                                                                                      This service merges Zero Trust and DNS without requiring client-side agents. Supports mobile devices, browsers, server hardware & IoT.

                                                                                                                                                                                                                      If you're interested in providing feedback on this service as a free beta tester, email me at:

                                                                                                                                                                                                                      securednsbeta@techliterate.co

                                                                                                                                                                                                                        [?]Arnaud Launay » 🌐
                                                                                                                                                                                                                        @asl@mastodon.launay.org

                                                                                                                                                                                                                        Ah, je viens donc de découvrir que drill a été "abandonné", que le nouvel outil s'appelle "dnsi" ... Et qu'il n'a pas l'air beaucoup plus développé non plus.
                                                                                                                                                                                                                        Faut en revenir à dig ?

                                                                                                                                                                                                                          John Shaft boosted

                                                                                                                                                                                                                          [?]NLnet Labs » 🌐
                                                                                                                                                                                                                          @nlnetlabs@social.nlnetlabs.nl

                                                                                                                                                                                                                          We released Unbound 1.25.0. This release of our resolver includes improvements and fixes resulting from reports by various security researchers.

                                                                                                                                                                                                                          In the release notes, the word “thanks" appears 32 times. You can expect this trend to continue for the next couple of releases, at least.

                                                                                                                                                                                                                          Lastly, please note the new signing key we're using since January ‘26.

                                                                                                                                                                                                                          community.nlnetlabs.nl/t/unbou

                                                                                                                                                                                                                            [?]Jonathan Kamens 86 47 » 🌐
                                                                                                                                                                                                                            @jik@federate.social

                                                                                                                                                                                                                            the consultant who maintains your company's sets up in Salesforce's sandbox environment and asks you to create the necessary records for it and doesn't understand why it's a problem that he used the same selectors (i.e., DNS record names) for the sandbox environment that are already being used in production.
                                                                                                                                                                                                                            (I'm sure he has an expert-level proficiency in Salesforce, but maybe not so much in email security.)

                                                                                                                                                                                                                              [?]nico » 🌐
                                                                                                                                                                                                                              @n@gotosocial.tourmentine.com

                                                                                                                                                                                                                              [?]Teddy / Domingo (🇨🇵/🇬🇧) » 🌐
                                                                                                                                                                                                                              @TeddyTheBest@framapiaf.org

                                                                                                                                                                                                                              Véritable pare-feu de l’Internet, est devenu en quelques années la référence pour reprendre le contrôle sur sa . Pourquoi délaisser les de votre au profit de ce fleuron français ? 
                                                                                                                                                                                                                              goodtech.info/nextdns-guide-av

                                                                                                                                                                                                                              Remi Gacogne boosted

                                                                                                                                                                                                                              [?]Stéphane Bortzmeyer » 🌐
                                                                                                                                                                                                                              @bortzmeyer@mastodon.gougere.fr

                                                                                                                                                                                                                              Géopolitique du : quel est le point commun entre la Grèce et le Kirghizistan ? labs.ripe.net/author/yevheniya

                                                                                                                                                                                                                              (Réponse : les deux ont au moins un serveur faisant autorité acceptant DoT - DNS sur TLS.)

                                                                                                                                                                                                                                [?]NLnet Labs » 🌐
                                                                                                                                                                                                                                @nlnetlabs@social.nlnetlabs.nl

                                                                                                                                                                                                                                To his complete surprise, our colleague Jaap Akkerhuis was awarded Knight of the Order of the Dutch Lion earlier today for Exceptional Contribution to Society. Akkerhuis is a Dutch Internet pioneer, protocol designer and expert on the internet's naming system.

                                                                                                                                                                                                                                More at blog.nlnetlabs.nl/dutch-intern

                                                                                                                                                                                                                                  [?]nico » 🌐
                                                                                                                                                                                                                                  @n@gotosocial.tourmentine.com

                                                                                                                                                                                                                                  [?]John Shaft » 🌐
                                                                                                                                                                                                                                  @shaft@piaille.fr

                                                                                                                                                                                                                                  RE: piaille.fr/@shaft/116455327800

                                                                                                                                                                                                                                  Procrastination over

                                                                                                                                                                                                                                  [?]John Shaft » 🌐
                                                                                                                                                                                                                                  @shaft@piaille.fr

                                                                                                                                                                                                                                  @DNSresolver azathoth.shaftinc.fr TXT

                                                                                                                                                                                                                                      nicolas boosted

                                                                                                                                                                                                                                      [?]Afnic » 🌐
                                                                                                                                                                                                                                      @afnic@mastodon.social

                                                                                                                                                                                                                                      ⏳ J-7 avant une opportunité rare pour les organisations

                                                                                                                                                                                                                                      Le 30 avril 2026, l'ICANN ouvre une nouvelle fenêtre pour candidater à votre propre extension internet (.marque).

