»Cloudflare zu Rekordstrafe verurteilt - das DNS als Zensur-Instrument:
Die italienische Regulierungsbehörde AGCOM hat @… mit einer Rekordstrafe überzogen, weil deren DNS Piratenseiten nicht blockiert«
Dies ist kritisch zu betrachten und doch ist im "offenen" Web einiges sehr umstritten. Was Piratenseiten sind oder nicht müssen wir uns nicht…

Now officially shopping for an organization, ideally in Canada but absolutely out of US jurisdiction (Europe OK), to provide Web & DNS support. We have a few mostly-dormant WordPress blogs and static sites, a bunch of identity-supporting DNS records, and that's about it. Nothing very high-traffic, should be an easy ask. Would prefer something that demonstrates resilience and stability by having been around a few years.

"Today we’re opening the public preview of DNS over HTTPS (DoH) for Windows DNS Server."
https://techcommunity.microsoft.com/blog/networkingblog/secure-dns-with-doh-public-preview-for-windows-dns-server/44939…

@… This is me again 😅
Using DoH, I get a weird EOF error during the dnshttp.Response conversion of the HTTP response.
The response was sent using the dnshttp.ResponseWriter implementation.
Digging into the implementation of the ResponseWriter, I see that you truncate the two leading bytes (response size) of TCP answers:

https://defend612.com has been blocked at the domain name level for me and at least two other people over T-Mobile networks (which includes GoogleFi, MetroPCS, and… wait for it… Trump Mobile). For at least all day today.
Seems unlikely to be a technical problem but instead to be Actual Censorship (unless its not …

Beschwerde: Karlsruhe stoppt umstrittene DNS-Überwachung einstweilig
Das Verfassungsgericht hat die Anordnung eines Amtsgerichts zur Überwachung von DNS-Anfragen auf eine bestimmte Domain nach Beschwerde des Providers ausgesetzt.

We really need a new Internet. How do we help?
https://torrentfreak.com/italy-fines-cloudflare-e14-million-for-refusing-to-filter-pirate-sites-on-public-1-1-1-1-dns/

:dns:

🇵🇸 @small-tech/cross-platform-hostname module deprecated
https://www.npmjs.com/package/@small-tech/cross-platform-hostname
The release of version 1.1.0 deprecates and removes support for this small module that normalised hostname reporting between Linux/mac…

Google-DNS-Sperren: Pariser Gericht stärkt Rechteinhaber gegen Streaming-Piraten | heise online
https://heise.de/-11138579

@… I am using dnsv2 to develop a "mock" DNS server for my unit tests.
I noticed that when specifying Server.Listener or Server.PacketConn, you also need to specify Server.Net or you end up with a "bad network" error when calling ListenAndServe.
Specifying the Net property seems redundant when the PacketConn/Listener properties are specifie…

The penultimate talk at #12Clouds is Akshay M talking about Agent Name Service (ANS), a DNS-like trust layer for AI agent deployments

China-aligned threat actor is conducting widespread cyberespionage campaigns https://therecord.media/china-aligned-threat-actor-espionage-network-devices

Italy fines Cloudflare €14.2M for refusing to block pirate sites on its 1.1.1.1 DNS service; CEO Matthew Prince says he will discuss it with US officials (Jon Brodkin/Ars Technica)
https://arstechnica.com/tech-policy/20

German ministry renames itself, domain expires, is bought by SEO-spammer, expires again, is bought by domain grabber, then later bought by itsec company who now learns that apparently plenty of internal systems of the ministry still try to connect to the domain...
I don't even know where to start how terrible that is and what it tells us about government IT security practices...

