social.dk-libre.fr is a Fediverse instance that uses the ActivityPub protocol. In other words, users at this host can communicate with people that use software like Mastodon, Pleroma, Friendica, etc. all around the world.
This server runs the snac software and there is no automatic sign-up process.
PowerDNS Authoritative Server 5.1.3 Released
https://blog.powerdns.com/2026/05/30/powerdns-authoritative-server-5.1.3-released
PowerDNS DNSdist 1.9.15 and 2.0.7 Released (Security Release)
https://blog.powerdns.com/2026/06/25/powerdns-dnsdist-1.9.15-and-2.0.7-released-security-release
PowerDNS Security Advisory 2026-07 for PowerDNS Authoritative Server
(aka PowerDNS Authoritative Server 4.9.16, 5.0.6 and 5.1.2 released)
how embarrassing! This is definitely not my concept!!
edit: I'm embarrassed because I don't deserve an iota of credit for the concept
It’s Friday release day again with Cascade 0.1.0-beta2 'Donde comen dos, comen tres'. Thanks to the amazing feedback from @jpmens and @gryphius and hard work from the team, our DNSSEC signer has a bunch of fixes and improvements.
https://github.com/NLnetLabs/cascade/releases/tag/v0.1.0-beta2
#DNSSEC
DENIC "Final Report: DNS Outage of 5 May 2026"
https://blog.denic.de/en/final-report-dns-outage-of-5-may-2026/
I'm still frustrated, not all questions are answered.
With Cascade 0.1.0 beta1 “Slàinte mhath” we begin our journey to the first production release of our #DNSSEC signing solution.
We rewritten our signer from the ground up using a state machine based architecture, ensuring that each zone pipeline is in a single consistent state at all times.
In addition to built-in pre-signing and pre-publication review hooks, there’s now incremental signing, TSIG support, downstream IXFR, zone persistence, metrics and much more. #DNS
PowerDNS Authoritative Server 5.1.1 Released
https://blog.powerdns.com/2026/06/08/powerdns-authoritative-server-5.1.1-released
@jpmens Ah yes, this link is a more accurate reflection of the past few days. 😄
TSIG is mentioned 6 times!
With eight issues and one pull request over the weekend, once again we're incredibly thankful for the effort @jpmens is putting into testing Cascade.
Luckily, none of the reports seem to be in the “everything is broken”-category! 😅
With the Cascade beta release, the project now also has a dedicated page on our website:
https://nlnetlabs.nl/projects/cascade/about/
Next up: a logo!
After releasing the Cascade beta, NLnet Labs HQ has a @jpmens vs. @bortzmeyer poll going.
Cascade 0.1.0 beta1 “Slàinte mhath” is out, so this is your opportunity to kick the tires and take it for a spin around your testing grounds!
As we gear up to the production release of our DNSSEC signer, we're eager to hear your feedback so we can incorporate it while we add improvements that we still have in the pipeline which we consider essential for production use.
Read all about it in our blog post!
https://blog.nlnetlabs.nl/cascade-beta1-release/
PowerDNS Authoritative Server 5.1.0 Released
https://blog.powerdns.com/2026/06/03/powerdns-authoritative-server-5.1.0-released
PowerDNS Recursor 5.2.10, 5.3.7 and 5.4.2 Released
https://blog.powerdns.com/2026/06/03/powerdns-recursor-5.2.10-5.3.7-and-5.4.2-released
PowerDNS DNSdist 2.1.0 Release Candidate 1 Released
https://blog.powerdns.com/2026/06/02/powerdns-dnsdist-2.1.0-release-candidate-1-released
RFC 9975: Clarifications on CDS/CDNSKEY and CSYNC Consistency
Pour compléter un processus de sécurisation des noms de domaine avec #DNSSEC, il faut transmettre au domaine parent votre clé publique. Le faire manuellement via l'interface Web du BE n'est pas pratique donc il existe un moyen d'automatiser cela, les CDS/CDNSKEY. Mais attention à la sécurité ! Ce moyen n'est sûr que si on suit quelques précautions, décrites dans ce nouveau #RFC.
PowerDNS DNSdist 2.0.6 Released
https://blog.powerdns.com/2026/05/21/powerdns-dnsdist-2.0.6-released
PowerDNS Security Advisory 2026-06 for PowerDNS Authoritative Server
(aka PowerDNS Authoritative Server 4.9.15 & 5.0.5 released)
🚨 SECURITY RELEASE 🚨
Today we released Unbound 1.25.1, which consolidates security fixes for issues reported over a period of time.
There are fixes for CVE-2026-33278, CVE-2026-42944, CVE-2026-42959, CVE-2026-32792, CVE-2026-40622, CVE-2026-41292, CVE-2026-42534, CVE-2026-42923, CVE-2026-42960, CVE-2026-44390 and CVE-2026-44608.
