"Today we’re opening the public preview of DNS over HTTPS (DoH) for Windows DNS Server."
https://techcommunity.microsoft.com/blog/networkingblog/secure-dns-with-doh-public-preview-for-windows-dns-server/44939…

I recently got a “new” iPad (meaning, a used model from 2020) and I was amazed at how terrible it was for web browsing. Then I realized I forgot to point it at my Pi-hole install for DNS.
So much of the (commercial) web is nearly unusable on old(er) devices because of the amount of advertising crammed onto a page.
(Indie sites personal blogs, etc are mostly unaffected. Recipe sites though… whew!)
#web

New to Indiekit? Read the full deployment guide — a step-by-step walkthrough covering server setup, DNS, configuration, first-run password creation, syndication, webmentions, and the full plugin set.
https://github.com/rmdes/indiekit-deploy/blob/main/docs/deployme…

recursive DNS servers are required to also be authoritative DNS servers for certain special zones
https://www.rfc-editor.org/rfc/rfc6303
https://

Homelab migration done, all of the VMs are on Debian which makes things easier to manage. Currently deleting the old mirrors out of storage and running a few backups at the moment. I think it's time to maybe play some vidya games and just enjoy the rest of Sunday.
#homelab #debian

Homelabbing question: what is the danger of having your home IP address exposed as a DNS entry? Like does it attract more hackers attention that way?
How many people are exposing their services directly from the home network?
Reposts are welcome :)

Lumen issued a report on tracking a campaign named “FrostArmada” associated with the threat actor group “Forest Blizzard” and its affiliated monikers involved in the campaign.
https://www.lumen.com/blog-and-news/en-us/frostarmada-forest-blizzard-dns-hijacki…

DNS-OARC has officially moved from #GitHub to #Codeberg.
This seems mildly noteworthy to me. They have a number of widely used DNS-related utilities and projects that had been on GitHub for many years.

Moving my primary domain somebits.com from Porkbun for DNS and Google for mail forwarding to Cloudflare for both. First time using Cloudflare and so far it's a good experience. I'm hoping their mail forwarding works more reliably than Google's: Google's own servers keep blocking mail it forwards to itself as spam.

This was tricky but not impossible
Block all ads on Android without root and without VPN
#Android #AdBlock
https://github.com/eyalm2000/…

*sigh* it's always #DNS. It seems that my #turris has become a DNS memory hole again and just fails to fetch A records that it definitely should. Of all the components on it the #knot

Russland hat am 10. Februar 2026 die Domains von WhatsApp, YouTube, Facebook, Instagram und weitere westliche Diensten aus dem nationalen Domain-Name-System entfernt #Russland #dns #WhatsApp

Justice Department Conducts Court-Authorized Disruption of DNS Hijacking Network Controlled by a Russian Military Intelligence Unit (US Department of Justice)
https://www.justice.gov/opa/pr/justice-department-conducts-court-authorized-disruption-dns-hijacking-network-controlled
http://www.memeorandum.com/260408/p33#a260408p33

from my link log —
Understanding systemd-resolved, split DNS, and VPN configuration.
https://blogs.gnome.org/mcatanzaro/2020/12/17/understanding-systemd-resolved-split-dns-and-vpn-configuration/
saved 2020-1…

I'm sure there are some caveats about interpreting the pretty picture and data this way, but a neat visualization just the same.
"A map of all ~2,100 Swiss municipalities showing which provider handles their official email - grouped by jurisdiction - based on public DNS records."
https://mxmap.ch/

Migracja na NixOs trwa... Serwery domowe poszły, jeden z trzech VPS też. Teraz na tapecie mam ten serwer, na którym działa pleroma - więc może różnie być. Mam snapshota, najwyżej się przywróci.

Swoją drogą oszalałem chyba i zahostowałem swój własny authoritative DNS na "knot" dns - bardzo przyjemny program.

