#knotdns — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #knotdns, aggregated by home.social.
-
I just wrote a self-hosted #dyndns server using #knotdns, #bottle for the update server (https PUT), and a #python client to detect IP changes. It's running on #AlpineLinux, the code is minimal and it only uses packages that are in the Alpine repos. Full #IPv4 and #IPv6 support, you can use either or both.
Why? It's a cool project, and IMHO every dyndns clients and services I tried were bad, insecure, or both.
-
I just wrote a self-hosted #dyndns server using #knotdns, #bottle for the update server (https PUT), and a #python client to detect IP changes. It's running on #AlpineLinux, the code is minimal and it only uses packages that are in the Alpine repos. Full #IPv4 and #IPv6 support, you can use either or both.
Why? It's a cool project, and IMHO every dyndns clients and services I tried were bad, insecure, or both.
-
I just wrote a self-hosted #dyndns server using #knotdns, #bottle for the update server (https PUT), and a #python client to detect IP changes. It's running on #AlpineLinux, the code is minimal and it only uses packages that are in the Alpine repos. Full #IPv4 and #IPv6 support, you can use either or both.
Why? It's a cool project, and IMHO every dyndns clients and services I tried were bad, insecure, or both.
-
I just wrote a self-hosted #dyndns server using #knotdns, #bottle for the update server (https PUT), and a #python client to detect IP changes. It's running on #AlpineLinux, the code is minimal and it only uses packages that are in the Alpine repos. Full #IPv4 and #IPv6 support, you can use either or both.
Why? It's a cool project, and IMHO every dyndns clients and services I tried were bad, insecure, or both.
-
I just wrote a self-hosted #dyndns server using #knotdns, #bottle for the update server (https PUT), and a #python client to detect IP changes. It's running on #AlpineLinux, the code is minimal and it only uses packages that are in the Alpine repos. Full #IPv4 and #IPv6 support, you can use either or both.
Why? It's a cool project, and IMHO every dyndns clients and services I tried were bad, insecure, or both.
-
Last week was another stakeholder meeting on #DNS4EU. #Whalebone provided a short overview of the project including a timeline. Public launch is scheduled for June this year. The talk elaborates on various considerations of the new #DNS project. I was mostly interested in the deployment aspect, the #DDoS slides and the #privacy and #anonymization mechanisms.
My personal main concern with the project is the absence of resolver technology. The project plainly uses the #KnotDNS resolver. Not a bad choice, but University taught me that diversity in the backend software introduces even more resiliency. Yet, as Whalebone is a #Czech company, it is apparent why they chose #KnotDNS exclusively.
The slides are public.
-
Last week was another stakeholder meeting on #DNS4EU. #Whalebone provided a short overview of the project including a timeline. Public launch is scheduled for June this year. The talk elaborates on various considerations of the new #DNS project. I was mostly interested in the deployment aspect, the #DDoS slides and the #privacy and #anonymization mechanisms.
My personal main concern with the project is the absence of resolver technology. The project plainly uses the #KnotDNS resolver. Not a bad choice, but University taught me that diversity in the backend software introduces even more resiliency. Yet, as Whalebone is a #Czech company, it is apparent why they chose #KnotDNS exclusively.
The slides are public.
-
Last week was another stakeholder meeting on #DNS4EU. #Whalebone provided a short overview of the project including a timeline. Public launch is scheduled for June this year. The talk elaborates on various considerations of the new #DNS project. I was mostly interested in the deployment aspect, the #DDoS slides and the #privacy and #anonymization mechanisms.
My personal main concern with the project is the absence of resolver technology. The project plainly uses the #KnotDNS resolver. Not a bad choice, but University taught me that diversity in the backend software introduces even more resiliency. Yet, as Whalebone is a #Czech company, it is apparent why they chose #KnotDNS exclusively.
The slides are public.
-
Last week was another stakeholder meeting on #DNS4EU. #Whalebone provided a short overview of the project including a timeline. Public launch is scheduled for June this year. The talk elaborates on various considerations of the new #DNS project. I was mostly interested in the deployment aspect, the #DDoS slides and the #privacy and #anonymization mechanisms.