Please read the release notes carefully and plan to upgrade.
#DNS #DNSSEC #Mythos #LLM #OpenSource
https://community.nlnetlabs.nl/t/unbound-1-25-1-released/3392
J’ai désactivé l’option, puis l’ai réactivée. Et maintenant, c’est bon, j’ai pu renouveler le certificat Let’s Encrypt dans YunoHost.
Oui, parce que c’est grâce à l’interface d’admin de YunoHost que j’ai su que c’était DNSSEC le problème. J’aurais jamais trouvé ça tout seul!
#Infomaniak #DNS #DNSSEC
@bortzmeyer As the manager of the Cascade project, I feel it's important to provide some context and nuance to the terms "alpha”, “beta" and “production ready”. This applies especially to software that is intended to run in critical infrastructure, with possible grave consequences when there is a failure.
While @nlnetlabs is building Cascade on 25 years of experience in DNS and software architecture, operators should not take our work for granted based on that.
This is our plan.
We have frozen the feature set Cascade has now, for the beta release. That means a DNSSEC signer with HSM support, IXFR in and out with TSIG, deterministic incremental signing, review hooks, and monitoring endpoints.
We will mark this release as “beta” in the coming weeks, but read this as whatever you feel is appropriate given the context I gave. That being said: we will dogfood this release. Starting this summer, operators can put Cascade in their testing environments to put it through their wringers, so we can iron out bugs and fix corner cases.
Over the coming months, our aim to have operators build the confidence to start deploying Cascade in production, with the expectation that we'll see real-world Cascade deployments towards the end of this year.
@ximon18 @dnsoarc after his talk on stage, Ximon will be at the demo table in the lunch area, where he can show all the other tricks Cascade has learned since OARC 45 in Stockholm.
Also, make sure to bring your zone files so you can for example see how fast parallel #Dnssec signing by @bal4e really is. #DNS #LoveDNS #OpenSource
Am I the only one having #DNSSEC problems with #DENIC?
Unbound is throwing me a lot of DNSSEC bogus on some .de domains 🤔
$ dig welt.de
...
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 21366
...
; EDE: 6 (DNSSEC Bogus): (validation failure <welt.de. A IN>: signature crypto failed from 2a02:568:0:2::53 for DS welt.de. while building chain of trust)
Edit: issue seems fixed.
Looks like DE ccTLD is unresolvable due to DNSSEC issue:
https://dnsviz.net/d/nic.de/afpsNg/dnssec/
😬
🧵👇
RE: https://mastodon.social/@jpmens/116522310229612501
IANA has a chance to do the funniest thing ever…
@bortzmeyer après plusieurs timeout
Mais je suis en forêt avec un téléphone
C'est pas idéal pour déboguer :-) surtout #dnssec sur lequel je suis nul
PowerDNS DNSdist 1.9.14 and 2.0.5 Released
https://blog.powerdns.com/2026/04/23/powerdns-dnsdist-1.9.14-and-2.0.5-released
PowerDNS Security Advisory 2026-05 for PowerDNS Authoritative Server
(aka PowerDNS Authoritative Server 4.9.14 and 5.0.4 released)
PowerDNS Security Advisory 2026-03 for PowerDNS Recursor
(aka PowerDNS Recursor 5.2.9, 5.3.6 and 5.4.1 released)
https://blog.powerdns.com/2026/04/22/powerdns-security-advisory-2026-03
PowerDNS Security Advisory 2026-04 for PowerDNS DNSdist
(aka DNSdist 1.9.13 and 2.0.4 released)
https://blog.powerdns.com/2026/04/22/powerdns-security-advisory-2026-04-for-powerdns-dnsdist
PowerDNS DNSdist 1.9.12 and 2.0.3 Released (Security Release)
https://blog.powerdns.com/2026/03/31/powerdns-dnsdist-1.9.12-and-2.0.3-released
We're thrilled that Cascade is among the first projects supported by the Nominet DNS Fund.
With Nominet's support, our new DNSSEC signing solution receives a massive push forward, allowing our team to focus on implementing speed improvements, a reduced memory footprint and essentials such as incremental signing.
We'll be launching a beta in April, followed by an initial production release in June 2026.
So, previously on post-quantum #DNSSEC: not a lot of action. Standardized post-quantum cryptography algorithms like ML-DSA have keys and signatures which are way too long for the #DNS.
https://mastodon.gougere.fr/@DNSresolver/116241567126448201
TLS can deal with it (they run on TCP or QUIC) but we cannot, with UDP. No obvious solution.
PowerDNS Recursor 5.4.0 Released
https://blog.powerdns.com/2026/03/09/powerdns-recursor-5.4.0-released