home.social

#nsd — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #nsd, aggregated by home.social.

  1. Numerous technical and security improvements on the infrastructure that supports mstdn.dk

    Bottom line: sikkerpånettet.dk/ now gives the site a 100% #security score. There are still improvements to be made (weirdly enough) - specifically I'm looking into supporting DANE for #TLS certificate signatures in #DNS.

    Now that's off the TODO-list :-)

    #mstdndk

  2. Numerous technical and security improvements on the infrastructure that supports mstdn.dk

    Bottom line: sikkerpånettet.dk/ now gives the site a 100% #security score. There are still improvements to be made (weirdly enough) - specifically I'm looking into supporting DANE for #TLS certificate signatures in #DNS.

    Now that's off the TODO-list :-)

    #mstdndk

  3. Numerous technical and security improvements on the infrastructure that supports mstdn.dk

    Bottom line: sikkerpånettet.dk/ now gives the site a 100% #security score. There are still improvements to be made (weirdly enough) - specifically I'm looking into supporting DANE for #TLS certificate signatures in #DNS.

    Now that's off the TODO-list :-)

    #mstdndk

  4. Numerous technical and security improvements on the infrastructure that supports mstdn.dk

    Bottom line: sikkerpånettet.dk/ now gives the site a 100% #security score. There are still improvements to be made (weirdly enough) - specifically I'm looking into supporting DANE for #TLS certificate signatures in #DNS.

    Now that's off the TODO-list :-)

    #mstdndk

  5. Numerous technical and security improvements on the infrastructure that supports mstdn.dk

    Bottom line: sikkerpånettet.dk/ now gives the site a 100% #security score. There are still improvements to be made (weirdly enough) - specifically I'm looking into supporting DANE for #TLS certificate signatures in #DNS.

    Now that's off the TODO-list :-)

    #mstdndk

  6. I run my own #nameservers or #DNS if you will, and have done so for over 25 years. Initially based on #BIND (aka named) but I later moved to #PowerDNS, There are numerous frontends of varying quality available for PowerDNS. I have opinions on those, but this isn't about them.

    For the secondary name servers (in the old and less enlightened days known as slaves) I've always run the same software as the primary. First BIND, then PowerDNS. Recently though, I've been testing out what appears to be a much simpler alternative: #NSD by #Amsterdam based NLnet Labs.

    Using #CatalogZones - a new concept to me - I'm able to run secondaries with TSIG notifies and zone transfers as well as fully supported primary signed DNSSEC with a configuration of only 40 lines. No updates needed when adding or removing zones.

    For this to work well though, some configuration is required for each zone on the primary. With a little trigger and function magic, this can be automized by the database.

    Wheee!

  7. I run my own #nameservers or #DNS if you will, and have done so for over 25 years. Initially based on #BIND (aka named) but I later moved to #PowerDNS, There are numerous frontends of varying quality available for PowerDNS. I have opinions on those, but this isn't about them.

    For the secondary name servers (in the old and less enlightened days known as slaves) I've always run the same software as the primary. First BIND, then PowerDNS. Recently though, I've been testing out what appears to be a much simpler alternative: #NSD by #Amsterdam based NLnet Labs.

    Using #CatalogZones - a new concept to me - I'm able to run secondaries with TSIG notifies and zone transfers as well as fully supported primary signed DNSSEC with a configuration of only 40 lines. No updates needed when adding or removing zones.

    For this to work well though, some configuration is required for each zone on the primary. With a little trigger and function magic, this can be automized by the database.

    Wheee!

  8. I run my own #nameservers or #DNS if you will, and have done so for over 25 years. Initially based on #BIND (aka named) but I later moved to #PowerDNS, There are numerous frontends of varying quality available for PowerDNS. I have opinions on those, but this isn't about them.

    For the secondary name servers (in the old and less enlightened days known as slaves) I've always run the same software as the primary. First BIND, then PowerDNS. Recently though, I've been testing out what appears to be a much simpler alternative: #NSD by #Amsterdam based NLnet Labs.