Wpisy DNS zarządzam sobie w pliczku tekstowym, a letsencrypt po rfc-2136 (klucz do autoryzacji). Fallback, żeby wszystko śmigało, jest na hostingu 1984 - tam po dodan…

What came first: the CNAME or the A record?
https://blog.cloudflare.com/cname-a-record-order-dns-standards/

»Cloudflare zu Rekordstrafe verurteilt - das DNS als Zensur-Instrument:
Die italienische Regulierungsbehörde AGCOM hat @… mit einer Rekordstrafe überzogen, weil deren DNS Piratenseiten nicht blockiert«
Dies ist kritisch zu betrachten und doch ist im "offenen" Web einiges sehr umstritten. Was Piratenseiten sind oder nicht müssen wir uns nicht…

Hey @…
I want to migrate my email to you. My plan was
1. Set up hosting with you
2. Move the contents of my IMAP folders over
3. Point my MX records at you on the old DNS provider
4. Let everything stabilise
5. Transfer the domain to you and point the MX records at you from you.
Is that sensible? I've got as far…

Österreichische Netzbetreiber sperren bei ihren #DNS bestimmte Domains auf Begehren behaupteter Rechteinhaber. Die Regulierunsbehörde hat überprüft, ob das rechtens ist, und ist Ende 2024 zu dem Schluss gekommen, dass die
"vorgenommenen DNS-Zugangssperren zu den Domains
„megakino.rip“, „megakino.biz“, „megakino.ink“, „megakino.men“, „megakino.me“ und
„megakino.ws“ keinen Verstoß…

Dang, the cyber news keeps coming on strong today.
The US Justice Department said ‌ it carried out a court-authorized disruption of a DNS ​hijacking network controlled by ​Russia's ​Main Intelligence Directorate of the ​General Staff (GRU) Military Unit 26165.

Don't buy the “domain e-mail” subscription from #Strato.de:
➡️ They disallow you to use their mail server (which you pay for!) if you choose to use a third-party name server.
➡️ Also, you can't set a custom TTL for your DNS records (at least I found no such option).
➡️ Recently, their customer login was unavailable for hours (so it was impossible to modify any DNS set…

The Pi-hole® is a #DNS sinkhole that protects your devices from unwanted content, without installing any client-side software
https://pi-hole.net/

okay, can people help me find things please? /nm
i SWEAR there was some sort of open-source, collaborative DNS service (possibly endorsed by @…?) but i CANNOT find any trace of it for the LIFE of me and i would really like to try it out :P

from my link log —
The case of the missing DNS packets.
https://cloud.google.com/blog/topics/inside-google-cloud/google-cloud-support-engineer-solves-a-tough-dns-case
saved 2020-05-13

What are people delegating their isnic (.is) domains to these days? I’ve been using x.is DNS but apparently that’s going away. I’m going to switch to Cloudflare’s free DNS but would love to hear of any better/different options.

Weekend Reads
* FreeBSD and TCP reordering
https://freebsdfoundation.org/wp-content/uploads/2026/04/stewart-adventures.pdf
* NTP Pool DNS geoloc tampering

TIL that you can store WiFi Credentials on an NFC tag and people can scan this tag to connect to your WiFi. https://mdias.info/posts/a-geeks-approach-to-guest-wifi/
...on Android. iOS does not support this, it seems. 😩
Also, I felt like I had found a kindred spirit …

WriteFreely.pl nie działa bo jest w trakcie migracji, także uspokajam i proszę o cierpliwość, bo grzebanie w DNS to nigdy 5-minutowa robota :(

Noch ein paar der zuletzt hier besonders häufig geteilten #News:
Pi-hole: Update schließt Sicherheitslücken und liefert mehr Performance

Gibt es eigentlich irgendeinen DNS-ANbieter, der wie Cloudflare CNAME-Einträge auf den Domainnamen selbst zulässt bzw. diese (wie bei Cloudflare) dynamisch in reguläre Eintrage übersetzt?

