#nsd — Public Fediverse posts

Numerous technical and security improvements on the infrastructure that supports https://mstdn.dk

• DNS simplified extensively by migrating public facing secondary nameservers to #NSD using #CatalogZones from PowerDNS + DNSDist.
• #DNSSEC reenabled
• #ExternalDNS and #CertManager configuration vastly simplified.
• #Ingress controller migrated from #Nginx to #Traefik

Bottom line: https://sikkerpånettet.dk/ now gives the site a 100% #security score. There are still improvements to be made (weirdly enough) - specifically I'm looking into supporting DANE for #TLS certificate signatures in #DNS.

Now that's off the TODO-list :-)

#mstdndk

I run my own #nameservers or #DNS if you will, and have done so for over 25 years. Initially based on #BIND (aka named) but I later moved to #PowerDNS, There are numerous frontends of varying quality available for PowerDNS. I have opinions on those, but this isn't about them.

For the secondary name servers (in the old and less enlightened days known as slaves) I've always run the same software as the primary. First BIND, then PowerDNS. Recently though, I've been testing out what appears to be a much simpler alternative: #NSD by #Amsterdam based NLnet Labs.

Using #CatalogZones - a new concept to me - I'm able to run secondaries with TSIG notifies and zone transfers as well as fully supported primary signed DNSSEC with a configuration of only 40 lines. No updates needed when adding or removing zones.

For this to work well though, some configuration is required for each zone on the primary. With a little trigger and function magic, this can be automized by the database.

Wheee!

I write a blog post: https://laskarnix.org/dns-server-with-nsd-on-debian-linux/

#nsd #dns #dnsserver #linux #debian #selfhosting #blogging

Running #OpenBSD 7.8 ​:openbsd:​

DNS: #nsd (3 Master Zones), #DNSSEC & #DANE (RFC6698) + #unbound
Firewall: #pf with auto-fed tables (IPS-style), spambot-tarpitting & service rate limits.
Mail: #smtpd (Multi-domain, RFC8461/MTA-STS) + #rspamd (DKIM) + #dovecot (IMAPS-only).
Spam-Defense: #spamd with auto-SPF-walk (no more greylisting issues).
Web: #relayd (TLS-Terminator, HSTS, CSP) + #httpd (NIP-05, Autoconfig, security.txt).
Performance: Lightweight "Fail2Ban" via 1-liner shell script (No Python crap!).

#Nostr Relay in Rust building...

#SelfHosted #SysAdmin #Security #Privacy

Running #OpenBSD 7.8 ​:openbsd:​

DNS: #nsd (3 Master Zones), #DNSSEC & #DANE (RFC6698) + #unbound
Firewall: #pf with auto-fed tables (IPS-style), spambot-tarpitting & service rate limits.
Mail: #smtpd (Multi-domain, RFC8461/MTA-STS) + #rspamd (DKIM) + #dovecot (IMAPS-only).
Spam-Defense: #spamd with auto-SPF-walk (no more greylisting issues).
Web: #relayd (TLS-Terminator, HSTS, CSP) + #httpd (NIP-05, Autoconfig, security.txt).
Performance: Lightweight "Fail2Ban" via 1-liner shell script (No Python crap!).

#Nostr Relay in Rust building...

#SelfHosted #SysAdmin #Security #Privacy

Running #OpenBSD 7.8 ​:openbsd:​

DNS: #nsd (3 Master Zones), #DNSSEC & #DANE (RFC6698) + #unbound
Firewall: #pf with auto-fed tables (IPS-style), spambot-tarpitting & service rate limits.
Mail: #smtpd (Multi-domain, RFC8461/MTA-STS) + #rspamd (DKIM) + #dovecot (IMAPS-only).
Spam-Defense: #spamd with auto-SPF-walk (no more greylisting issues).
Web: #relayd (TLS-Terminator, HSTS, CSP) + #httpd (NIP-05, Autoconfig, security.txt).
Performance: Lightweight "Fail2Ban" via 1-liner shell script (No Python crap!).

#Nostr Relay in Rust building...

#SelfHosted #SysAdmin #Security #Privacy

Running #OpenBSD 7.8 ​:openbsd:​

DNS: #nsd (3 Master Zones), #DNSSEC & #DANE (RFC6698) + #unbound
Firewall: #pf with auto-fed tables (IPS-style), spambot-tarpitting & service rate limits.
Mail: #smtpd (Multi-domain, RFC8461/MTA-STS) + #rspamd (DKIM) + #dovecot (IMAPS-only).
Spam-Defense: #spamd with auto-SPF-walk (no more greylisting issues).
Web: #relayd (TLS-Terminator, HSTS, CSP) + #httpd (NIP-05, Autoconfig, security.txt).
Performance: Lightweight "Fail2Ban" via 1-liner shell script (No Python crap!).