                                                                                                                                                                                                                                      👉 Une ouverture qui n’a pas eu lieu depuis 2012

                                                                                                                                                                                                                                      🎯 Un levier pour :

                                                                                                                                                                                                                                      • maîtriser votre identité digitale
                                                                                                                                                                                                                                      • renforcer la sécurité
                                                                                                                                                                                                                                      • structurer votre écosystème

                                                                                                                                                                                                                                      📺 Pour aller plus loin : webikeo.fr/webinar/du-com-au-m

                                                                                                                                                                                                                                      📺Cas BNP Paribas : webikeo.fr/webinar/renforcez-v

                                                                                                                                                                                                                                        mmu_man boosted

                                                                                                                                                                                                                                        [?]Stéphane Bortzmeyer » 🌐
                                                                                                                                                                                                                                        @bortzmeyer@mastodon.gougere.fr

                                                                                                                                                                                                                                        Amusant, un nom de domaine écrit avec un point médian (ping @polylogue ).

                                                                                                                                                                                                                                          xcanehan boosted

                                                                                                                                                                                                                                          [?]Dima » 🌐
                                                                                                                                                                                                                                          @dima@dol.social

                                                                                                                                                                                                                                          Sometimes it is fun to do a manual audit of internet history. I just visited info.cern.ch/hypertext/WWW/The and paused for a minute. It is literally the first website in the world.

                                                                                                                                                                                                                                          The technical legacy of CERN is mind-blowing. They did not just smash particles! They gave us HTML, the WWW, and a strong culture of digital privacy. @protonprivacy for example, was founded by scientists who worked at CERN (it originally ran on protonmail.ch), and today it is one of the best tools we have to push back against Big Tech.

                                                                                                                                                                                                                                          But then I got curious and went down a WHOIS rabbit hole. The registry shows cern.ch was registered "before 1 January 1996". However, the historically recognized first domain ever, symbolics.com, was registered on March 15, 1985.

                                                                                                                                                                                                                                          I had a brief moment of cognitive dissonance: how could the first domain be six years older than the first website? Then it clicked. DNS and WWW are fundamentally different protocols. The DNS was already routing emails and networks long before Tim Berners-Lee invented hyperlinks.

                                                                                                                                                                                                                                          To take it a step further, the same Tim Berners-Lee did not just invent the Web - he went on to found the W3C to keep it open and standardized, a mission that still continues today.

                                                                                                                                                                                                                                          First domain != first website. It is basic technical logic, but connecting the dots manually gives that satisfying feeling of closing a mental background process.

                                                                                                                                                                                                                                            [?]BlablaLinux » 🌐
                                                                                                                                                                                                                                            @blablalinux@mastodon.blablalinux.be

                                                                                                                                                                                                                                            🚀 passe à la vitesse !
                                                                                                                                                                                                                                            C'est fait ! Mon instance PeerTube est désormais 100% boostée à l'Object Storage S3.

                                                                                                                                                                                                                                            Le résultat ? Un stockage optimisé et un fonctionnement au top ! ⚡️

                                                                                                                                                                                                                                            Le petit secret de l'installation : pour une rapidité maximale, les échanges entre PeerTube et mon instance ne sortent jamais de la maison. Grâce à une configuration aux petits oignons, tout le trafic reste sur le réseau local 🏠💻

                                                                                                                                                                                                                                              [?]kriφm :unverified: ☮ ⏚🔻 » 🌐
                                                                                                                                                                                                                                              @kriom@framapiaf.org

                                                                                                                                                                                                                                              @mediapart @MarieTurcan
                                                                                                                                                                                                                                              Bah coupons les accès a grok.com et x.com depuis les ça empêchera pas d'y accéder pour ceux qui savent contourner (VPN...) mais ça montrera qu'on agit.