Wrong.
#google #ai #slop

Metacurity operates beyond the infosec news echo chamber to unearth sources and stories that the big guys overlook.
Check out today's issue for infosec developments you might have missed over the weekend, including
--Pentagon challenges Anthropic over mass surveillance, autonomous weapons curbs,
--UK moves to tighten online safety laws after xAI's Grok debacle,
--Iran is spying on and retaliating against protestors,
--DHS is seeking to spy on anti-ICE soc…

Whoops, MullvadVPN DNS blocker for social media also blocks my own Mastodon instance 😳

Italy fines Cloudflare €14.2M for refusing to block pirate sites on its 1.1.1.1 DNS service; CEO Matthew Prince says he will discuss it with US officials (Jon Brodkin/Ars Technica)
https://arstechnica.com/tech-policy/20

I just finished reorganizing the cable drawer.
The timeline of events was something like:
- the DNS server for internal name resolution runs inside a Docker container only reachable via IPv4
- if an Android device gets both IPv4 and IPv6 DNS servers, it will only query the IPv6 one
- fuck Docker; I'll install the DNS server on a Raspberry Pi
- creating a Pi image with sshd enabled didn't work
- this household has surprisingly few HDMI cables
- oh, …

I just finished reorganizing the cable drawer.
The timeline of events was something like:
- the DNS server for internal name resolution runs inside a Docker container only reachable via IPv4
- if an Android device gets both IPv4 and IPv6 DNS servers, it will only query the IPv6 one
- fuck Docker; I'll install the DNS server on a Raspberry Pi
- creating a Pi image with sshd enabled didn't work
- this household has surprisingly few HDMI cables
- oh, …

from my link log —
The case of the missing DNS packets.
https://cloud.google.com/blog/topics/inside-google-cloud/google-cloud-support-engineer-solves-a-tough-dns-case
saved 2020-05-13

I find it really amuzing that IT-departments around the world is just plainly copying the example DNS-records in my blog-posts about DMARC.
Resulting in me getting reports about their domain to my inbox
#dmarc #email

"Ich habe einen DNS-Namen bekommen."
"Und ... wie heißt du jetzt?"
#krautspaceleaks

Cloudflare-Rekordstrafe: Italiens harter Anti-Piraterie-Kurs trifft DNS-Resolver
Wegen verweigerter Netzsperren verhängt der italienische Regulierer Agcom ein Bußgeld in zweistelliger Millionenhöhe gegen den Infrastrukturriesen Cloudflare.

I recently got a “new” iPad (meaning, a used model from 2020) and I was amazed at how terrible it was for web browsing. Then I realized I forgot to point it at my Pi-hole install for DNS.
So much of the (commercial) web is nearly unusable on old(er) devices because of the amount of advertising crammed onto a page.
(Indie sites personal blogs, etc are mostly unaffected. Recipe sites though… whew!)
#web

Weekend Reads
* 5G in Latin America
https://www.ookla.com/articles/5g-in-latin-america-pockets-of-progress
* Evaluating DNS resiliency

Homelab migration done, all of the VMs are on Debian which makes things easier to manage. Currently deleting the old mirrors out of storage and running a few backups at the moment. I think it's time to maybe play some vidya games and just enjoy the rest of Sunday.
#homelab #debian

added hn and lobsters to the dns deny list. Firefox "failed to load page" will be my reminder that even staring at the wall will be more useful than reading those 2 sites

New to Indiekit? Read the full deployment guide — a step-by-step walkthrough covering server setup, DNS, configuration, first-run password creation, syndication, webmentions, and the full plugin set.
https://github.com/rmdes/indiekit-deploy/blob/main/docs/deployme…

Russland hat am 10. Februar 2026 die Domains von WhatsApp, YouTube, Facebook, Instagram und weitere westliche Diensten aus dem nationalen Domain-Name-System entfernt #Russland #dns #WhatsApp

What came first: the CNAME or the A record?
https://blog.cloudflare.com/cname-a-record-order-dns-standards/

I moved my DNS and mostly static sites from AWS to @…
It was a bit of a hassle, and I have to be a Linux admin again (AWS hosted via Route53 S3 magic)
https://webcam.calpenedes.com/

The bureaucratic rigidness of the Italian government has taken it to a completely unnecessary conflict with US providers. With the poorly-planned Privacy Shield initiative, it entered a digital sovereignty conflict the country never prepared for. The appalling thing is that even the outspoken Mario Draghi didn't try to walk his talk. And now Cloudfare threatens to resist.
"The scheme, which even the EU has called concerning, required us within a mere 30 minutes of notification…

@… und wenn schon sollte man sollte man die DNS Einträge der UEFA/FIFA sperren. Die Schaden unserem Ruf als Schweizer Verein. Gemeinnützig ist ihr Gehabe wohl eher nicht.

