Thinking of moving my domains' DNS hosting to deSEC at https://desec.io. They require enabling #DNSSEC. Any reasons this a bad idea? #DNS.

Yesterday I started testing the #DNS4EU servers on my #pihole regarding ad blocking and child protection. Seems to work well so far after using it through the day.

https://www.joindns4.eu/learn/dns4eu-public-service-launched

Then I stumbled over the article below. I definitely need to look into the details myself.

https://cybernews.com/security/european-independent-dns-relies-on-cloudflare-google/

What‘s your thoughts on this? Is it a usable alternative?

#dns #dns4eu #dnssec #dataprivacy

Protect your financial institution’s reputation and customer trust. Choose DNSimple for your .BANK domain hosting.

🔐 Help your customers bank securely
⛔ Eliminate spam and phishing
📈 Enhance your brand with new opportunities

DNSimple's managed #DNS service is fully compliant with all .BANK security requirements. Including #DNSSEC, multi-factor authentication, strong encryption, and #DDoS protection.

PowerDNS Recursor 5.3.0-alpha1 Released
https://blog.powerdns.com/powerdns-recursor-5.3.0-alpha1-released
#dns #dnssec

New zone signing key added to root. Verisign's DNZviz had trouble getting TCP responses at this time.

https://dnsviz.net/d/root/aFUQrA/dnssec/?rr=all&a=all&ds=all&doe=on&ta=.&tk=

Everything ok now.

https://dnsviz.net/d/root/aFXu9Q/dnssec/
#dns #dnssec

First beta of PowerDNS DNSdist 2.0.0 Released
https://blog.powerdns.com/2025/06/20/first-beta-release-of-powerdns-dnsdist-2.0.0
#dns #dnssec

🌖 DNSSEC 101：我們為什麼需要 DNSSEC？
➤ 保護網路根基：DNSSEC 的重要性
✤ https://howdnssec.works/why-do-we-need-dnssec/
DNS（網域名稱系統）最初設計時未將安全性納入考量，容易受到篡改。DNSSEC（網域名稱系統安全延伸）正是在此背景下應運而生的，它透過驗證 DNS 回應的真實性，確保使用者能正確連接到目標網站，並防止惡意重導。雖然 DNSSEC 不像 HTTPS 那樣提供加密功能，但它能偵測 DNS 資料是否被竄改。
+ 聽起來 DNSSEC 就像是網路世界的身份證，可以驗證網站的真偽，讓人更安心上網！
+ 以前總覺得 DNS 只是個電話簿，沒想到它其實也需要安全防護，DNSSEC 真是個重要的技術。
#網路安全 #DNS #DNSSEC

🌮 A taco explains how DNSSEC works! via @trusty #taco #dnssec https://howdnssec.works

Ah, DNSSEC—the digital equivalent of locking the barn door after the data has bolted 🐎🔒. Who knew securing a system designed with all the foresight of a toddler with a crayon could be so "urgent"? 😂 Clearly, the internet was built on trust, much like a pyramid scheme but with fewer yachts. 🛥️
https://howdnssec.works/why-do-we-need-dnssec/ #DNSSEC #internetsecurity #cybersecurity #humor #trustissues #HackerNews #ngated

Why do we need DNSSEC?

https://howdnssec.works/why-do-we-need-dnssec/

#HackerNews #DNSSEC #Importance #Internet #Security #Cybersecurity #Online #Safety #Domain #Protection

Mongolia's IDN TLD, мон., just switched from the very old algorithm 5 (RSA-SHA1) to elliptic curves \o/

#DNSSEC

https://mastodns.net/@diffroot/114706421942644891

Identity digital rolling keys after delegation change. There’s no going back now.
#dns #dnssec
https://mastodns.net/@diffroot/114700759330727364

#DNS #DNSSEC Le Gabon est désormais signé.
https://dnsviz.net/d/www.nic.ga/aFFxSw/dnssec/

And we're also looking for a Go dev!

https://careers.open-xchange.com/job/The-Hague-Software-Developer-PowerDNS-%28Go%29-%28mfd%29/1163574455/

#dns #dnssec #getfedihired

also available in English:
Extended DNS Errors used in DNS software and services -- Modern, standardised function call for user applications still needed
https://www.sidn.nl/en/news-and-blogs/extended-dns-errors-used-in-dns-software-and-services

The Extended DNS Errors (EDE) introduced by RFC 8914 seem to be a useful addition to the DNS protocol.
However, there’s still a need for a new or extended function call to enable (stub) resolvers to relay EDE error codes to user applications that send them queries.

#DNS #DNSSEC

op SIDN.nl:
Extended DNS Errors vinden toepassing in DNS-software en -diensten -- Moderne, gestandaardiseerde functie-call voor gebruikersapplicaties ontbreekt nog
https://www.sidn.nl/nieuws-en-blogs/extended-dns-errors-vinden-toepassing-in-dns-software-en-diensten

De Extended DNS Errors (EDE) die RFC 8914 introduceerde blijken een belangrijke toevoeging aan het DNS-protocol.
Wat nog ontbreekt is een nieuwe of uitgebreide functie-call waarmee (stub) resolvers EDE-foutcodes aan hun aanroepende gebruikersapplicatie kunnen doorgeven.

#DNS #DNSSEC

I've noticed that in recent days the `LI` domain has crept up over 10% errors when querying signed domains. It's about 10.2% which is significantly higher than other Top Level Domains
It isnt in my top ten list so I don't publish the results on my report page. I have the data tho.

If you're associated with the TLD I'd love to hear if you have any thoughts on why.

https://kalfeher.com/analysis/cds-charts/#7-dns-connection-error-rate-per-tld

#dns #dnssec

And yes, it works! Here are #DNSSEC keys in the YubiHSM, created via PKCS#11 using kmip2pkcs11 with KMIP queries sent by domain KMIP key code.

The goal for this approach is to shield an application against an untrusted PKCS#11 library.

#DNS #OpenSource #rustlang.

Little Friday shout-out to @andreas for setting us up with a YubiHSM so we can test our KMIP and PKCS#11 code for our #DNSSEC signer Nameshed. 💚 Thanks a lot for supporting #OpenSource! #DNS #rustlang https://github.com/NLnetLabs/kmip2pkcs11

Yes! I have #dnssec working, based on a manually configured DS/DNSKEY-record in my TLD-zone! All other #dns records managed through #desec nameservers which I can highly recommend.