                                                                                                                                                                                                                                              Rappel que grok.com accessible sans contrôle d'accès te sortira du texte 18+++ si tu lui promptes : grok.com/?q=10+phrases+trash+e

                                                                                                                                                                                                                                              Ce matin ça répond ça sur une IP non :
                                                                                                                                                                                                                                              > Ce modèle est temporairement indisponible Veuillez essayer un modèle différent

                                                                                                                                                                                                                                              Ça répond bien des dingueries sur une IP

                                                                                                                                                                                                                                              JP Mens boosted

                                                                                                                                                                                                                                              [?]Stéphane Bortzmeyer » 🌐
                                                                                                                                                                                                                                              @bortzmeyer@mastodon.gougere.fr

                                                                                                                                                                                                                                              Le 18 avril, le nom de domaine eth.limo a été victime d'un détournement (une attaque où le méchant prend le contrôle du nom et change les informations).

                                                                                                                                                                                                                                              bortzmeyer.org/eth-limo-detour

                                                                                                                                                                                                                                                [?]Ludovic :Firefox: :FreeBSD: » 🌐
                                                                                                                                                                                                                                                @usul@piaille.fr

                                                                                                                                                                                                                                                Petite question nom de domaine, serait-il possible d'enregistrer un .fr mais dont le nom de domaine serait écrit en cyrilique?

                                                                                                                                                                                                                                                  [?]Stéphane Bortzmeyer » 🌐
                                                                                                                                                                                                                                                  @bortzmeyer@mastodon.gougere.fr

                                                                                                                                                                                                                                                  Ça faisait longtemps qu'on n'avait pas eu un nouveau domaine de premier niveau dans le . mastodon.gougere.fr/@DNSresolv

                                                                                                                                                                                                                                                    [?]NLnet Labs » 🌐
                                                                                                                                                                                                                                                    @nlnetlabs@social.nlnetlabs.nl

                                                                                                                                                                                                                                                    RE: fosstodon.org/@iscdotorg/11641

                                                                                                                                                                                                                                                    In case you’re wondering: while not as extreme as illustrated by ISC (we don’t offer a bug bounty program), NLnet Labs suffers from a similar situation, in particular for Unbound.

                                                                                                                                                                                                                                                    Handling vulnerability reports, both valid ones and false positives, has now become a full time job for the entire Unbound team.

                                                                                                                                                                                                                                                    You can argue that it ultimately makes our resolver more secure, it also means we cannot work on building and releasing new features, like:

                                                                                                                                                                                                                                                    github.com/NLnetLabs/unbound/p

                                                                                                                                                                                                                                                      [?]gregR ☯ » 🌐
                                                                                                                                                                                                                                                      @gregr@mamot.fr

                                                                                                                                                                                                                                                      A punchline by @mwl again :)
                                                                                                                                                                                                                                                      sanity and self-respect - gregR ☯ - /usr/share/images
                                                                                                                                                                                                                                                      images.gregr.fr/2023-04-06-san

                                                                                                                                                                                                                                                        [?]Gobeline en plein air » 🌐
                                                                                                                                                                                                                                                        @axayda@eldritch.cafe

                                                                                                                                                                                                                                                        For European people not knowing already (I was one of those a couple of minutes ago), the EU launched mid 2025 its own DNS provider, DNS4EU.

                                                                                                                                                                                                                                                        Although not neutral either, remarkable is it must not abide by US law, unlike CloudFlare and such.

                                                                                                                                                                                                                                                        Address is 86.54.11.1

                                                                                                                                                                                                                                                          [?]Teddy / Domingo (🇨🇵/🇬🇧) » 🌐
                                                                                                                                                                                                                                                          @TeddyTheBest@framapiaf.org

                                                                                                                                                                                                                                                          , , : ce rapport démonte la stratégie anti-piratage en . Depuis plus de quinze ans, l’Europe s’est engagée dans une lutte de plus en plus offensive contre les sites pirates.
                                                                                                                                                                                                                                                          clubic.com/actualite-609094-ip

                                                                                                                                                                                                                                                            Fred de CLX boosted

                                                                                                                                                                                                                                                            [?]𝙹𝚘𝚎𝚕 𝙲𝚊𝚛𝚗𝚊𝚝 ♑ 🤪 » 🌐
                                                                                                                                                                                                                                                            @joel@gts.tumfatig.net

                                                                                                                                                                                                                                                            :runbsd: Now that the #arm64 boards are installed, it was time to use them as redundant #DHCP server and #DNS resolvers; using #dhcpd and #Unbound on both :openbsd: #OpenBSD and :freebsd: #FreeBSD.