Cloudflare-Rekordstrafe: Italiens harter Anti-Piraterie-Kurs trifft DNS-Resolver | heise online
https://heise.de/-11136843

Sweet next year letsencrypt will support a persisting DNS record so these tools don’t need access to DNS for renewal

The Pi-hole® is a #DNS sinkhole that protects your devices from unwanted content, without installing any client-side software
https://pi-hole.net/

from my link log —
The disappearing Windows DNS debug log.
https://nxlog.co/disappearing-windows-dns-debug-log
saved 2019-01-10 https://

Tu sais que t'es en train d'aller trop loin quand pour tester une fonctionnalité de ton programme (un client SSH), tu te retrouves Š implémenter un serveur SSH, un serveur DNS et un serveur HTTP et une PKI pour ton test E2E.
Heureusement, c'est facile Š faire en Go 😅

@… and this is why I ran ad blocking on the DNS level. And browser addons that deal with most of these crappy modals

DNS stands for “DO NOT meSs with this or you’re going to have a bad time”

chapeau, weather-over-dns-over-mastodon:
@… berlin.now.weather.dyn.bortzmeyer.fr TXT
this is the way.

Tao Te Ching: The tao that can be told is not the eternal Tao. The name that can be named is not the eternal Name.
Paul Mockapetris: that's going to make it really hard to issue you a DNS address

I can help but feel this "feature" should raise more concerns than it does alleviate them.
"Accelerated recovery for managing public DNS records addresses this need by targeting DNS changes that customers can make within 60 minutes of a service disruption in the US East (N. Virginia) Region."

The Pihole instance running on my laptop blocks about 21% of the DNS requests …. This is self-defense …
#Pihole #Enshittification

On Website Technicals (2021-02) - Tech updates: image preview tweak for dark mode, DNS secondary fun. - https://m.earth.org.uk/note-on-site-technicals-45.html

TFW you notice that your Synology-local-backup to cloud-backup hasn't been working since you moved in October 2024 because you’d stupidly hardwired the Synology DNS to the former residence’s now-wrong 192.168. Would have been sad if the house burned down. Would have been nice if the Synology had complained.
Discovered this in the course of a search for a non-US (ideally Canadian) Synology-friendly cloud backup. Promising: eazyBackup and ionos.ca HiDrive.

If you ever want to hear your family come to life. Take down the home DNS server lol. #DNS

MS365 email cannot achieve “four nines” availability for 2026.
They’ve been down for long enough today that they’re more than halfway to losing the third 9. It's DNS.
The biggest mail system I help manage had NO unplanned downtime in 2025 & the planned downtime (kernel updates) was less than 0.004%
The biggest DNS environment I help manage has had 100% availability for >5y. It has NEVER returned SERVFAIL for a valid name.
Sadly, I do not scale. And I am o…

So I was pretty enthusiastic about #DNS4EU at first.
Then I've discovered it blocklisted some random pastebin. Well, it happens. I mean, pastebins frequently get into trouble because of people pasting random shit. So I've filed an unblock request. I've suddenly got a mail to confirm registration in some random company's system — I suspect it was related to DNS4EU, but no clear indication. I've ignored it.
Then they've blocklisted my mail provider, for no apparent reason. It's still blocked. I've switched to the "unfiltered" version to be able to access my mail again.
Today I've gotten a mail via my backup MX. My main MX is up. My educated guess is that sysadmins using DNS4EU now get my mail redirected to their "site blocked" server. Isn't that great?
PS. Maybe if more people filed unblock requests for "poczta.ftdl.pl", it would help. It's a non-profit e-mail provider.
#DNS #ItsAlwaysDNS

Seems like this could be useful for some #Selfhosted / #HomeLab folks. https://m.vinduv.app/@VinDuv/115940541

