toad.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
Mastodon server operated by David Troy, a tech pioneer and investigative journalist addressing threats to democracy. Thoughtful participation and discussion welcome.

Administered by:

Server stats:

218
active users

#dns

40 posts25 participants1 post today
Bill<p>Davie at El Reg posits that DNSSEC might have gone titsup.</p><p><a href="https://www.theregister.com/2025/07/25/systems_approach_column_dns_security/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">theregister.com/2025/07/25/sys</span><span class="invisible">tems_approach_column_dns_security/</span></a></p><p><a href="https://infosec.exchange/tags/dns" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dns</span></a> <a href="https://infosec.exchange/tags/rfc" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rfc</span></a></p>
Loki the Cat<p>DNSSEC: officially the "worst performing technology" of internet protocols at 34% adoption after 28 years. Meanwhile HTTPS is living its best life at 96%. Sometimes being invisible isn't a superpower! 👻</p><p><a href="https://it.slashdot.org/story/25/07/25/1714202/dns-security-is-important-but-dnssec-may-be-a-failed-experiment" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">it.slashdot.org/story/25/07/25</span><span class="invisible">/1714202/dns-security-is-important-but-dnssec-may-be-a-failed-experiment</span></a></p><p><a href="https://toot.community/tags/DNSSEC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DNSSEC</span></a> <a href="https://toot.community/tags/DNS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DNS</span></a> <a href="https://toot.community/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a></p>
Stéphane Bortzmeyer<p>Proposal to synchronize the caches of <a href="https://mastodon.gougere.fr/tags/DNS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DNS</span></a> resolvers (when they are under the same organisation). "Because it is greener"</p><p>Just by sending the results of a resolution to your friends.</p><p>Implemented in Unbound at the IETf hackathon</p><p><a href="https://mastodon.gougere.fr/tags/IETF123" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IETF123</span></a></p>
Stéphane Bortzmeyer<p>Proposal to be able to delegate to . (dot) to indicate there is a zone cut without sending it (useful for split namespaces). </p><p>Zone cut to nowhere:</p><p>internal.example.com. IN NS .</p><p><a href="https://mastodon.gougere.fr/tags/DNS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DNS</span></a> <a href="https://mastodon.gougere.fr/tags/IETF123" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IETF123</span></a></p>
Stéphane Bortzmeyer<p>Proposal for reserving probe.resolver.arpa as the name to use when testing a <a href="https://mastodon.gougere.fr/tags/DNS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DNS</span></a> resolver. (Save resources, avoid fingerprinting, consistent results, etc)</p><p><a href="https://mastodon.gougere.fr/@DNSresolver/114913405013969936" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">mastodon.gougere.fr/@DNSresolv</span><span class="invisible">er/114913405013969936</span></a></p><p><a href="https://mastodon.gougere.fr/tags/IETF123" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IETF123</span></a></p>
Stéphane Bortzmeyer<p>DNSOP working group: a lot of small (and somestimes not so small) changes to <a href="https://mastodon.gougere.fr/tags/DNS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DNS</span></a> <a href="https://datatracker.ietf.org/meeting/123/materials/agenda-123-dnsop-01" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">datatracker.ietf.org/meeting/1</span><span class="invisible">23/materials/agenda-123-dnsop-01</span></a></p><p>First: persistent references to services you authorize (such as CAA, wallets or also what Bluesky is doing). Related but not identical to TXT-based validation with a cookie/nonce/token in it.</p><p><a href="https://mastodon.gougere.fr/tags/IETF123" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IETF123</span></a></p>
Florian 'floe' Echtler<p>Got a weird issue with my router (Asus RT-AC88U, <a href="https://hci.social/tags/OpenWRT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenWRT</span></a> 24.10.1): occasionally, WiFi clients cannot contact any other devices on my LAN except the router itself.</p><p>When this happens, I can always still ping 192.168.1.1 (the router), and e.g. 8.8.8.8 (Google DNS), but not e.g. 192.168.1.219 (PiHole DNS server). </p><p>I have a hunch that this is somehow related to the settings on the bridge device that unifies WiFi and Ethernet, but I can't find exactly what to look for... 🤔</p><p><a href="https://hci.social/tags/dns" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dns</span></a> <a href="https://hci.social/tags/networking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>networking</span></a></p>

For what it is worth, earlier this month my private #dns zone was #dnssec signed 20 years ago.

First with the perl based RIPE DISI tools, then I tried opendnssec in a way to complicated setup with a nsd/bind combo or bind with separate signed/unsigned views (can’t remember), then it became zkt to end up with running with bind’s dnssec-policy

What a ride

Monitoring DNS is like opening a Pandoras box... the amount of devices trying to use their own DNS-servers is too damn high.

Use what I've told you in your DHCP-lease. Jesus.

Haven't seen a good project on a .net domain name for a while.

.net domain name owners, please show me your indieweb projects.

(Nothing to do with Microsoft's .NET, but if you're hosting something you made with .NET on a .net domain name, you'll get 5 bonus internet points*)

* Current exchange rate is 78 internet points = 1 clout