social.dk-libre.fr is a Fediverse instance that uses the ActivityPub protocol. In other words, users at this host can communicate with people that use software like Mastodon, Pleroma, Friendica, etc. all around the world.

This server runs the snac software and there is no automatic sign-up process.

Search results for tag #dnssec

JP Mens boosted

[?]PowerDNS » 🌐
@PowerDNS@fosstodon.org

[?]John Shaft » 🌐
@shaft@piaille.fr

JP Mens boosted

[?]PowerDNS » 🌐
@PowerDNS@fosstodon.org

JP Mens boosted

[?]PowerDNS » 🌐
@PowerDNS@fosstodon.org

PowerDNS Security Advisory 2026-07 for PowerDNS Authoritative Server
(aka PowerDNS Authoritative Server 4.9.16, 5.0.6 and 5.1.2 released)

blog.powerdns.com/2026/06/25/p

    [?]JP Mens » 🌐
    @jpmens@mastodon.social

    how embarrassing! This is definitely not my concept!!

    edit: I'm embarrassed because I don't deserve an iota of credit for the concept

    
You are likely referring to Jan-Piet Mens's concept of DS-push. 

In the context of his writing, "DS-push” refers to the automated mechanism for uploading Delegation Signer (DS) records to a parent DNS zone during a DNSSEC key rollover (specifically for subzones). 

...

    Alt... You are likely referring to Jan-Piet Mens's concept of DS-push. In the context of his writing, "DS-push” refers to the automated mechanism for uploading Delegation Signer (DS) records to a parent DNS zone during a DNSSEC key rollover (specifically for subzones). ...

      [?]JP Mens » 🌐
      @jpmens@mastodon.social

      This "OK GEPRÜFT" is a MUST [RFC 2119] have for any serious administrator.

      Self-Inking German language text stamp with the word "Geprüft" (verified) on it.

      Alt...Self-Inking German language text stamp with the word "Geprüft" (verified) on it.

        [?]NLnet Labs » 🌐
        @nlnetlabs@social.nlnetlabs.nl

        It’s Friday release day again with Cascade 0.1.0-beta2 'Donde comen dos, comen tres'. Thanks to the amazing feedback from @jpmens and @gryphius and hard work from the team, our DNSSEC signer has a bunch of fixes and improvements.

        github.com/NLnetLabs/cascade/r

          AodeRelay boosted

          [?]Stéphane Bortzmeyer » 🌐
          @bortzmeyer@mastodon.gougere.fr


          DENIC "Final Report: DNS Outage of 5 May 2026"
          blog.denic.de/en/final-report-

          I'm still frustrated, not all questions are answered.

            [?]Alex Band » 🌐
            @alexband@hachyderm.io

            @letoams That release name involved the Never Really Here cocktail bar in Edinburgh, during DNS OARC 46.

            Let's see what naming suggestions @maarten brings home from in Sevilla.😉

              JP Mens boosted

              [?]NLnet Labs » 🌐
              @nlnetlabs@social.nlnetlabs.nl

              With Cascade 0.1.0 beta1 “Slàinte mhath” we begin our journey to the first production release of our signing solution.

              We rewritten our signer from the ground up using a state machine based architecture, ensuring that each zone pipeline is in a single consistent state at all times.

              In addition to built-in pre-signing and pre-publication review hooks, there’s now incremental signing, TSIG support, downstream IXFR, zone persistence, metrics and much more.

              blog.nlnetlabs.nl/cascade-beta

                JP Mens boosted

                [?]PowerDNS » 🌐
                @PowerDNS@fosstodon.org

                [?]NLnet Labs » 🌐
                @nlnetlabs@social.nlnetlabs.nl

                @jpmens Ah yes, this link is a more accurate reflection of the past few days. 😄

                github.com/NLnetLabs/cascade/i

                TSIG is mentioned 6 times!

                  [?]NLnet Labs » 🌐
                  @nlnetlabs@social.nlnetlabs.nl

                  With eight issues and one pull request over the weekend, once again we're incredibly thankful for the effort @jpmens is putting into testing Cascade.

                  Luckily, none of the reports seem to be in the “everything is broken”-category! 😅

                  github.com/NLnetLabs/cascade/i

                    John Shaft boosted

                    [?]NLnet Labs » 🌐
                    @nlnetlabs@social.nlnetlabs.nl

                    With the Cascade beta release, the project now also has a dedicated page on our website:

                    nlnetlabs.nl/projects/cascade/

                    Next up: a logo!

