home.social

#tsig — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #tsig, aggregated by home.social.

  1. In #TSIG ist ja alles gelb, jetzt geht es mit dem 612(-Doppel) weiter Richtung Tübingen

  2. In #TSIG ist ja alles gelb, jetzt geht es mit dem 612(-Doppel) weiter Richtung Tübingen

  3. In #TSIG ist ja alles gelb, jetzt geht es mit dem 612(-Doppel) weiter Richtung Tübingen

  4. In #TSIG ist ja alles gelb, jetzt geht es mit dem 612(-Doppel) weiter Richtung Tübingen

  5. Our `domain` crate for is progressing in three parallel tracks: Ximon's Zone transfers with is nearing completion, a proof of concept for query routing by Philip is ready for review so he can turn his attention to the signing milestone, and Terts and Jannik have kicked off reimplementing the `ldns` tools and example programs in .

    All development is and in the open you can follow the progress and contribute: github.com/NLnetLabs/domain/pu

  6. Our #DNS `domain` crate for #rustlang is progressing in three parallel tracks: Ximon's #XFR Zone transfers with #TSIG is nearing completion, a proof of concept for query routing by Philip is ready for review so he can turn his attention to the #DNSSEC signing milestone, and Terts and Jannik have kicked off reimplementing the `ldns` tools and example programs in #Rust.

    All development is #OpenSource and in the open you can follow the progress and contribute: github.com/NLnetLabs/domain/pu

  7. Our #DNS `domain` crate for #rustlang is progressing in three parallel tracks: Ximon's #XFR Zone transfers with #TSIG is nearing completion, a proof of concept for query routing by Philip is ready for review so he can turn his attention to the #DNSSEC signing milestone, and Terts and Jannik have kicked off reimplementing the `ldns` tools and example programs in #Rust.

    All development is #OpenSource and in the open you can follow the progress and contribute: github.com/NLnetLabs/domain/pu

  8. Our #DNS `domain` crate for #rustlang is progressing in three parallel tracks: Ximon's #XFR Zone transfers with #TSIG is nearing completion, a proof of concept for query routing by Philip is ready for review so he can turn his attention to the #DNSSEC signing milestone, and Terts and Jannik have kicked off reimplementing the `ldns` tools and example programs in #Rust.

    All development is #OpenSource and in the open you can follow the progress and contribute: github.com/NLnetLabs/domain/pu

  9. Our #DNS `domain` crate for #rustlang is progressing in three parallel tracks: Ximon's #XFR Zone transfers with #TSIG is nearing completion, a proof of concept for query routing by Philip is ready for review so he can turn his attention to the #DNSSEC signing milestone, and Terts and Jannik have kicked off reimplementing the `ldns` tools and example programs in #Rust.

    All development is #OpenSource and in the open you can follow the progress and contribute: github.com/NLnetLabs/domain/pu

  10. When building a library, it's not just about providing features but getting the ergonomics right so that developers can take maximum advantage of the functionality provided. After several approaches, we're finally happy with Zone Transfers for our `domain` crate for .
    github.com/NLnetLabs/domain/pu

  11. When building a library, it's not just about providing features but getting the ergonomics right so that developers can take maximum advantage of the functionality provided. After several approaches, we're finally happy with #DNS Zone Transfers for our #OpenSource `domain` crate for #rustlang. #CodingInTheOpen #IXFR #AXFR #TSIG
    github.com/NLnetLabs/domain/pu

  12. When building a library, it's not just about providing features but getting the ergonomics right so that developers can take maximum advantage of the functionality provided. After several approaches, we're finally happy with #DNS Zone Transfers for our #OpenSource `domain` crate for #rustlang. #CodingInTheOpen #IXFR #AXFR #TSIG
    github.com/NLnetLabs/domain/pu

  13. When building a library, it's not just about providing features but getting the ergonomics right so that developers can take maximum advantage of the functionality provided. After several approaches, we're finally happy with #DNS Zone Transfers for our #OpenSource `domain` crate for #rustlang. #CodingInTheOpen #IXFR #AXFR #TSIG
    github.com/NLnetLabs/domain/pu