    Using #CatalogZones - a new concept to me - I'm able to run secondaries with TSIG notifies and zone transfers as well as fully supported primary signed DNSSEC with a configuration of only 40 lines. No updates needed when adding or removing zones.

    For this to work well though, some configuration is required for each zone on the primary. With a little trigger and function magic, this can be automized by the database.

    Wheee!

  9. I run my own #nameservers or #DNS if you will, and have done so for over 25 years. Initially based on #BIND (aka named) but I later moved to #PowerDNS, There are numerous frontends of varying quality available for PowerDNS. I have opinions on those, but this isn't about them.

    For the secondary name servers (in the old and less enlightened days known as slaves) I've always run the same software as the primary. First BIND, then PowerDNS. Recently though, I've been testing out what appears to be a much simpler alternative: #NSD by #Amsterdam based NLnet Labs.

    Using #CatalogZones - a new concept to me - I'm able to run secondaries with TSIG notifies and zone transfers as well as fully supported primary signed DNSSEC with a configuration of only 40 lines. No updates needed when adding or removing zones.

    For this to work well though, some configuration is required for each zone on the primary. With a little trigger and function magic, this can be automized by the database.

    Wheee!

  10. I run my own #nameservers or #DNS if you will, and have done so for over 25 years. Initially based on #BIND (aka named) but I later moved to #PowerDNS, There are numerous frontends of varying quality available for PowerDNS. I have opinions on those, but this isn't about them.

    For the secondary name servers (in the old and less enlightened days known as slaves) I've always run the same software as the primary. First BIND, then PowerDNS. Recently though, I've been testing out what appears to be a much simpler alternative: #NSD by #Amsterdam based NLnet Labs.

    Using #CatalogZones - a new concept to me - I'm able to run secondaries with TSIG notifies and zone transfers as well as fully supported primary signed DNSSEC with a configuration of only 40 lines. No updates needed when adding or removing zones.

    For this to work well though, some configuration is required for each zone on the primary. With a little trigger and function magic, this can be automized by the database.

    Wheee!

  11. Running #OpenBSD 7.8 ​:openbsd:​

    DNS:
    #nsd (3 Master Zones), #DNSSEC & #DANE (RFC6698) + #unbound
    Firewall:
    #pf with auto-fed tables (IPS-style), spambot-tarpitting & service rate limits.
    Mail:
    #smtpd (Multi-domain, RFC8461/MTA-STS) + #rspamd (DKIM) + #dovecot (IMAPS-only).
    Spam-Defense:
    #spamd with auto-SPF-walk (no more greylisting issues).
    Web:
    #relayd (TLS-Terminator, HSTS, CSP) + #httpd (NIP-05, Autoconfig, security.txt).
    Performance: Lightweight "Fail2Ban" via 1-liner shell script (No Python crap!).

    #Nostr Relay in Rust building...

    #SelfHosted #SysAdmin #Security #Privacy

  12. Running #OpenBSD 7.8 ​:openbsd:​

    DNS:
    #nsd (3 Master Zones), #DNSSEC & #DANE (RFC6698) + #unbound
    Firewall:
    #pf with auto-fed tables (IPS-style), spambot-tarpitting & service rate limits.
    Mail:
    #smtpd (Multi-domain, RFC8461/MTA-STS) + #rspamd (DKIM) + #dovecot (IMAPS-only).
    Spam-Defense:
    #spamd with auto-SPF-walk (no more greylisting issues).
    Web:
    #relayd (TLS-Terminator, HSTS, CSP) + #httpd (NIP-05, Autoconfig, security.txt).
    Performance: Lightweight "Fail2Ban" via 1-liner shell script (No Python crap!).

    #Nostr Relay in Rust building...