                      Erwan 🚄 boosted

                      [?]NLnet Labs » 🌐
                      @nlnetlabs@social.nlnetlabs.nl

                      After releasing the Cascade beta, NLnet Labs HQ has a @jpmens vs. @bortzmeyer poll going.

                      A poll that asks “How many GitHub issues will JP Mens and Stephane Bortzmeyer create by Monday?”

                      Alt...A poll that asks “How many GitHub issues will JP Mens and Stephane Bortzmeyer create by Monday?”

                        [?]NLnet Labs » 🌐
                        @nlnetlabs@social.nlnetlabs.nl

                        Cascade 0.1.0 beta1 “Slàinte mhath” is out, so this is your opportunity to kick the tires and take it for a spin around your testing grounds!

                        As we gear up to the production release of our DNSSEC signer, we're eager to hear your feedback so we can incorporate it while we add improvements that we still have in the pipeline which we consider essential for production use.

                        Read all about it in our blog post!
                        blog.nlnetlabs.nl/cascade-beta

                          JP Mens boosted

                          [?]PowerDNS » 🌐
                          @PowerDNS@fosstodon.org

                          JP Mens boosted

                          [?]PowerDNS » 🌐
                          @PowerDNS@fosstodon.org

                          Remi Gacogne boosted

                          [?]PowerDNS » 🌐
                          @PowerDNS@fosstodon.org

                          [?]Stéphane Bortzmeyer » 🌐
                          @bortzmeyer@mastodon.gougere.fr

                          RFC 9975: Clarifications on CDS/CDNSKEY and CSYNC Consistency

                          Pour compléter un processus de sécurisation des noms de domaine avec , il faut transmettre au domaine parent votre clé publique. Le faire manuellement via l'interface Web du BE n'est pas pratique donc il existe un moyen d'automatiser cela, les CDS/CDNSKEY. Mais attention à la sécurité ! Ce moyen n'est sûr que si on suit quelques précautions, décrites dans ce nouveau .

                          bortzmeyer.org/9975.html

                            Remi Gacogne boosted

                            [?]PowerDNS » 🌐
                            @PowerDNS@fosstodon.org

                            JP Mens boosted

                            [?]PowerDNS » 🌐
                            @PowerDNS@fosstodon.org

                            PowerDNS Security Advisory 2026-06 for PowerDNS Authoritative Server
                            (aka PowerDNS Authoritative Server 4.9.15 & 5.0.5 released)

                            blog.powerdns.com/2026/05/20/p

                              Remi Gacogne boosted

                              [?]NLnet Labs » 🌐
                              @nlnetlabs@social.nlnetlabs.nl

                              🚨 SECURITY RELEASE 🚨
                              Today we released Unbound 1.25.1, which consolidates security fixes for issues reported over a period of time.

                              There are fixes for CVE-2026-33278, CVE-2026-42944, CVE-2026-42959, CVE-2026-32792, CVE-2026-40622, CVE-2026-41292, CVE-2026-42534, CVE-2026-42923, CVE-2026-42960, CVE-2026-44390 and CVE-2026-44608.

                              Please read the release notes carefully and plan to upgrade.

                              community.nlnetlabs.nl/t/unbou

                                [?]Thomas (le retour de la revanche) » 🌐
                                @dragondaddy@caselibre.fr

                                Ah. J’aime quand les problèmes se résolvent aussi facilement.

                                J’ai désactivé l’option, puis l’ai réactivée. Et maintenant, c’est bon, j’ai pu renouveler le certificat Let’s Encrypt dans YunoHost.

                                Oui, parce que c’est grâce à l’interface d’admin de YunoHost que j’ai su que c’était DNSSEC le problème. J’aurais jamais trouvé ça tout seul!

                                #Infomaniak #DNS #DNSSEC

                                  [?]Thomas (le retour de la revanche) » 🌐
                                  @dragondaddy@caselibre.fr

                                  Quelque chose me dit que ce status: REFUSED n’est pas une bonne nouvelle…

                                  #Infomaniak #DNS #DNSSEC

                                    [?]Alex Band » 🌐
                                    @alexband@hachyderm.io

                                    @bortzmeyer As the manager of the Cascade project, I feel it's important to provide some context and nuance to the terms "alpha”, “beta" and “production ready”. This applies especially to software that is intended to run in critical infrastructure, with possible grave consequences when there is a failure.