My personal main concern with the project is the absence of resolver technology. The project plainly uses the #KnotDNS resolver. Not a bad choice, but University taught me that diversity in the backend software introduces even more resiliency. Yet, as Whalebone is a #Czech company, it is apparent why they chose #KnotDNS exclusively.
The slides are public.
-
Last week was another stakeholder meeting on #DNS4EU. #Whalebone provided a short overview of the project including a timeline. Public launch is scheduled for June this year. The talk elaborates on various considerations of the new #DNS project. I was mostly interested in the deployment aspect, the #DDoS slides and the #privacy and #anonymization mechanisms.
My personal main concern with the project is the absence of resolver technology. The project plainly uses the #KnotDNS resolver. Not a bad choice, but University taught me that diversity in the backend software introduces even more resiliency. Yet, as Whalebone is a #Czech company, it is apparent why they chose #KnotDNS exclusively.
The slides are public.
-
Our colleagues from #KnotDNS updated their benchmark results at https://knot-dns.cz/benchmark/ Pretty impressve 🤩 Normal Knot is fast, but #XDP takes it to the whole new level 🏎️ #DNS #benchmark
-
Our colleagues from #KnotDNS updated their benchmark results at https://knot-dns.cz/benchmark/ Pretty impressve 🤩 Normal Knot is fast, but #XDP takes it to the whole new level 🏎️ #DNS #benchmark
-
Our colleagues from #KnotDNS updated their benchmark results at https://knot-dns.cz/benchmark/ Pretty impressve 🤩 Normal Knot is fast, but #XDP takes it to the whole new level 🏎️ #DNS #benchmark
-
Our colleagues from #KnotDNS updated their benchmark results at https://knot-dns.cz/benchmark/ Pretty impressve 🤩 Normal Knot is fast, but #XDP takes it to the whole new level 🏎️ #DNS #benchmark
-
-
-
-
-
My colleagues are putting together a new DoS protection mechanism in the upcoming Knot Resolver 6. Together we have written a blog post outlining how it works. Enjoy!
https://en.blog.nic.cz/2024/07/15/knot-resolver-6-news-dos-protection-operators-overview/
#KnotResolver #KnotDNS #DNS #DDoS #DoS #security #ratelimiting
-
My colleagues are putting together a new DoS protection mechanism in the upcoming Knot Resolver 6. Together we have written a blog post outlining how it works. Enjoy!
https://en.blog.nic.cz/2024/07/15/knot-resolver-6-news-dos-protection-operators-overview/
#KnotResolver #KnotDNS #DNS #DDoS #DoS #security #ratelimiting
-
My colleagues are putting together a new DoS protection mechanism in the upcoming Knot Resolver 6. Together we have written a blog post outlining how it works. Enjoy!
https://en.blog.nic.cz/2024/07/15/knot-resolver-6-news-dos-protection-operators-overview/
#KnotResolver #KnotDNS #DNS #DDoS #DoS #security #ratelimiting
-
My colleagues are putting together a new DoS protection mechanism in the upcoming Knot Resolver 6. Together we have written a blog post outlining how it works. Enjoy!
https://en.blog.nic.cz/2024/07/15/knot-resolver-6-news-dos-protection-operators-overview/
#KnotResolver #KnotDNS #DNS #DDoS #DoS #security #ratelimiting
-
My colleagues are putting together a new DoS protection mechanism in the upcoming Knot Resolver 6. Together we have written a blog post outlining how it works. Enjoy!
https://en.blog.nic.cz/2024/07/15/knot-resolver-6-news-dos-protection-operators-overview/
#KnotResolver #KnotDNS #DNS #DDoS #DoS #security #ratelimiting
-
During my lunch break, I watched the #DNS4EU update of DNS-OARC 41 earlier this year. Since the company responsible for operating the DNS4EU project is Czech, it comes at no surprise that they consider #KnotDNS as part of their infrastructure. Yet, in the talk it does not sound like they settle on software diversity, and predominantly consider the (pretty reliable) Czech resolver.
From other folks, I heard that software diversity is just one of the resiliency features among ASN diversity, geographical diversity, etc. Why is this not highlighted in the "scope, timeline and challenges" talk on DNS4EU?