#Nostr Relay in Rust building...

#SelfHosted #SysAdmin #Security #Privacy

Running #OpenBSD 7.8 ​:openbsd:​

DNS: #nsd (3 Master Zones), #DNSSEC & #DANE (RFC6698) + #unbound
Firewall: #pf with auto-fed tables (IPS-style), spambot-tarpitting & service rate limits.
Mail: #smtpd (Multi-domain, RFC8461/MTA-STS) + #rspamd (DKIM) + #dovecot (IMAPS-only).
Spam-Defense: #spamd with auto-SPF-walk (no more greylisting issues).
Web: #relayd (TLS-Terminator, HSTS, CSP) + #httpd (NIP-05, Autoconfig, security.txt).
Performance: Lightweight "Fail2Ban" via 1-liner shell script (No Python crap!).

#Nostr Relay in Rust building...

#SelfHosted #SysAdmin #Security #Privacy

New 𝗙𝗿𝗲𝗲𝗕𝗦𝗗 𝗠𝗜𝗧 𝗞𝗲𝗿𝗯𝗲𝗿𝗼𝘀 𝗦𝗲𝗿𝘃𝗲𝗿 (FreeBSD MIT Kerberos Server) article on vermaden.wordpress.com blog.

https://vermaden.wordpress.com/2026/02/22/freebsd-mit-kerberos-server/

#verblog #freebsd #mit #kerberos #dns #nsd

The final countdown!

ONE hour left of our #CyberMonday sale on Horns247

With #NSD and the transfer portal right around the corner, NOW is the time to join for 75% off!

https://secure.247sports.com/college/texas/join/?promo=JOIN #HookEm

Punjabi Film “Rajdhani Punjab” to Expose the Dark Underworld of the Drug Trade — In True Hollywood Style.

https://aliyesha.com/sub/articles/news/display/pb_punjabi_movie_rajdhani_punjab

#punjab #chandigarh #india #news #press #Punjbai #RajdhaniPunjab #PunjabiCinema #YograjSingh #NSD #NationSchoolOfDrama #IndianFilms #PunjabiFilmIndustry #CinemaNews #DrugFreePunjab #NewRelease #RegionalCinema #Drugs #Addiction

Enjoy tracker free reading with us. #privacy #privacymatters

[Article] NSD Authoritative Nameserver on OpenBSD

A short guide to configuring an authoritative nameserver on OpenBSD with nsd(8)

https://cryogenix.org/library/networking/nsd-authoritative-nameserver-on-openbsd

#OpenBSD #NSD #DNS

what #disroot, #systemli, and #riseup did that made me build a similar collective. currently running some services under #openbsd from #indonesia:

• #prosody (#xmpp server)
• #dovecot, #opensmtpd, #rspamd (email server)
• openbsd environemnt (through ssh)
• nginx (web server)
• #unbound, #nsd (#dns server)

but, i ponder what i must do to pass the #security and perfomance standard.

can someone answer my question? i appreciate it so much

The overlap of people trying to self-host authoritative DNS with nsd and integrate it with kubernetes via external-dns and cert-manager is extremely low.

#selfhosted #kubernetes #dns #homelab #nsd

ServerSocket на Android в пределах одной сети

Продолжая серию статей, общения между процессами и между двумя приложениями , в заключительной части разберем примеры в пределах одной Wi-Fi ‑сети. Рассмотрим, как с помощью ServerSocket можно организовать взаимодействие между устройствами, будь то обмен данными, совместная работа или создание многопользовательских игр. Если в предыдущих частях мы рассматривали конкретные способы создания сервера и общение с помощью разных протоколов, в этот раз покажу, как зарегистрировать свой сервер и находить чужие серверы в сети.

https://habr.com/ru/companies/tbank/articles/894650/

#android #serversocket #kotlin #nsd

I wrote a new blog post about DNS (part 1)!

Learn how DNS works in more depth and I even provide you will some useful terminal commands you can try yourself:

https://blog.melroy.org/2025/dns-part-1/

#dns #security #linux #unbound #bind #linux #recursive authoritative# server #nsd #dig #zone #domain #name #system

I added a new service in my self-hosting:

a DNS server with adblock support powered by NSD, Unbound, and AdGuard Home

#freebsd #nsd #unbound #adguardhome #adguard #selfhosting

NEW:

"Colorado is definitely the team to beat."

Why #NCAA
recruiting experts can't stop seeing Georgia star Julian Lewis as Deion Sanders' next star Colorado Buffs QB, up now from The @DenverPost:

denverpost.com/2024/11/18/s...