                                    While @nlnetlabs is building Cascade on 25 years of experience in DNS and software architecture, operators should not take our work for granted based on that.

                                    This is our plan.

                                    We have frozen the feature set Cascade has now, for the beta release. That means a DNSSEC signer with HSM support, IXFR in and out with TSIG, deterministic incremental signing, review hooks, and monitoring endpoints.

                                    We will mark this release as “beta” in the coming weeks, but read this as whatever you feel is appropriate given the context I gave. That being said: we will dogfood this release. Starting this summer, operators can put Cascade in their testing environments to put it through their wringers, so we can iron out bugs and fix corner cases.

                                    Over the coming months, our aim to have operators build the confidence to start deploying Cascade in production, with the expectation that we'll see real-world Cascade deployments towards the end of this year.

                                    @dnsoarc

                                      JP Mens boosted

                                      [?]Stéphane Bortzmeyer » 🌐
                                      @bortzmeyer@mastodon.gougere.fr

                                      Peter Koch (DENIC) on the 5 may problem in .de.

                                      .de has almost 18 million domain names and is incrementally updated.

                                      Validation is done once it is already published.

                                      HSM were using different keys :-(


                                        [?]Stéphane Bortzmeyer » 🌐
                                        @bortzmeyer@mastodon.gougere.fr

                                        "Cascade [ key manager and signer]: Beyond alpha" by Ximon Eighteen

                                        Written in Rust. Still alpha (beta was not released yet).

                                        Supported (among others) by the Sovereign Tech Agency.

                                          Fred de CLX boosted

                                          [?]NLnet Labs » 🌐
                                          @nlnetlabs@social.nlnetlabs.nl

                                          Please pray to the live demo Gods over lunch so @ximon18 can show you our signer Cascade in action this afternoon at @dnsoarc 46.

                                          We’ll cover incremental signing with IXFR in and out with TSIG, all on a YubiHSM we packed. 🤞

                                            [?]NLnet Labs » 🌐
                                            @nlnetlabs@social.nlnetlabs.nl

                                            @ximon18 @dnsoarc after his talk on stage, Ximon will be at the demo table in the lunch area, where he can show all the other tricks Cascade has learned since OARC 45 in Stockholm.

                                            Also, make sure to bring your zone files so you can for example see how fast parallel signing by @bal4e really is.

                                              [?]Stéphane Bortzmeyer » 🌐
                                              @bortzmeyer@mastodon.gougere.fr

                                              root zone key rollover under way. (Planned for 11 october.)

                                              "Who in the room has root access to his resolver?" (Lot of hands, this is an OARC meeting.)

                                                [?]Stéphane Bortzmeyer » 🌐
                                                @bortzmeyer@mastodon.gougere.fr

                                                Wonderful list of things that can go wrong (and therefore, will) in operations.

                                                (Including an error done on friday afternoon and fixed, will you guess, on monday.)

                                                  Wallace boosted

                                                  [?]Stéphane Bortzmeyer » 🌐
                                                  @bortzmeyer@mastodon.gougere.fr

                                                  The real world is complicated. For signing a .cn domain, it was necessary to send DS records by email... For .br, errors are not corrected 24x7, only during business hours. (Not always the registry's fault, sometimes you have to use a lot of intermediaries.)

                                                    Remi Gacogne boosted

                                                    [?]PowerDNS » 🌐
                                                    @PowerDNS@fosstodon.org

                                                    [?]John Shaft » 🌐
                                                    @shaft@piaille.fr

                                                    Hey, .ml (ccTLD for Mali) is using !

                                                    $ dig +short ml. DS
                                                    21942 15 2 <crypto shenanigans>

                                                    (the number 15 indicates algorithm 15 aka ed25519)

                                                    So number of using algorithm 15: 3
                                                    - .fj (Fiji)
                                                    - .pg (Papua New Guinea)
                                                    - .ml

                                                      Fred de CLX boosted

                                                      [?]BastilleBSD :freebsd: » 🌐
                                                      @BastilleBSD@fosstodon.org

                                                      Reviewing DNS logs and noticed that `vuxml.freebsd.org` fails DNSSEC validation but `matrix-dev.freebsd.org` passes.

                                                      Can anyone else confirm or is my software buggy?