  14. When building a library, it's not just about providing features but getting the ergonomics right so that developers can take maximum advantage of the functionality provided. After several approaches, we're finally happy with #DNS Zone Transfers for our #OpenSource `domain` crate for #rustlang. #CodingInTheOpen #IXFR #AXFR #TSIG
    github.com/NLnetLabs/domain/pu

  15. Опыты в домашней лаборатории: динамически обновляем записи приватной зоны DNS в OpenWRT

    Моя домашняя лаборатория подключена к интернету через маршрутизатор с прошивкой OpenWRT. Развертывая локальный ACME сервер, я понял, что, независимо от применяемого типа валидации запросов, ACME должен найти в DNS полное доменное имя сервера, для которого запрошен сертификат. В размышлениях, где же стоит хостить свою приватную DNS зону, меня озарило: «Но у нас уже есть дома DNS-сервер в OpenWRT. Наверняка можно удаленно обновлять записи в его локальной зоне». TL;DR: В итоге пришлось поставить BIND

    habr.com/ru/articles/826826/

    #openwrt #arm64 #dns #bind #hotplug #RFC2136 #RFC2845 #TSIG #DDNS #selfhosted

  16. Опыты в домашней лаборатории: динамически обновляем записи приватной зоны DNS в OpenWRT

    Моя домашняя лаборатория подключена к интернету через маршрутизатор с прошивкой OpenWRT. Развертывая локальный ACME сервер, я понял, что, независимо от применяемого типа валидации запросов, ACME должен найти в DNS полное доменное имя сервера, для которого запрошен сертификат. В размышлениях, где же стоит хостить свою приватную DNS зону, меня озарило: «Но у нас уже есть дома DNS-сервер в OpenWRT. Наверняка можно удаленно обновлять записи в его локальной зоне». TL;DR: В итоге пришлось поставить BIND

    habr.com/ru/articles/826826/

    #openwrt #arm64 #dns #bind #hotplug #RFC2136 #RFC2845 #TSIG #DDNS #selfhosted

  17. Опыты в домашней лаборатории: динамически обновляем записи приватной зоны DNS в OpenWRT

    Моя домашняя лаборатория подключена к интернету через маршрутизатор с прошивкой OpenWRT. Развертывая локальный ACME сервер, я понял, что, независимо от применяемого типа валидации запросов, ACME должен найти в DNS полное доменное имя сервера, для которого запрошен сертификат. В размышлениях, где же стоит хостить свою приватную DNS зону, меня озарило: «Но у нас уже есть дома DNS-сервер в OpenWRT. Наверняка можно удаленно обновлять записи в его локальной зоне». TL;DR: В итоге пришлось поставить BIND

    habr.com/ru/articles/826826/

    #openwrt #arm64 #dns #bind #hotplug #RFC2136 #RFC2845 #TSIG #DDNS #selfhosted

  18. Today was a good rest day. I upgraded the #Diaspora pod by building a new Docker image for it (and upgrading said image to the current #Debian). I got #pfsense to do #ddns to my #bind nameserver using #tsig, which allowed me to expose it on #ipv6. Lots of technology #winning!

    We walked to the local Dairy Queen for a treat, but it closed early for Father’s Day, so we walked to the grocery store and got a treat there instead. Lovely.

  19. Today was a good rest day. I upgraded the #Diaspora pod by building a new Docker image for it (and upgrading said image to the current #Debian). I got #pfsense to do #ddns to my #bind nameserver using #tsig, which allowed me to expose it on #ipv6. Lots of technology #winning!

    We walked to the local Dairy Queen for a treat, but it closed early for Father’s Day, so we walked to the grocery store and got a treat there instead. Lovely.

  20. Today was a good rest day. I upgraded the pod by building a new Docker image for it (and upgrading said image to the current ). I got to do to my nameserver using , which allowed me to expose it on . Lots of technology !

    We walked to the local Dairy Queen for a treat, but it closed early for Father’s Day, so we walked to the grocery store and got a treat there instead. Lovely.

  21. Today was a good rest day. I upgraded the #Diaspora pod by building a new Docker image for it (and upgrading said image to the current #Debian). I got #pfsense to do #ddns to my #bind nameserver using #tsig, which allowed me to expose it on #ipv6. Lots of technology #winning!