    #SelfHosted #SysAdmin #Security #Privacy

  13. Running #OpenBSD 7.8 ​:openbsd:​

    DNS:
    #nsd (3 Master Zones), #DNSSEC & #DANE (RFC6698) + #unbound
    Firewall:
    #pf with auto-fed tables (IPS-style), spambot-tarpitting & service rate limits.
    Mail:
    #smtpd (Multi-domain, RFC8461/MTA-STS) + #rspamd (DKIM) + #dovecot (IMAPS-only).
    Spam-Defense:
    #spamd with auto-SPF-walk (no more greylisting issues).
    Web:
    #relayd (TLS-Terminator, HSTS, CSP) + #httpd (NIP-05, Autoconfig, security.txt).
    Performance: Lightweight "Fail2Ban" via 1-liner shell script (No Python crap!).

    #Nostr Relay in Rust building...

    #SelfHosted #SysAdmin #Security #Privacy

  14. Running #OpenBSD 7.8 ​:openbsd:​

    DNS:
    #nsd (3 Master Zones), #DNSSEC & #DANE (RFC6698) + #unbound
    Firewall:
    #pf with auto-fed tables (IPS-style), spambot-tarpitting & service rate limits.
    Mail:
    #smtpd (Multi-domain, RFC8461/MTA-STS) + #rspamd (DKIM) + #dovecot (IMAPS-only).
    Spam-Defense:
    #spamd with auto-SPF-walk (no more greylisting issues).
    Web:
    #relayd (TLS-Terminator, HSTS, CSP) + #httpd (NIP-05, Autoconfig, security.txt).
    Performance: Lightweight "Fail2Ban" via 1-liner shell script (No Python crap!).

    #Nostr Relay in Rust building...

    #SelfHosted #SysAdmin #Security #Privacy

  15. Running #OpenBSD 7.8 ​:openbsd:​

    DNS:
    #nsd (3 Master Zones), #DNSSEC & #DANE (RFC6698) + #unbound
    Firewall:
    #pf with auto-fed tables (IPS-style), spambot-tarpitting & service rate limits.
    Mail:
    #smtpd (Multi-domain, RFC8461/MTA-STS) + #rspamd (DKIM) + #dovecot (IMAPS-only).
    Spam-Defense:
    #spamd with auto-SPF-walk (no more greylisting issues).
    Web:
    #relayd (TLS-Terminator, HSTS, CSP) + #httpd (NIP-05, Autoconfig, security.txt).
    Performance: Lightweight "Fail2Ban" via 1-liner shell script (No Python crap!).

    #Nostr Relay in Rust building...

    #SelfHosted #SysAdmin #Security #Privacy

  16. New 𝗙𝗿𝗲𝗲𝗕𝗦𝗗 𝗠𝗜𝗧 𝗞𝗲𝗿𝗯𝗲𝗿𝗼𝘀 𝗦𝗲𝗿𝘃𝗲𝗿 (FreeBSD MIT Kerberos Server) article on vermaden.wordpress.com blog.

    vermaden.wordpress.com/2026/02

    #verblog #freebsd #mit #kerberos #dns #nsd

  17. The final countdown!

    ONE hour left of our #CyberMonday sale on Horns247

    With #NSD and the transfer portal right around the corner, NOW is the time to join for 75% off!

    secure.247sports.com/college/t #HookEm

  18. [Article] NSD Authoritative Nameserver on OpenBSD

    A short guide to configuring an authoritative nameserver on OpenBSD with nsd(8)

    cryogenix.org/library/networki

  19. what #disroot, #systemli, and #riseup did that made me build a similar collective. currently running some services under #openbsd from #indonesia:

    but, i ponder what i must do to pass the #security and perfomance standard.

    can someone answer my question? i appreciate it so much

  20. The overlap of people trying to self-host authoritative DNS with nsd and integrate it with kubernetes via external-dns and cert-manager is extremely low.