Gibt es eigentlich irgendeinen DNS-ANbieter, der wie Cloudflare CNAME-Einträge auf den Domainnamen selbst zulässt bzw. diese (wie bei Cloudflare) dynamisch in reguläre Eintrage übersetzt?

from my link log —
Can I use HTTPS RRs?
https://www.netmeister.org/blog/https-caniuse.html
saved 2025-12-12 https://dotat.at/…

I fell down the self-hosting (at home) rabbit hole.
Current status: Had to disable the IPv6 router advertisement option for DNS configuration 🙁

I fell down the self-hosting (at home) rabbit hole.
Current status: Had to disable the IPv6 router advertisement option for DNS configuration 🙁

Brief Starlink outage (our second ever). Strange that throughout I could ping 1.1.1.1 but not 9.9.9.9 or any other Internet host for which I have the IP saved. I reckon this means Cloudflare has a DNS instance in the same DC/on a peering fabric adjacent to the Starlink "Dublin" (LDNGBR) ground station.

You'd think that Gracenote must be one of the oldest APIs still working but there's basic Internet protocols that are way older, like NTP or DNS

Yay, my bluesky domain handle now pass verification for both DNS and HTTP https://bsky-debug.app/handle?handle=rmendes.net

moved dns hosting for trunk.lol from DME to porkbun (free), lmk if you see any issues.

Currently most biggest email providers put mails from my domain in TLD .cloud and my server to spam. Even tho I have all the shiny things set up like SPF, DKIM, DMARC, reverse dns, the domain is not new, and there was never spam sent from my server. I am not on any blacklist of course.
And I don't get why ppl actually don't check what is in spam folder, like they really receive so much spam, so that they can't notice there is something? I have plenty of mail accounts in var…

Started migrating services off of the RPis and onto the new #Proxmox server. The initial install went fairly smoothly, got the VLANs configured, and then setup the new primary DNS server. That took longer than it should have, but I will say this: the VM is so much more snappy than the Pi. Next up is the secondary DNS server.

@… This is your kinda pun.
https://wuffs.org/@Ninji/115815324741233244

Wer kennt einen kompetenten CH-Provider, der mir nicht ohne Info an mich den Webserver abschaltet und den DNS-Eintrag mit einer TTL von 24h auf 127.0.0.1 setzt, weil Bots (Petalbot und ahref-Bot) so viele meiner statischen Webseiten abrufen, dass der von mehreren Kunden genutzte Server abraucht?
(Technische) Details der Story: …

This girl now self-hosts her DNS!!
https://github.com/LuNeder/nixos-config/commit/7c5358fd4de441e4bb5011fb90f182bbbfb6bd28

Today I learned how to use socat to pipe IPv4 traffic to my #homelab that's accessible only over IPv6 (thanks 1&1 and DS-Lite).
Set the DNS A record to a VPS I already have, spin up a reverse proxy on the VPS via docker, point the right domains to a socat docker container which TCP6's the IPv4 traffic the right way. Don't forget to add an IPv6 network to the socat container. Done.

@why_not@mastodon.social ich finde die vorstellung, dass, sagen wir 33,34% der Bevölkerung [Deutschlands|EU|Europas|des Westens|der Industrienationen|der demokratidchen Staaten|des globalen Nordens] bereit sein könnte wegen was-auch-immer Alphabet, Amazon und Microsoft zu boykottieren bizarr. Teilweise unmöglich. Alphabet bietet DNS 8.8.8.8 und 8.8.4.4 und das pandemie-traceing-network an. https://mamot.fr/@Khrys/116034466199737167

@why_not@mastodon.social ich finde die vorstellung, dass, sagen wir 33,34% der Bevölkerung [Deutschlands|EU|Europas|des Westens|der Industrienationen|der demokratidchen Staaten|des globalen Nordens] bereit sein könnte wegen was-auch-immer Alphabet, Amazon und Microsoft zu boykottieren bizarr. Teilweise unmöglich. Alphabet bietet DNS 8.8.8.8 und 8.8.4.4 und das pandemie-traceing-network an. https://mamot.fr/@Khrys/116034466199737167

from my link log —
Route 53 DNS: Amazon’s premier AWS database.
https://www.lastweekinaws.com/blog/route-53-amazons-premier-database/
saved 2021-02-18 <…

