Tootfinder

This week I have (a) enabled DNS security extensions (first documented in 1997 in RFC 2065) on a domain I control and (b) enabled IPv6 (first documented in 1995 in RFC 1883) on my home router, so I think it's time to break out "The Dream of the '90s" from Portlandia: https://youtu.be/TZt-pOc3moc…

I spent the weekend making a fun DevOps pipeline because I felt like it and am now quite pleased.
I'm hosting gitea, n8n and docker registry in my lab. I now have a webhook in gitea for certain repos so that when I push to them, it triggers n8n to pull the repo and build the dockerfile. This image is then pushed to the registry, and watchtower will pull it when it runs.
Naturally have all my own DNS things for these app web guis which go through nginx. All of this is in pro…

There's a point here, but it's really narrower than it looks.
Many individuals can self-host to a level that meets their needs. Not everyone needs anti-DDoS on their web server. Not everyone needs 10GB of space for email accessible from any device anywhere. Almost no one needs a global anycast DNS network. https://

TIL my beloved `dog` DNS client has been unmaintained for a few years and there's a community-based fork called `doge` (the name was chosen before it became a synonym for chainsaw politics): https://dog.ramfield.net

"Hackers exploit a blind spot by hiding malware inside DNS records"
Hah! I predicted years ago that attackers would leverage DNS like this!
My insistence to include DNS requests in anomaly detection and threat detection was on point 😤 so vindicated!
https://

Hackers exploit a blind spot by hiding malware inside DNS records
Technique transforms the Internet DNS into an unconventional file storage system.

And the rabbit hole starts: I had to replace my FritzVPN with Wireguard (Thanks @…, of course not Wire*shark) so that the hostname-resolution in my home network works the way I want/need --- IT'S ALWAYS DNS!!!!

from my link log —
Get the location of the ISS using DNS.
https://shkspr.mobi/blog/2025/07/get-the-location-of-the-iss-using-dns/
saved 2025-07-06

Get the location of the ISS using DNS
I love DNS esoterica. Weird little things that you can shove in the global directory to be distributed around the world instantly(ish). Domain names, like www.example.com usually resolve to servers. As much as we think of "the cloud" as being some intangible morass of ethereal Turing-machines floating in probability space, the more prosaic reality is that they're just boxen in data centres. They …

My latest piece for The Register describes my experience turning on DNS security (easy) and the overall progress on securing DNS across the Internet (poor). https://www.theregister.com/2025/07/25/systems_approach_column_dns_security/

DNS security is important but DNSSEC may be a failed experiment
Systems Approach: Nobody thinks of running a website without HTTPs. Safer DNS still seems optional

If you're using Pi-hole with Sky Broadband, you can't directly change the DNS settings for the router (in my case a Sky Hub).
However, if you save the settings as a file, edit the file to add the Pi-hole's address in the DNS field, and re-import it, it appears to work.
https://www.pistonheads.co…

Our certificate provider just told me I have to make my internal DNS server public, and share all my RFC1918 DNS enteries, otherwise they wont issue me certs. WTF is this shit? We have run split horizon for YEARS with no issues.

I'm giving up on CachyOS. Sank the rest of my evening into it, to no avail. DNS resolution is still unreliable in pacman and Firefox (and everything else) even after taking my network-local DNS server out of the chain, getting rid of systemd-resolved, and trying several different providers (quad9, Cloudflare, Google). The other ThinkPad running openSUSE is having no such issues tonight: it's CachyOS specific (since I see no evidence that it is a hardware issue - local network traffic…

Google Workspace is full of dire warnings about how you can try things but they won't work for a long time (maybe). Sometimes that's because of DNS and Internet caching problems. Sometimes it's because Google made a decision in 2001 it was OK to store data in databases that didn't commit immediately and they thought it was OK to show the user inconsistent state. Twenty-four years later that awful decision persists, even if my data doesn't.

2nd day of waking up hours before my clock because DNS server randomly decided to piss off...

I do wonder if an aspiring Cybersecurity Associate should know enough about opsec to not leave a permanent public record of them asking how to cram knowledge of entire of DNS in three days for a job interview, especially when they have chosen to have the world's most searchable identity.
https://list…

Got my first DNSSEC verified phishing email since I started logging on my personal email. So congratulations to [a foreign government's technology service] for securing DNS, and condemnation, I guess, for not securing web forms.

Alright, next step in my #OTEL adventure for @… was to add react/cache|dns|socket so I can trace any potential connection issues. Not sure yet what to do next:
* Event loop
* react/stream
* Just add tests to what you have before adding more

I've noticed a lot of sites with popups and nagware are now blocking my view of said site because I've opted not to view their ads (through Firefox settings and private DNS). This is really irritating on the phone because the nagware takes up virtually all of the screen. However, once again RemovePaywall comes to the rescue. Just pop that pesky url into RP's search bar and voila...

"I just want my life back!"
New from Chuck Tingle. This Summer don't stray too far from the standards track, lest you be…
Pounded in the Ass By the RFC Process
https://mailarchive.ietf.org/arch/msg/dane/JPY1_4_KFznrh_sAPUvQc2ig9Cs/

So @… blew my mind about how are smart TVs are spying on us with Automatic Content Recognition and other advertising profile scripts. Yikes! Thanks for the heads up!
https://youtu.b…