                                                                                                                                                                                                                                                            https://www.tumfatig.net/2026/redundant-dhcp-server-and-dns-resolver-using-openbsd-and-freebsd/

                                                                                                                                                                                                                                                              [?]patpro » 🌐
                                                                                                                                                                                                                                                              @patpro@social.patpro.net

                                                                                                                                                                                                                                                              I had to use ktrace to find the culprit, but now the DNS requests count for a particular PTR record on my LAN is down from ~1133/hour to 2/hour.
                                                                                                                                                                                                                                                              -> just a nice -n in syslogd params.
                                                                                                                                                                                                                                                              Quite a win.
                                                                                                                                                                                                                                                              #dns #ktrace #freebsd #syslog

                                                                                                                                                                                                                                                                [?]nico » 🌐
                                                                                                                                                                                                                                                                @n@gotosocial.tourmentine.com

                                                                                                                                                                                                                                                                mmu_man boosted

                                                                                                                                                                                                                                                                [?]John Kristoff » 🌐
                                                                                                                                                                                                                                                                @jtk@infosec.exchange

                                                                                                                                                                                                                                                                [?]Teddy / Domingo (🇨🇵/🇬🇧) » 🌐
                                                                                                                                                                                                                                                                @TeddyTheBest@framapiaf.org

                                                                                                                                                                                                                                                                Une campagne d’ détourne des milliers de dans le monde. Le groupe de hackers pirate des routeurs vulnérables pour l'interception des flux 365. Cette opération d'espionnage utilise une manipulation du pour le vol de jetons d'authentification sans pénétration directe des serveurs de l'entreprise américaine
                                                                                                                                                                                                                                                                clubic.com/actualite-608353-un

                                                                                                                                                                                                                                                                  [?]Afnic » 🌐
                                                                                                                                                                                                                                                                  @afnic@mastodon.social

                                                                                                                                                                                                                                                                  🖐 Le rapport 2024-2025 du service de médiation de l'Afnic est disponible !

                                                                                                                                                                                                                                                                  Ce service complète les procédures SYRELI et PARL Expert.

                                                                                                                                                                                                                                                                  📊 Bilan :

                                                                                                                                                                                                                                                                  ✅ En plein essor → +36,6 % de demandes entre 2024 et 2025
                                                                                                                                                                                                                                                                  ✅ Efficace → 63 % des médiations ouvertes ont abouti à un accord
                                                                                                                                                                                                                                                                  ✅ Rapide → 3 jours ouvrés en moyenne pour parvenir à un accord

                                                                                                                                                                                                                                                                  📄 Rapport complet : afnic.fr/observatoire-ressourc

                                                                                                                                                                                                                                                                  rapport du service de médiation 2024-2025

                                                                                                                                                                                                                                                                  Alt...rapport du service de médiation 2024-2025

                                                                                                                                                                                                                                                                  Remi Gacogne boosted

                                                                                                                                                                                                                                                                  [?]John Kristoff » 🌐
                                                                                                                                                                                                                                                                  @jtk@infosec.exchange

                                                                                                                                                                                                                                                                  A pretty significant change in resolver behavior is proceeding:

                                                                                                                                                                                                                                                                  "[...] BIND 9 is switching to a parent-centric model of delegations. [...] The NS records in the child domain will be treated as normal DNS records and returned as authoritative data, but they will no longer overwrite the delegation data for the domain."

                                                                                                                                                                                                                                                                  lists.isc.org/pipermail/bind-u

                                                                                                                                                                                                                                                                  So much of what you may have learned about how works around the turn of the century is now out of date.