                                                      2026-05-08 03:27 UTC 10.17.89.66 matrix-dev.freebsd.org. v SEC
2026-05-08 03:27 UTC 10.17.89.66 matrix-dev.freebsd.org. v SEC
2026-05-08 03:22 UTC 10.17.89.18 vuxml. freebsd. org. Xx SEC
2026-05-08 03:21 UTC 10.17.89.19 vuxml. freebsd. org. Xx SEC
2026-05-08 03:17 UTC 10.17.89.66 vuxml. freebsd. org. Xx SEC
2026-05-08 03:06 UTC 10.17.89.42 vuxml. freebsd. org. Xx SEC

                                                      Alt...2026-05-08 03:27 UTC 10.17.89.66 matrix-dev.freebsd.org. v SEC 2026-05-08 03:27 UTC 10.17.89.66 matrix-dev.freebsd.org. v SEC 2026-05-08 03:22 UTC 10.17.89.18 vuxml. freebsd. org. Xx SEC 2026-05-08 03:21 UTC 10.17.89.19 vuxml. freebsd. org. Xx SEC 2026-05-08 03:17 UTC 10.17.89.66 vuxml. freebsd. org. Xx SEC 2026-05-08 03:06 UTC 10.17.89.42 vuxml. freebsd. org. Xx SEC

                                                        [?]John Shaft » 🌐
                                                        @shaft@piaille.fr

                                                        L'incident du .de m'a permis de constater que welt.de est signé avec . Rép à ça lemonde.fr :pika:

                                                          [?]Michał "rysiek" Woźniak · 🇺🇦 » 🌐
                                                          @rysiek@mstdn.social

                                                          DENIC's status page:
                                                          status.denic.de/

                                                          Screenshot below in case you're not able to load it (as I said, stuff is going to be intermittently failing).

                                                          DNSSEC disruption affecting .de domainsPartial Service Disruption

Incident Status

Partial Service Disruption

Components

DNS

Services

DNS Nameservice

May 5, 2026 23:28 CEST
May 5, 2026 21:28 UTC
INVESTIGATING

Frankfurt am Main, 5 May 2026 – DENIC eG is currently experiencing a disruption in its DNS service for .de domains. As a result, all DNSSEC-signed .de domains are currently affected in their reachability.
The root cause of the disruption has not yet been fully identified. DENIC’s technical teams are working intensively on analysis and on restoring stable operations as quickly as possible.
Based on current information, users and operators of .de domains may experience impairments in domain resolution. Further updates will be provided as soon as reliable findings on the cause and recovery are available.
DENIC asks all affected parties for their understanding.
For further enquiries, DENIC can be contacted via the usual channels.

                                                          Alt...DNSSEC disruption affecting .de domainsPartial Service Disruption Incident Status Partial Service Disruption Components DNS Services DNS Nameservice May 5, 2026 23:28 CEST May 5, 2026 21:28 UTC INVESTIGATING Frankfurt am Main, 5 May 2026 – DENIC eG is currently experiencing a disruption in its DNS service for .de domains. As a result, all DNSSEC-signed .de domains are currently affected in their reachability. The root cause of the disruption has not yet been fully identified. DENIC’s technical teams are working intensively on analysis and on restoring stable operations as quickly as possible. Based on current information, users and operators of .de domains may experience impairments in domain resolution. Further updates will be provided as soon as reliable findings on the cause and recovery are available. DENIC asks all affected parties for their understanding. For further enquiries, DENIC can be contacted via the usual channels.

                                                            [?]John Shaft » 🌐
                                                            @shaft@piaille.fr

                                                            Am I the only one having problems with ?

                                                            Unbound is throwing me a lot of DNSSEC bogus on some .de domains 🤔

                                                            $ dig welt.de
                                                            ...
                                                            ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 21366
                                                            ...
                                                            ; EDE: 6 (DNSSEC Bogus): (validation failure <welt.de. A IN>: signature crypto failed from 2a02:568:0:2::53 for DS welt.de. while building chain of trust)

                                                              John Shaft boosted

                                                              [?]Michał "rysiek" Woźniak · 🇺🇦 » 🌐
                                                              @rysiek@mstdn.social

                                                              Edit: issue seems fixed.