MS365 email cannot achieve “four nines” availability for 2026.
They’ve been down for long enough today that they’re more than halfway to losing the third 9. It's DNS.
The biggest mail system I help manage had NO unplanned downtime in 2025 & the planned downtime (kernel updates) was less than 0.004%
The biggest DNS environment I help manage has had 100% availability for >5y. It has NEVER returned SERVFAIL for a valid name.
Sadly, I do not scale. And I am o…

my workadventure.re google chrome app did not load today. If this happens to you as well, you need to flush/reset the Chrome DNS Cache or use another browser. ;) #TIL #DNS #Cache

Weekend Reads
* DNS parser overflow in Zephyr
https://www.0xkato.xyz/CVE-2026-1678-DNS-Parser-Overflow-in-Zephyr/
* Telegram bots measurement survey

The rls.social instance has been moved to a server that I manage. What could possibly go wrong.
There might be some hiccups. DNS changing, the cached media was not copied, and Elasticsearch is still doing it's thing.
Outgoing email goes through another provider, it seems to work 😃
This should be much more sustainable money wise.

Yay, my bluesky domain handle now pass verification for both DNS and HTTP https://bsky-debug.app/handle?handle=rmendes.net

You'd think that Gracenote must be one of the oldest APIs still working but there's basic Internet protocols that are way older, like NTP or DNS

DNS-Eintrag für #Wordpress gäbe. Ich habe so das leichte Gefühl, dass nicht

moved dns hosting for trunk.lol from DME to porkbun (free), lmk if you see any issues.

@… Nice! Keeping two DNS "servers" up and running. One on the cluster, and one in a Pi in case I fuck up the cluster, or have to reinstall it for some reason. @…

@why_not@mastodon.social ich finde die vorstellung, dass, sagen wir 33,34% der Bevölkerung [Deutschlands|EU|Europas|des Westens|der Industrienationen|der demokratidchen Staaten|des globalen Nordens] bereit sein könnte wegen was-auch-immer Alphabet, Amazon und Microsoft zu boykottieren bizarr. Teilweise unmöglich. Alphabet bietet DNS 8.8.8.8 und 8.8.4.4 und das pandemie-traceing-network an. https://mamot.fr/@Khrys/116034466199737167

@why_not@mastodon.social ich finde die vorstellung, dass, sagen wir 33,34% der Bevölkerung [Deutschlands|EU|Europas|des Westens|der Industrienationen|der demokratidchen Staaten|des globalen Nordens] bereit sein könnte wegen was-auch-immer Alphabet, Amazon und Microsoft zu boykottieren bizarr. Teilweise unmöglich. Alphabet bietet DNS 8.8.8.8 und 8.8.4.4 und das pandemie-traceing-network an. https://mamot.fr/@Khrys/116034466199737167

RE: https://mstdn.social/@inecas/116125098722422939
PSA: All the thi.ng subdomains should be working again. I upgraded Caddy yesterday and together with the recent DNS handling changes on Hetzner, Let's Encrypt challenges stopped working. All fixed again n…

:dns:

🇵🇸 @small-tech/cross-platform-hostname module deprecated
https://www.npmjs.com/package/@small-tech/cross-platform-hostname
The release of version 1.1.0 deprecates and removes support for this small module that normalised hostname reporting between Linux/mac…

Wer kennt einen kompetenten CH-Provider, der mir nicht ohne Info an mich den Webserver abschaltet und den DNS-Eintrag mit einer TTL von 24h auf 127.0.0.1 setzt, weil Bots (Petalbot und ahref-Bot) so viele meiner statischen Webseiten abrufen, dass der von mehreren Kunden genutzte Server abraucht?
(Technische) Details der Story: …

Cloudflare says it has appealed the €14.2M fine issued by Italy for refusing to block pirate sites on its 1.1.1.1 DNS service, calling the amount "staggering" (Jon Brodkin/Ars Technica)
https://arstechnica.com/tech-policy/20