                                                                                                                                                                                                                                                                    [?]⁢Ƥĥąɳʈȯɱ :fedora: 🎸 🏳️‍🌈 ⁂ » 🌐
                                                                                                                                                                                                                                                                    @Steve12L@mamot.fr

                                                                                                                                                                                                                                                                    AodeRelay boosted

                                                                                                                                                                                                                                                                    [?]Peter N. M. Hansteen » 🌐
                                                                                                                                                                                                                                                                    @pitrh@mastodon.social

                                                                                                                                                                                                                                                                    The domain .cn name scam is still ongoing, one more entry added to nxdomain.no/~peter/domainnames (this time addressed to a list owner address).

                                                                                                                                                                                                                                                                    Also see nxdomain.no/~peter/domain_name

                                                                                                                                                                                                                                                                      [?]nico » 🌐
                                                                                                                                                                                                                                                                      @n@gotosocial.tourmentine.com

                                                                                                                                                                                                                                                                      [?]nico » 🌐
                                                                                                                                                                                                                                                                      @n@gotosocial.tourmentine.com

                                                                                                                                                                                                                                                                      AodeRelay boosted

                                                                                                                                                                                                                                                                      [?]NLnet Labs » 🌐
                                                                                                                                                                                                                                                                      @nlnetlabs@social.nlnetlabs.nl

                                                                                                                                                                                                                                                                      The decision to move away from mailing lists was not taken lightly.

                                                                                                                                                                                                                                                                      We made several tries in the past to find capable mailing list hosting providers and either they were not ticking all our boxes or we had to migrate back to our own self-hosting situation.

                                                                                                                                                                                                                                                                      Since we are a small developer-focused team, any IT-like activities, in particular emergency ones, would take focus away from things that actually need priority: maintaining mission critical and software.

                                                                                                                                                                                                                                                                        AodeRelay boosted

                                                                                                                                                                                                                                                                        [?]NLnet Labs » 🌐
                                                                                                                                                                                                                                                                        @nlnetlabs@social.nlnetlabs.nl

                                                                                                                                                                                                                                                                        @holsta Like that time we literally flipped the script on unbound.net 😅

                                                                                                                                                                                                                                                                        punoqun.net/

                                                                                                                                                                                                                                                                          [?]Afnic » 🌐
                                                                                                                                                                                                                                                                          @afnic@mastodon.social

                                                                                                                                                                                                                                                                          🏆 853 000 noms de domaine en .fr ont été enregistrés en 2025, confirmant le dynamisme du numérique français.

                                                                                                                                                                                                                                                                          Mais cette croissance s’accompagne d’un enjeu clé : la lutte contre les abus : , ,

                                                                                                                                                                                                                                                                          👉 L’Afnic lance une “vitrine des abus” pour renforcer la et mieux comprendre les tendances, avec des données trimestrielles sur les abus liés aux NDD en .fr.

                                                                                                                                                                                                                                                                          Pour consulter ces éléments 🔗 afnic.fr/observatoire-ressourc

                                                                                                                                                                                                                                                                          création d'une vitrine abus en ligne sous .fr

                                                                                                                                                                                                                                                                          Alt...création d'une vitrine abus en ligne sous .fr

                                                                                                                                                                                                                                                                          AodeRelay boosted

                                                                                                                                                                                                                                                                          [?]Stéphane Bortzmeyer » 🌐
                                                                                                                                                                                                                                                                          @bortzmeyer@mastodon.gougere.fr

                                                                                                                                                                                                                                                                          Soon, will run out of letters for its various transports (DoC, DoH, DoQ, DoT…) rfc-editor.org/info/rfc9953

                                                                                                                                                                                                                                                                            [?]John Shaft » 🌐
                                                                                                                                                                                                                                                                            @shaft@piaille.fr

                                                                                                                                                                                                                                                                            Time to update jokes!

                                                                                                                                                                                                                                                                            ✋ What's up DoQ?
                                                                                                                                                                                                                                                                            👉 What's up DoC?

                                                                                                                                                                                                                                                                            DNS over CoAP (DoC) (publication date is March 2026, so not a joke)
                                                                                                                                                                                                                                                                            rfc-editor.org/info/rfc9953

                                                                                                                                                                                                                                                                              [?]Stéphane Bortzmeyer » 🌐
                                                                                                                                                                                                                                                                              @bortzmeyer@mastodon.gougere.fr

                                                                                                                                                                                                                                                                              RFC 9953: DNS over the Constrained Application Protocol (DoC)

                                                                                                                                                                                                                                                                              Le protocole est un protocole léger, conçu pour les objets connectés. Ce décrit comment faire du au-dessus de CoAP. Si votre brosse à dents a besoin de faire du DNS, c'est ce RFC qu'il faut lire.

