SSHFP records

I hate getting this prompt:

If you see it often enough you probably ignore it – it then loses its purpose if you find yourself blindly typing yes. SSHFP records stop that happening. As I secure my DNS zone with DNSSEC already I think this is an acceptable way of verifying the host at […]

Unbound Caching Nameserver

I have added an article to my wiki covering setup of Unbound as a cache name server. This includes DNSSEC support as well as IPv6 support. If it is a busy name server it may need to be tweaked for performance, see the performance section of my wiki above and the Unbound website.

PowerDNS Authoritative DNSSEC MySQL

I have added an article to my Wiki covering setup of PowerDNS with MySQL as well as enabling DNSSEC. I highly recommend using the MySQL database with replication (or even Percona XtraDB Cluster) as you will get a few nice advantages: Instant updates – no waiting for zone transfers Zone deletion works perfectly – you […]