    We walked to the local Dairy Queen for a treat, but it closed early for Father’s Day, so we walked to the grocery store and got a treat there instead. Lovely.

  22. Today was a good rest day. I upgraded the #Diaspora pod by building a new Docker image for it (and upgrading said image to the current #Debian). I got #pfsense to do #ddns to my #bind nameserver using #tsig, which allowed me to expose it on #ipv6. Lots of technology #winning!

    We walked to the local Dairy Queen for a treat, but it closed early for Father’s Day, so we walked to the grocery store and got a treat there instead. Lovely.

  23. Hey #hivemind ... I need a #deadstupid #dns #application ... all it should do is to take unsigned zone xfer from whitelisted IP's, #sign them with defined #TSIG and send them do another dns with zonexfer. It does not need to be able to do anything else. I'm thinking about cluding #powerdns for that task but is there anything else simpler out there? (#windns does not support tsig for whatever reason and need something simple for a POC)

  24. Hey #hivemind ... I need a #deadstupid #dns #application ... all it should do is to take unsigned zone xfer from whitelisted IP's, #sign them with defined #TSIG and send them do another dns with zonexfer. It does not need to be able to do anything else. I'm thinking about cluding #powerdns for that task but is there anything else simpler out there? (#windns does not support tsig for whatever reason and need something simple for a POC)

  25. Hey #hivemind ... I need a #deadstupid #dns #application ... all it should do is to take unsigned zone xfer from whitelisted IP's, #sign them with defined #TSIG and send them do another dns with zonexfer. It does not need to be able to do anything else. I'm thinking about cluding #powerdns for that task but is there anything else simpler out there? (#windns does not support tsig for whatever reason and need something simple for a POC)

  26. Hey #hivemind ... I need a #deadstupid #dns #application ... all it should do is to take unsigned zone xfer from whitelisted IP's, #sign them with defined #TSIG and send them do another dns with zonexfer. It does not need to be able to do anything else. I'm thinking about cluding #powerdns for that task but is there anything else simpler out there? (#windns does not support tsig for whatever reason and need something simple for a POC)

  27. Sooo, nun der Abschnitt #TSIG bis #TTU neu auf der Streckenkarte!

  28. RFC 9103: DNS Zone Transfer over TLS

    Traditionnellement, le transfert d'une zone #DNS depuis le serveur maitre vers ses esclaves se fait en clair. Si l'authentification et l'intégrité sont protégées, par exemple par #TSIG, le transfert en clair ne fournit pas de confidentialité. Ce RFC normalise un transfert de zones sur TLS, #XoT (zone transfer over TLS).

    bortzmeyer.org/9103.html

  29. RFC 9103: DNS Zone Transfer over TLS

    Traditionnellement, le transfert d'une zone #DNS depuis le serveur maitre vers ses esclaves se fait en clair. Si l'authentification et l'intégrité sont protégées, par exemple par #TSIG, le transfert en clair ne fournit pas de confidentialité. Ce RFC normalise un transfert de zones sur TLS, #XoT (zone transfer over TLS).

    bortzmeyer.org/9103.html

  30. RFC 8945: Secret Key Transaction Authentication for DNS (TSIG)

    Le #DNS a des vulnérabilités à plusieurs endroits, notamment des risques d'usurpation, qui permettent de glisser une réponse mensongère à la place de la bonne. #TSIG, normalisé dans ce RFC (qui remplace le RFC 2845), est une solution de vérification de l'intégrité du canal. TSIG est surtout utilisé entre serveurs DNS maîtres et esclaves, pour sécuriser les transferts de zone.

    bortzmeyer.org/8945.html

  31. RFC 8945: Secret Key Transaction Authentication for DNS (TSIG)

    Le #DNS a des vulnérabilités à plusieurs endroits, notamment des risques d'usurpation, qui permettent de glisser une réponse mensongère à la place de la bonne. #TSIG, normalisé dans ce RFC (qui remplace le RFC 2845), est une solution de vérification de l'intégrité du canal. TSIG est surtout utilisé entre serveurs DNS maîtres et esclaves, pour sécuriser les transferts de zone.

    bortzmeyer.org/8945.html