                                                                                                                                                                                                                                                                              @miri64

                                                                                                                                                                                                                                                                              bortzmeyer.org/9953.html

                                                                                                                                                                                                                                                                                [?]Arnaud Launay » 🌐
                                                                                                                                                                                                                                                                                @asl@mastodon.launay.org

                                                                                                                                                                                                                                                                                Quelle classe, cette mise à jour d'Ubuntu de 22 vers 24.04...

                                                                                                                                                                                                                                                                                root@XXX:/etc# ls -l resolv.conf
                                                                                                                                                                                                                                                                                lrwxrwxrwx 1 root root 39 mars 31 19:34 resolv.conf -> ../run/systemd/resolve/stub-resolv.conf

                                                                                                                                                                                                                                                                                root@XXX:/etc# ls -l ../run/systemd/resolve/stub-resolv.conf
                                                                                                                                                                                                                                                                                ls: impossible d'accéder à '../run/systemd/resolve/stub-resolv.conf': Aucun fichier ou dossier de ce nom

                                                                                                                                                                                                                                                                                Ça marche forcément beaucoup, beaucoup moins bien.

                                                                                                                                                                                                                                                                                C'est toujours de la faute du Cc: @bortzmeyer (vu que du coup, c'est de sa faute à lui, forcément)

                                                                                                                                                                                                                                                                                  [?]BastilleBSD :freebsd: » 🌐
                                                                                                                                                                                                                                                                                  @BastilleBSD@fosstodon.org

                                                                                                                                                                                                                                                                                  "At some point, a reasonable person asked "DNS resolves names to IP addresses, what else can it do?" The answer, apparently, is run DOOM."

                                                                                                                                                                                                                                                                                  github.com/resumex/doom-over-d

                                                                                                                                                                                                                                                                                    [?]Stéphane Bortzmeyer » 🌐
                                                                                                                                                                                                                                                                                    @bortzmeyer@mastodon.gougere.fr

                                                                                                                                                                                                                                                                                    J'avais écrit un article de râlerie contre cette idée fausse qu'il y aurait « propagation » dans le mais c'est seulement maintenant que je découvre que je ne suis pas le seul : e-ontap.com/dns/propagation/ha nslookup.io/learning/dns-propa

                                                                                                                                                                                                                                                                                      Fred de CLX boosted

                                                                                                                                                                                                                                                                                      [?]Stéphane Bortzmeyer » 🌐
                                                                                                                                                                                                                                                                                      @bortzmeyer@mastodon.gougere.fr

                                                                                                                                                                                                                                                                                      Formation d'administrateur demain. Si vous pouviez casser votre domaine, pour que je donne le déboguage en TP aux étudiants…

                                                                                                                                                                                                                                                                                        [?]🌴 Paco Hope on holiday [He/Him] » 🌐
                                                                                                                                                                                                                                                                                        @paco@infosec.exchange

                                                                                                                                                                                                                                                                                        I just noticed this DNS graph. The web site I took over in 2019. It's the busiest web site I have. But I really think the huge upswing in traffic is related to bot scrapers. I have been struggling so hard just to make them go away. My bandwidth, compute, and web service are not for them. They are not welcome. They do not care.

                                                                                                                                                                                                                                                                                        • January 2026: 2,237,399 queries
                                                                                                                                                                                                                                                                                        • February 2026: 4,093,488 queries
                                                                                                                                                                                                                                                                                        • March 2026: 8,893,458 queries (so far)

                                                                                                                                                                                                                                                                                        Literally doubling month on month.

                                                                                                                                                                                                                                                                                        Now, I recently made changes to the DNS for that zone. And I made some screw-ups when I did it. So, I temporarily¹ set the TTL on the NS records to 600 seconds. I kept screwing them up and needing to change them.

                                                                                                                                                                                                                                                                                        Fixing the NS records this morning definitely had a benefit. Yesterday was 325,336 queries. Today was 254,492. So again, some of this is on me. But that whole 13-year DNS graph with a huge surge in the last 2 years is not all me. Stuff has changed.