    #selfhosted #kubernetes #dns #homelab #nsd

  21. ServerSocket на Android в пределах одной сети

    Продолжая серию статей, общения между процессами и между двумя приложениями , в заключительной части разберем примеры в пределах одной Wi-Fi ‑сети. Рассмотрим, как с помощью ServerSocket можно организовать взаимодействие между устройствами, будь то обмен данными, совместная работа или создание многопользовательских игр. Если в предыдущих частях мы рассматривали конкретные способы создания сервера и общение с помощью разных протоколов, в этот раз покажу, как зарегистрировать свой сервер и находить чужие серверы в сети.

    habr.com/ru/companies/tbank/ar

    #android #serversocket #kotlin #nsd

  22. I wrote a new blog post about DNS (part 1)!

    Learn how DNS works in more depth and I even provide you will some useful terminal commands you can try yourself:

    blog.melroy.org/2025/dns-part-

    #dns #security #linux #unbound #bind #linux #recursive authoritative# server #nsd #dig #zone #domain #name #system

  23. I added a new service in my self-hosting:

    a DNS server with adblock support powered by NSD, Unbound, and AdGuard Home

    #freebsd #nsd #unbound #adguardhome #adguard #selfhosting

  24. NEW:

    "Colorado is definitely the team to beat."

    Why #NCAA
    recruiting experts can't stop seeing Georgia star Julian Lewis as Deion Sanders' next star Colorado Buffs QB, up now from The @DenverPost:

    denverpost.com/2024/11/18/s...

    #CUBuffs
    #SkoBuffs
    #GoBuffs
    #Big12
    #recruiting
    #NSD

  25. Woaw!! Configuring an Authoritative #dns server with #nsd and #nixos is a peace of cake!! Cloudflare will have to adapt to survive this!

    Shout out to @nlnetlabs !
    We are well fed on the #foss side after all 😏

  26. #Montenegro
    Presidente Jakov #Milatović: "Il Presidente dell'Assemblea Andrija #Mandić (#NSD|Minoranza serba) si è recato ad un'esercitazione militare dell'esercito serbo. I cittadini chiedono che risponda ad una domanda legittima, ovvero in quale formato e contesto ha partecipato all'esercitazione di ieri. Ricordo che Mandić è membro del Consiglio per la difesa e la sicurezza e il Montenegro è un Paese della #NATO".

    @OsservatorioEsteri

  27. I decided to add #DoQ support to my check_soa script (because it's easy to add as #dnspython supports it pretty much out of the box) so I'm looking for #DNS zones using authoritative nameservers accessible with DoQ. Does anyone knows any?

    I know a few recursive servers using #QUIC but I haven't found authoritative servers yet :/

    (I'd love to have some myself (my NS can be already be queried using #DoT) but I use #NSD (which has no QUIC support yet) and Debian so...)

  28. Looks like either #nsd does not know HIP RR from RFC 8005 or I made an error.

    #ldns-verify-zone does not complain so I guess my RR is correct 🤔

    #DNS

  29. nice! I configured my authoritative nameserver running #nsd to provide DNS-over-TLS (#DoT), and even setup one of my secondaries to fetch the AXFR over DoT.

    #dns

  30. #Montenegro #Serbia
    Ministro degli Esteri Filip #Ivanović (#PES|Centro anti-corruzione): "#Mandić (#NSD|Minoranza serba) non rappresentava il Montenegro nella sede elettorale dell'#SNS|EPP. Il governo, che si è formato con una maggioranza parlamentare, è fondato sulla base di un accordo di coalizione chiaro e preciso. Questo è stato firmato da tutti i componenti di quella maggioranza e il programma di lavoro è dettato dal Primo Ministro."

    @OsservatorioEsteri

  31. #Montenegro #Serbia
    Comitato Centrale #URA|G/EFA: "È inaccettabile che Andrija #Mandić (#NSD|Minoranza serba), in qualità di Presidente del Parlamento del Montenegro e rappresentante di tutti i parlamentari e cittadini, sia presente alla sede elettorale di un partito in un altro Paese. La responsabilità di questo evento è del Primo Ministro Milojko #Spajić (#PES|Centro anti-corruzione), dal quale il pubblico si aspetta una dichiarazione al riguardo."

    @OsservatorioEsteri

  32. Ich möchte #certbot mit meinem eigenen (nicht lokalen) #nsd sprechen lassen.
    Gibts da irgendetwas Fertiges (Skripte, Protokolle, Schnittstellen,...)?