What? No discussion of the #Microsoft email outage? Surely someone will bring out the DNS Haiku. #outage

On Website Technicals (2025-10) - Tech updates: Sitebulb AdSense fails, RSS description, lite ads, ISSN lookup, micro-opts, DNS broke intensity, SVG inline URL-encoded, CO2 pcm, flock. - https://m.earth.org.uk/note-on-site-technicals-101.html

The standalone Proxmox server is basically done at this point, all three DNS servers are online and secure, the Tailscale VM is online after completely forgetting that it was running on one of the Raspberry Pis, and the `authentik` instance that I'm gonna need to work on tomorrow.
#proxmox #dns

Fun little experiment: block html-load[.]com and error-report[.]com at the DNS level and watch the web become unusable.

@… yeah, ofcourse. AWS and Azure has DNS problems within 1 week of each other and now cludflare was down. Maybe it was DNS, but there is for sure more to the story that we do not know.

Próbuję się ostatnio zde-cloudflare-ować i ile to wymaga energii...

- CDN DNS - bunny.net
- hosting stron statycznych statichost.eu
- rejestracja domen - infomaniak.com

Jeszcze docelowo s3 sobie wyniosę z b2, ale krok po kroku... Analytics mam już swoje na plausible selfhostowane i go użyje zamiast statystyk z cloudflarea.

Dużym plusem…

from my link log —
trustydns: DNS Over HTTPS proxy, server and query programs.
https://github.com/markdingo/trustydns
saved 2019-06-28 https://do…

There are four .ir TLD nameservers, three of which are located behind IRNIC and have been generally unavailable outside of Iran (not sure about in-country).
One auth NS (c.nic.ir.) is operating behind #AS48011 outside of Iran and is responding to queries.
However, from what I can see from the SOA RRs for the zone captured by passive DNS, c.nic.ir does not currently appear to be in s…

@… @… It’s not vanity. It is a kind of identity verification - since in order to use a domain name as an ID you have to have access for the domains DNS records. Which means you have an ICANN registration.

Are you doing something interesting with #DNS #security, #DNSSEC, routing security, or other forms of #Internet

@… Hey, it is me again 😅
Just to let you know that I receive some 400 Bad Request errors from some DoH servers (dns.quad9.net and ns0.fdn.fr for instance) while some others accept my queries (dns.google and Cloudflare 1.1.1.1).
I am not sure yet if the error is on my use of the library or within the library itself.
Here is the code to run the query:

support for DNS-over-TCP has been explicitly necessary since 2010
it's irritating that we still have to keep explaining this https://lobste.rs/c/hatmxu

Yesterday, I managed to 1) install #PiHole on a #RaspberryPi behind in my #Tailscale mesh and configure the #DNS to…

from my link log —
Internet world despairs as non-profit .org sold for $$$$ to private equity firm.
https://www.theregister.co.uk/2019/11/20/org_registry_sale_shambles/
saved 2019-11-23

Many #Terraform providers using SSH do not check the SSH host key... they just run with ssh.InsecureIgnoreHostKey...
And to be honest, it is partly the fault of the SSH standard library which makes it super easy to ignore the host key and does not provide any useful builtin key verification function. People are lazy. ssh.FixedHostKey is niche.
So I implemented a small library to v…

from my link log —
Gonemaster: a Golang clone of the Zonemaster DNS checker.
https://codeberg.org/pawal/gonemaster
saved 2026-01-26 https://dotat.…

Does anyone actually use OpenNIC?
I selfhost my DNS with unbound, apparently it's simple to use OpenNIC's root server hints but then you remove ICANN ones.
I know OpenNIC's root servers also respond for ICANN domains, but what I was wondering is: can I use ICANN ones for ICANN domains and only use OpenNIC ones when ICANN root servers don't know about a TLD?
#OpenNIC