                                                              Looks like DE ccTLD is unresolvable due to DNSSEC issue:
                                                              dnsviz.net/d/nic.de/afpsNg/dns

                                                              😬

                                                              🧵👇

                                                                [?]Michał "rysiek" Woźniak · 🇺🇦 » 🌐
                                                                @rysiek@mstdn.social

                                                                RE: mastodon.social/@jpmens/116522

                                                                IANA has a chance to do the funniest thing ever… :blobcatpeek:

                                                                  [?]gregR ☯ » 🌐
                                                                  @gregr@mamot.fr

                                                                  @bortzmeyer après plusieurs timeout
                                                                  Mais je suis en forêt avec un téléphone
                                                                  C'est pas idéal pour déboguer :-) surtout sur lequel je suis nul

                                                                  Une chienne noire dans un chemin forestier

                                                                  Alt...Une chienne noire dans un chemin forestier

                                                                    nicolas boosted

                                                                    [?]PowerDNS » 🌐
                                                                    @PowerDNS@fosstodon.org

                                                                    JP Mens boosted

                                                                    [?]PowerDNS » 🌐
                                                                    @PowerDNS@fosstodon.org

                                                                    PowerDNS Security Advisory 2026-05 for PowerDNS Authoritative Server
                                                                    (aka PowerDNS Authoritative Server 4.9.14 and 5.0.4 released)

                                                                    blog.powerdns.com/2026/04/22/p

                                                                      JP Mens boosted

                                                                      [?]PowerDNS » 🌐
                                                                      @PowerDNS@fosstodon.org

                                                                      PowerDNS Security Advisory 2026-03 for PowerDNS Recursor
                                                                      (aka PowerDNS Recursor 5.2.9, 5.3.6 and 5.4.1 released)

                                                                      blog.powerdns.com/2026/04/22/p

                                                                        John Shaft boosted

                                                                        [?]PowerDNS » 🌐
                                                                        @PowerDNS@fosstodon.org

                                                                        PowerDNS Security Advisory 2026-04 for PowerDNS DNSdist
                                                                        (aka DNSdist 1.9.13 and 2.0.4 released)

                                                                        blog.powerdns.com/2026/04/22/p

                                                                          [?]John Shaft » 🌐
                                                                          @shaft@piaille.fr

                                                                          [?]John Shaft » 🌐
                                                                          @shaft@piaille.fr

                                                                          Well at least it is signed with 😬😬


                                                                          piaille.fr/@shaft/116324300412

                                                                          The "X, X everywhere" from Toy Story 2 but redrawn by @gee@framapiaf.org. This version reads "Amazon, Amazon everywhere"

                                                                          Alt...The "X, X everywhere" from Toy Story 2 but redrawn by @gee@framapiaf.org. This version reads "Amazon, Amazon everywhere"

                                                                            Remi Gacogne boosted

                                                                            [?]PowerDNS » 🌐
                                                                            @PowerDNS@fosstodon.org

                                                                            PowerDNS DNSdist 1.9.12 and 2.0.3 Released (Security Release)

                                                                            blog.powerdns.com/2026/03/31/p

                                                                              Remi Gacogne boosted

                                                                              [?]NLnet Labs » 🌐
                                                                              @nlnetlabs@social.nlnetlabs.nl

                                                                              We're thrilled that Cascade is among the first projects supported by the Nominet DNS Fund.

                                                                              With Nominet's support, our new DNSSEC signing solution receives a massive push forward, allowing our team to focus on implementing speed improvements, a reduced memory footprint and essentials such as incremental signing.

                                                                              We'll be launching a beta in April, followed by an initial production release in June 2026.

                                                                              Read more: nominet.uk/news/nominet-suppor

                                                                              Nominet DNS Fund banner

                                                                              Alt...Nominet DNS Fund banner

                                                                                [?]Stéphane Bortzmeyer » 🌐
                                                                                @bortzmeyer@mastodon.gougere.fr

                                                                                If we start to use Merkle trees for signatures, as currently discussed at , this would create a lot of new interesting blog posts and @dnsoarc meeting talks 😋

                                                                                  [?]Stéphane Bortzmeyer » 🌐
                                                                                  @bortzmeyer@mastodon.gougere.fr

                                                                                  So, previously on post-quantum : not a lot of action. Standardized post-quantum cryptography algorithms like ML-DSA have keys and signatures which are way too long for the .

                                                                                  mastodon.gougere.fr/@DNSresolv

                                                                                  TLS can deal with it (they run on TCP or QUIC) but we cannot, with UDP. No obvious solution.

                                                                                    JP Mens boosted

                                                                                    [?]PowerDNS » 🌐
                                                                                    @PowerDNS@fosstodon.org