-
During my lunch break, I watched the #DNS4EU update of DNS-OARC 41 earlier this year. Since the company responsible for operating the DNS4EU project is Czech, it comes at no surprise that they consider #KnotDNS as part of their infrastructure. Yet, in the talk it does not sound like they settle on software diversity, and predominantly consider the (pretty reliable) Czech resolver.
From other folks, I heard that software diversity is just one of the resiliency features among ASN diversity, geographical diversity, etc. Why is this not highlighted in the "scope, timeline and challenges" talk on DNS4EU?
-
During my lunch break, I watched the #DNS4EU update of DNS-OARC 41 earlier this year. Since the company responsible for operating the DNS4EU project is Czech, it comes at no surprise that they consider #KnotDNS as part of their infrastructure. Yet, in the talk it does not sound like they settle on software diversity, and predominantly consider the (pretty reliable) Czech resolver.
From other folks, I heard that software diversity is just one of the resiliency features among ASN diversity, geographical diversity, etc. Why is this not highlighted in the "scope, timeline and challenges" talk on DNS4EU?
-
I wrote another #blogpost about managing your #DNS via #KnotDNS and #SaltStack, this time about how to #automate / #orchestrate your #TLSA records. http://michal.hrusecky.net/2024/02/salt-dns-web/
-
I wrote another #blogpost about managing your #DNS via #KnotDNS and #SaltStack, this time about how to #automate / #orchestrate your #TLSA records. http://michal.hrusecky.net/2024/02/salt-dns-web/
-
I wrote another #blogpost about managing your #DNS via #KnotDNS and #SaltStack, this time about how to #automate / #orchestrate your #TLSA records. http://michal.hrusecky.net/2024/02/salt-dns-web/
-
Another blog post about how am I managing my #DNS via #KnotDNS and #SaltStack is now online on my blog. This time about handling #SSH keys. #Orchestration can help you with managing your #DNS records 😉 https://michal.hrusecky.net/2024/01/salt-dns-ssh/
-
Another blog post about how am I managing my #DNS via #KnotDNS and #SaltStack is now online on my blog. This time about handling #SSH keys. #Orchestration can help you with managing your #DNS records 😉 https://michal.hrusecky.net/2024/01/salt-dns-ssh/
-
I started writing a short blog post series about #orchestration - how am I managing my #DNS server (running #KnotDNS) via #SaltStack. First post is already online: http://michal.hrusecky.net/2024/01/dns-via-salt/
-
I started writing a short blog post series about #orchestration - how am I managing my #DNS server (running #KnotDNS) via #SaltStack. First post is already online: http://michal.hrusecky.net/2024/01/dns-via-salt/
-
For some research, I am setting up some authoritative #nameservers. My server-software of choice is #KnotDNS. My domain is registered at Namecheap. Now, I am struggling with setting up the glue records for #ipv6. By any chance, is it not yet implemented?!
Whenever, I add my IPv6 into the "IP" field, it asks to "provide a valid IP address".
-
For some research, I am setting up some authoritative #nameservers. My server-software of choice is #KnotDNS. My domain is registered at Namecheap. Now, I am struggling with setting up the glue records for #ipv6. By any chance, is it not yet implemented?!
Whenever, I add my IPv6 into the "IP" field, it asks to "provide a valid IP address".
-
For some research, I am setting up some authoritative #nameservers. My server-software of choice is #KnotDNS. My domain is registered at Namecheap. Now, I am struggling with setting up the glue records for #ipv6. By any chance, is it not yet implemented?!
Whenever, I add my IPv6 into the "IP" field, it asks to "provide a valid IP address".
-
For some research, I am setting up some authoritative #nameservers. My server-software of choice is #KnotDNS. My domain is registered at Namecheap. Now, I am struggling with setting up the glue records for #ipv6. By any chance, is it not yet implemented?!
Whenever, I add my IPv6 into the "IP" field, it asks to "provide a valid IP address".
-
For some research, I am setting up some authoritative #nameservers. My server-software of choice is #KnotDNS. My domain is registered at Namecheap. Now, I am struggling with setting up the glue records for #ipv6. By any chance, is it not yet implemented?!