Today I learned how to use socat to pipe IPv4 traffic to my #homelab that's accessible only over IPv6 (thanks 1&1 and DS-Lite).
Set the DNS A record to a VPS I already have, spin up a reverse proxy on the VPS via docker, point the right domains to a socat docker container which TCP6's the IPv4 traffic the right way. Don't forget to add an IPv6 network to the socat container. Done.

from my link log —
DINR2020: DNS and Internet Naming Research Directions workshop.
https://ant.isi.edu/events/dinr2020/index.html
saved 2020-07-28 http…

"Security Vulnerabilities in RFC 8484 - DNS Queries over HTTPS (DoH)"
#DNS

Einige der zuletzt hier besonders häufig geteilten #News:
Pi-hole: Update schließt Sicherheitslücken und liefert mehr Performance

Whoops, MullvadVPN DNS blocker for social media also blocks my own Mastodon instance 😳

Cloudflare says it has appealed the €14.2M fine issued by Italy for refusing to block pirate sites on its 1.1.1.1 DNS service, calling the amount "staggering" (Jon Brodkin/Ars Technica)
https://arstechnica.com/tech-policy/20

What? No discussion of the #Microsoft email outage? Surely someone will bring out the DNS Haiku. #outage

Seems like this could be useful for some #Selfhosted / #HomeLab folks. https://m.vinduv.app/@VinDuv/115940541

RE: https://infosec.exchange/@josephcox/116165631106678137
I am never regretful about my 30 year commitment to never clicking on any online advertisement.
Nor my more recent adoption of DNS-based ad blocking of a couple thousand ad-related hostna…

Sounds like Google Workspace isn't going to support DNS-based Authentication of Named Entities. https://support.google.com/a/thread/327751597/feature-request-for-support-of-rfc-7671?hl=en

Mañana miraré a ver si puedo acelerar lo del DNS. De momento mi web ha muerto. Si la cosa se alarga veré si cambio de dominio o qué hago.

Are you doing something interesting with #DNS #security, #DNSSEC, routing security, or other forms of #Internet

@… @… FWIW if you put two DNS servers in the list you provide the through DHCP; Not all gizmos will use both of them

support for DNS-over-TCP has been explicitly necessary since 2010
it's irritating that we still have to keep explaining this https://lobste.rs/c/hatmxu

RE: https://mastodon.social/@pid_eins/116198551587107672
Net and cloud people, this imay be worth a look? Some hard-coded net resources, temp server listeners, and DNS juju going on here it looks like.

A pretty significant change in resolver behavior is proceeding:
"[...] BIND 9 is switching to a parent-centric model of delegations. [...] The NS records in the child domain will be treated as normal DNS records and returned as authoritative data, but they will no longer overwrite the delegation data for the domain."
…

from my link log —
Using nsnotifyd with a PowerDNS secondary.
https://blog.feld.me/posts/2026/02/nsnotifyd-with-powerdns-secondary/
saved 2026-02-23

Próbuję się ostatnio zde-cloudflare-ować i ile to wymaga energii...

- CDN DNS - bunny.net
- hosting stron statycznych statichost.eu
- rejestracja domen - infomaniak.com

Jeszcze docelowo s3 sobie wyniosę z b2, ale krok po kroku... Analytics mam już swoje na plausible selfhostowane i go użyje zamiast statystyk z cloudflarea.