                                                                                                                                                                                                                                                                                        ¹ I remembered this morning when I was like "WTF do I have so much DNS traffic!?"

                                                                                                                                                                                                                                                                                        A line graph depicting DNS queries from 2013 to 2026. Traffic starts to pick up in 2024 time frame, and then at the very end of the graph, this month of 2026, there's this massive spike to nearly 10M queries in a month.

                                                                                                                                                                                                                                                                                        Alt...A line graph depicting DNS queries from 2013 to 2026. Traffic starts to pick up in 2024 time frame, and then at the very end of the graph, this month of 2026, there's this massive spike to nearly 10M queries in a month.

                                                                                                                                                                                                                                                                                          Remi Gacogne boosted

                                                                                                                                                                                                                                                                                          [?]NLnet Labs » 🌐
                                                                                                                                                                                                                                                                                          @nlnetlabs@social.nlnetlabs.nl

                                                                                                                                                                                                                                                                                          We're thrilled that Cascade is among the first projects supported by the Nominet DNS Fund.

                                                                                                                                                                                                                                                                                          With Nominet's support, our new DNSSEC signing solution receives a massive push forward, allowing our team to focus on implementing speed improvements, a reduced memory footprint and essentials such as incremental signing.

                                                                                                                                                                                                                                                                                          We'll be launching a beta in April, followed by an initial production release in June 2026.

                                                                                                                                                                                                                                                                                          Read more: nominet.uk/news/nominet-suppor

                                                                                                                                                                                                                                                                                          Nominet DNS Fund banner

                                                                                                                                                                                                                                                                                          Alt...Nominet DNS Fund banner

                                                                                                                                                                                                                                                                                            Taggart :ifin: boosted

                                                                                                                                                                                                                                                                                            [?]B'ad Samurai :ifin: [he/him] » 🌐
                                                                                                                                                                                                                                                                                            @badsamurai@infosec.exchange

                                                                                                                                                                                                                                                                                            @porkbun RDAP is a pretty silly address and I appreciate that.

                                                                                                                                                                                                                                                                                            You never see ‘.horse‘ in IOCs because it’s a $25 domain!

                                                                                                                                                                                                                                                                                            {
"value": "https://cart-before.porkbun.horse/rdap/",
"rel": "about",
"href": "https://cart-before.porkbun.horse/rdap/",
"type": "application/rdap+json”
}

                                                                                                                                                                                                                                                                                            Alt...{ "value": "https://cart-before.porkbun.horse/rdap/", "rel": "about", "href": "https://cart-before.porkbun.horse/rdap/", "type": "application/rdap+json” }

                                                                                                                                                                                                                                                                                              [?]Stéphane Bortzmeyer » 🌐
                                                                                                                                                                                                                                                                                              @bortzmeyer@mastodon.gougere.fr

                                                                                                                                                                                                                                                                                              Pro tip : quand tu configures un VPN, pense à changer de résolveur sinon, tu auras du mal à aller voir le site Web de Libération, avec l'adresse IP de Dropbox qu'a renvoyé le réseau d'accès.

                                                                                                                                                                                                                                                                                                [?]Jan Schaumann » 🌐
                                                                                                                                                                                                                                                                                                @jschauma@mstdn.social

                                                                                                                                                                                                                                                                                                System Administration: Week 7: DNS, Part II

                                                                                                                                                                                                                                                                                                In this video, we dissect DNS lookups performed on our EC2 instance, then discuss just how a caching resolver performs the lookup, moving from "magic happens here" to the below visualization.

                                                                                                                                                                                                                                                                                                youtu.be/z55ULZcKP8A

                                                                                                                                                                                                                                                                                                  [?]Jan Schaumann » 🌐
                                                                                                                                                                                                                                                                                                  @jschauma@mstdn.social

                                                                                                                                                                                                                                                                                                  System Administration: Week 7: DNS, Part III

                                                                                                                                                                                                                                                                                                  In this video, we try to wrap up our discussion of the Domain Name System by addressing the nature of the root nameservers, looking at various different resource record types, observing reverse lookups, and thinking about how we can have assurance of authenticity and integrity of the DNS results returned to us via DNSSEC.