#CUBuffs
#SkoBuffs
#GoBuffs
#Big12
#recruiting
#NSD

Woaw!! Configuring an Authoritative #dns server with #nsd and #nixos is a peace of cake!! Cloudflare will have to adapt to survive this!

Shout out to @nlnetlabs !
We are well fed on the #foss side after all 😏

#Montenegro
Presidente Jakov #Milatović: "Il Presidente dell'Assemblea Andrija #Mandić (#NSD|Minoranza serba) si è recato ad un'esercitazione militare dell'esercito serbo. I cittadini chiedono che risponda ad una domanda legittima, ovvero in quale formato e contesto ha partecipato all'esercitazione di ieri. Ricordo che Mandić è membro del Consiglio per la difesa e la sicurezza e il Montenegro è un Paese della #NATO".

@OsservatorioEsteri

I decided to add #DoQ support to my check_soa script (because it's easy to add as #dnspython supports it pretty much out of the box) so I'm looking for #DNS zones using authoritative nameservers accessible with DoQ. Does anyone knows any?

I know a few recursive servers using #QUIC but I haven't found authoritative servers yet :/

(I'd love to have some myself (my NS can be already be queried using #DoT) but I use #NSD (which has no QUIC support yet) and Debian so...)

Looks like either #nsd does not know HIP RR from RFC 8005 or I made an error.

#ldns-verify-zone does not complain so I guess my RR is correct 🤔

#DNS

nice! I configured my authoritative nameserver running #nsd to provide DNS-over-TLS (#DoT), and even setup one of my secondaries to fetch the AXFR over DoT.

#dns

#Montenegro #Serbia
Ministro degli Esteri Filip #Ivanović (#PES|Centro anti-corruzione): "#Mandić (#NSD|Minoranza serba) non rappresentava il Montenegro nella sede elettorale dell'#SNS|EPP. Il governo, che si è formato con una maggioranza parlamentare, è fondato sulla base di un accordo di coalizione chiaro e preciso. Questo è stato firmato da tutti i componenti di quella maggioranza e il programma di lavoro è dettato dal Primo Ministro."

@OsservatorioEsteri

#Montenegro #Serbia
Comitato Centrale #URA|G/EFA: "È inaccettabile che Andrija #Mandić (#NSD|Minoranza serba), in qualità di Presidente del Parlamento del Montenegro e rappresentante di tutti i parlamentari e cittadini, sia presente alla sede elettorale di un partito in un altro Paese. La responsabilità di questo evento è del Primo Ministro Milojko #Spajić (#PES|Centro anti-corruzione), dal quale il pubblico si aspetta una dichiarazione al riguardo."

@OsservatorioEsteri

Ich möchte #certbot mit meinem eigenen (nicht lokalen) #nsd sprechen lassen.
Gibts da irgendetwas Fertiges (Skripte, Protokolle, Schnittstellen,...)?

#NSA, #NSB, #NSC of #NSD?

🎉 Exciting news! We just released our own PTR daemon!

Now you can control your PTR directly from your VM with a simple http request 💻. Check out our website for all the details: https://openbsd.amsterdam/ptr.html

#OpenBSD #PTR 🌐 #NSD #RUNBSD

@tolstoevsky Не обязательно #BIND9 aka #BIND, его много критикуют. Есть ещё #KnotDNS, #YADIFA и другие; а если не нужен #AXFR (все вторичные сервера свои, синхронизируются #rsync'ом), то #gdnsd (#NSD, по-моему, только для больших нагрузок, а на малых не уменьшает потребление памяти). Есть ещё маленький и экономичный #MaraDNS, но там надо изучать другой синтаксис файла зоны.

#DNS #NS

@tolstoevsky Не обязательно #BIND9 aka #BIND, его много критикуют. Есть ещё #KnotDNS, #YADIFA и другие; а если не нужен #AXFR (все вторичные сервера свои, синхронизируются #rsync'ом), то #gdnsd (#NSD, по-моему, только для больших нагрузок, а на малых не уменьшает потребление памяти). Есть ещё маленький и экономичный #MaraDNS, но там надо изучать другой синтаксис файла зоны.

#DNS #NS

@tolstoevsky Не обязательно #BIND9 aka #BIND, его много критикуют. Есть ещё #KnotDNS, #YADIFA и другие; а если не нужен #AXFR (все вторичные сервера свои, синхронизируются #rsync'ом), то #gdnsd (#NSD, по-моему, только для больших нагрузок, а на малых не уменьшает потребление памяти). Есть ещё маленький и экономичный #MaraDNS, но там надо изучать другой синтаксис файла зоны.

#DNS #NS