Dużym plusem…

Metacurity operates beyond the infosec news echo chamber to unearth sources and stories that the big guys overlook.
Check out today's issue for infosec developments you might have missed over the weekend, including
--Pentagon challenges Anthropic over mass surveillance, autonomous weapons curbs,
--UK moves to tighten online safety laws after xAI's Grok debacle,
--Iran is spying on and retaliating against protestors,
--DHS is seeking to spy on anti-ICE soc…

Yesterday, I managed to 1) install #PiHole on a #RaspberryPi behind in my #Tailscale mesh and configure the #DNS to…

Weekend Reads
* Building a BGP map
https://kmcd.dev/posts/live-internet-map/
* Measuring DNS over IPv6
https://www.

from my link log —
Internet world despairs as non-profit .org sold for $$$$ to private equity firm.
https://www.theregister.co.uk/2019/11/20/org_registry_sale_shambles/
saved 2019-11-23

RE: https://mamot.fr/@pluralistic/116131852300784377

Offensichtlich wurde das Root-DNS-Server-Problem gelöst und wir sind jetzt im nachamerikanischen Internet. Schön zu hören.

RE: https://mamot.fr/@pluralistic/116131852300784377

Offensichtlich wurde das Root-DNS-Server-Problem gelöst und wir sind jetzt im nachamerikanischen Internet. Schön zu hören.

The answer was frightening:
DNS was hacked to point the base domain as a cname to (some ID) dot beta dot supersonic dot AI
We weren't looking at our site at all. Fortunately the idiots were misconfigured so didn't receive the emails all week.

from my link log —
NIST SP 800-81r3: secure domain name system (DNS) deployment guide.
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-81r3.pdf
saved 2026-03-28

from my link log —
Gonemaster: a Golang clone of the Zonemaster DNS checker.
https://codeberg.org/pawal/gonemaster
saved 2026-01-26 https://dotat.…

uploaded a first repo to codeberg, since i have been hacking on it and it's one of the ones i mirror to github
https://codeberg.org/fanf/nsnotifyd
it's so fast compared to microsoft github!

it is always something. On the heels of DNS disaster, #Emacs takes over. I just wanted to open a new #orgroam notes template, I do C-c n i and give it a name, then select n)otes and …
invalid function 'org-element-with-disabled-cache'
at 1:30am, a puzzle for another day

Weekend Reads
* Secure DNS deployment guide
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-81r3.pdf
* Domain name renewals across ccTLDs

Reading algorithmic feeds is a crazy thing to do: abandoning control over your own influences to a robot programmed by advertisers to manipulate you?
Madness.
I will not allow a robot programmed by advertisers and surveillance capitalists to determine what I read.
I don’t read any robo-feeds and don’t recommend anyone else does.
But people do:
Top five highest reaching smart phone apps:
All designed to harvest data from your phone, three of them owned by one creepy billionaire, and most people use them by looking at a robo-feed suggesting to them what to read and watch or filter.
I don’t use any of them.
I watch some Youtube, but not though their app. Uninstalled that from my phone as soon as I got it. It’s an awful downgrade of just playing in a browser page. I subscribe to some channels there in my RSS reader like a boss. Never watch what their recommendation algorithms suggests.
I tell them what I want to watch, I don’t let them tell ME what to watch, and frankly I wish all those videographers would start a peertube instance or something instead of posting their work on a corporate surveillance site.
I say you should avoid that algorithm stuff, it’s crazy manipulative.
But people should be free to do what they want.
I’m free to block Facebook! And I do: and I encourage everyone else to do so too.
Edit your DNS, block their domain names. Do it.
But if governments or corporations have the power to mandate those choices for everyone, it will go badly.
Prohibitions always do.

Weekend Reads
* 5G in Latin America
https://www.ookla.com/articles/5g-in-latin-america-pockets-of-progress
* Evaluating DNS resiliency

In the context of a CPanel Softaculous-installed Nextcloud, what could it possibly mean that, regardless how I set the certificate through #CPanel, ak.modusresearch.com returns with the following clearly bogus certificate:
Common Name: #Kubernetes #Ingress Controller Fake Certificate
Organization: #AcmeCo
Not Before: Sat, 28 Feb 2026 15:37:53 GMT ?????
DNS Name: ingress.local
In what sort of twisted Universe would supplying such a thing make sense? Also interesting is the Not Before which was pretty much the moment I requested the page, but gave the same when asked an hour later.