                                                                                                                                                                                                                                                                                                  youtu.be/XDJEJFVNoko

                                                                                                                                                                                                                                                                                                  World map showing the locations of the root servers.

                                                                                                                                                                                                                                                                                                  Alt...World map showing the locations of the root servers.

                                                                                                                                                                                                                                                                                                    [?]Stéphane Bortzmeyer » 🌐
                                                                                                                                                                                                                                                                                                    @bortzmeyer@mastodon.gougere.fr

                                                                                                                                                                                                                                                                                                    So, when an old resolver (not knowing DELEG) queries a new server for a domain which has only DELEG (and no NS records), what the answer should be? NXDOMAIN? SERVFAIL? Synthesis of some NS?

                                                                                                                                                                                                                                                                                                      [?]Stéphane Bortzmeyer » 🌐
                                                                                                                                                                                                                                                                                                      @bortzmeyer@mastodon.gougere.fr

                                                                                                                                                                                                                                                                                                      DELEG working group (changing completely the delegation). Last big issue: how should a new server reply to an old client, when the server has only DELEG records and no NS records?

                                                                                                                                                                                                                                                                                                        [?]Stéphane Bortzmeyer » 🌐
                                                                                                                                                                                                                                                                                                        @bortzmeyer@mastodon.gougere.fr

                                                                                                                                                                                                                                                                                                        Good morning, Shenzhen:! Seventh and last day of ietf.org/meeting/125/

                                                                                                                                                                                                                                                                                                        Today, we are going to break/save/restore the with the new delegation system, DELEG. Also, security area general meeting.

                                                                                                                                                                                                                                                                                                          [?]Hyde 📷 🖋 :debian: » 🌐
                                                                                                                                                                                                                                                                                                          @hyde@lazybear.social

                                                                                                                                                                                                                                                                                                          Any good in Europe?

                                                                                                                                                                                                                                                                                                            [?]Stéphane Bortzmeyer » 🌐
                                                                                                                                                                                                                                                                                                            @bortzmeyer@mastodon.gougere.fr

                                                                                                                                                                                                                                                                                                            Another funny question. After Cisco broke because Cloudflare changed the order of DNS records in the answer (which is perfectly legitimate), should we mandate a specific order in ?

                                                                                                                                                                                                                                                                                                              [?]Stéphane Bortzmeyer » 🌐
                                                                                                                                                                                                                                                                                                              @bortzmeyer@mastodon.gougere.fr

                                                                                                                                                                                                                                                                                                              Grosse discussion à la réunion IETF sur la censure via un résolveur menteur : comment indiquer à l'utilisateur (qui ne fait pas de requête DNS lui-même et ne connait pas dig) qu'il y a eu censure et pas panne ?

                                                                                                                                                                                                                                                                                                                [?]Stéphane Bortzmeyer » 🌐
                                                                                                                                                                                                                                                                                                                @bortzmeyer@mastodon.gougere.fr

                                                                                                                                                                                                                                                                                                                After a lively discussion on solutions to depend less on the root (obviously no consensus, despite a tendency to deny there is a problem to solve), another hot question: DNS and the need to be transparent about it. datatracker.ietf.org/doc/draft

                                                                                                                                                                                                                                                                                                                What to display to the end user? (Not anything got from the resolver: security issues.) Lumen Database entry?

                                                                                                                                                                                                                                                                                                                  [?]Stéphane Bortzmeyer » 🌐
                                                                                                                                                                                                                                                                                                                  @bortzmeyer@mastodon.gougere.fr

                                                                                                                                                                                                                                                                                                                  Now, dnsop working group (real-time transcript said "Dina Zop") because the loves you and we love it, too.

                                                                                                                                                                                                                                                                                                                  First, a lot of stuff about various ways to be less technically dependent on the root (local caching, local root as in RFC 8806, etc).

                                                                                                                                                                                                                                                                                                                  RFC 8806, the resolver behaves as if it were authoritative for the root. RootCache is more resolver-traditional.

                                                                                                                                                                                                                                                                                                                    [?]Stéphane Bortzmeyer » 🌐
                                                                                                                                                                                                                                                                                                                    @bortzmeyer@mastodon.gougere.fr

                                                                                                                                                                                                                                                                                                                    Expect a lot of AI in (there were many side meetings at about AI)