Whenever, I add my IPv6 into the "IP" field, it asks to "provide a valid IP address".
-
@dalias @DanielMicay @agwa @filippo @cynicalsecurity Because they've had to deal with it when it goes wrong. While #DNSSEC is tremendously clever and deals with a real issue, it's _incredibly_ brittle. That's even taking into account the near heroic efforts of the likes #KnotDNS to make the experience as straightforward as possible. It has a massive blast radius.
-
@dalias @DanielMicay @agwa @filippo @cynicalsecurity Because they've had to deal with it when it goes wrong. While #DNSSEC is tremendously clever and deals with a real issue, it's _incredibly_ brittle. That's even taking into account the near heroic efforts of the likes #KnotDNS to make the experience as straightforward as possible. It has a massive blast radius.
-
@dalias @DanielMicay @agwa @filippo @cynicalsecurity Because they've had to deal with it when it goes wrong. While #DNSSEC is tremendously clever and deals with a real issue, it's _incredibly_ brittle. That's even taking into account the near heroic efforts of the likes #KnotDNS to make the experience as straightforward as possible. It has a massive blast radius.
-
@dalias @DanielMicay @agwa @filippo @cynicalsecurity Because they've had to deal with it when it goes wrong. While #DNSSEC is tremendously clever and deals with a real issue, it's _incredibly_ brittle. That's even taking into account the near heroic efforts of the likes #KnotDNS to make the experience as straightforward as possible. It has a massive blast radius.
-
@dalias @DanielMicay @agwa @filippo @cynicalsecurity Because they've had to deal with it when it goes wrong. While #DNSSEC is tremendously clever and deals with a real issue, it's _incredibly_ brittle. That's even taking into account the near heroic efforts of the likes #KnotDNS to make the experience as straightforward as possible. It has a massive blast radius.
-
I’ve seen more than a few questions on mailing lists and on chat servers about migrating DNSSEC-signed zones between different server software. These are the steps I used to migrate a number of signed zones to Knot from BIND.
https://www.conundrum.com/blog/2023/Jan/migrating-dnssec-zones-to-knotdns/
-
I’ve seen more than a few questions on mailing lists and on chat servers about migrating DNSSEC-signed zones between different server software. These are the steps I used to migrate a number of signed zones to Knot from BIND.
https://www.conundrum.com/blog/2023/Jan/migrating-dnssec-zones-to-knotdns/
-
I’ve seen more than a few questions on mailing lists on chat servers about migrating DNSSEC-signed zones between different server software. These are the steps I used to migrate a number of signed zones to Knot from BIND.
https://www.conundrum.com/blog/2023/Jan/migrating-dnssec-zones-to-knotdns/
-
I’ve seen more than a few questions on mailing lists on chat servers about migrating DNSSEC-signed zones between different server software. These are the steps I used to migrate a number of signed zones to Knot from BIND.
https://www.conundrum.com/blog/2023/Jan/migrating-dnssec-zones-to-knotdns/
-
I’ve seen more than a few questions on mailing lists on chat servers about migrating DNSSEC-signed zones between different server software. These are the steps I used to migrate a number of signed zones to Knot from BIND.
https://www.conundrum.com/blog/2023/Jan/migrating-dnssec-zones-to-knotdns/
-
@tolstoevsky Не обязательно #BIND9 aka #BIND, его много критикуют. Есть ещё #KnotDNS, #YADIFA и другие; а если не нужен #AXFR (все вторичные сервера свои, синхронизируются #rsync'ом), то #gdnsd (#NSD, по-моему, только для больших нагрузок, а на малых не уменьшает потребление памяти). Есть ещё маленький и экономичный #MaraDNS, но там надо изучать другой синтаксис файла зоны.
-
@tolstoevsky Не обязательно #BIND9 aka #BIND, его много критикуют. Есть ещё #KnotDNS, #YADIFA и другие; а если не нужен #AXFR (все вторичные сервера свои, синхронизируются #rsync'ом), то #gdnsd (#NSD, по-моему, только для больших нагрузок, а на малых не уменьшает потребление памяти). Есть ещё маленький и экономичный #MaraDNS, но там надо изучать другой синтаксис файла зоны.