Mastodawn

Numerous technical and security improvements on the infrastructure that supports https://mstdn.dk

DNS simplified extensively by migrating public facing secondary nameservers to #NSD using #CatalogZones from PowerDNS + DNSDist.
#DNSSEC reenabled
#ExternalDNS and #CertManager configuration vastly simplified.
#Ingress controller migrated from #Nginx to #Traefik

Bottom line: https://sikkerpånettet.dk/ now gives the site a 100% #security score. There are still improvements to be made (weirdly enough) - specifically I'm looking into supporting DANE for #TLS certificate signatures in #DNS.

Now that's off the TODO-list :-)

#mstdndk

mstdn.dk

Just your average friendly Danish Mastodon server. New users tooting in Danish/English welcome. Administered from Denmark. Hosted on bare-metal Kubernetes in the EU.

Mastodon hosted on mstdn.dk

Saustrup Apr 19

I run my own #nameservers or #DNS if you will, and have done so for over 25 years. Initially based on #BIND (aka named) but I later moved to #PowerDNS, There are numerous frontends of varying quality available for PowerDNS. I have opinions on those, but this isn't about them.

For the secondary name servers (in the old and less enlightened days known as slaves) I've always run the same software as the primary. First BIND, then PowerDNS. Recently though, I've been testing out what appears to be a much simpler alternative: #NSD by #Amsterdam based NLnet Labs.

Using #CatalogZones - a new concept to me - I'm able to run secondaries with TSIG notifies and zone transfers as well as fully supported primary signed DNSSEC with a configuration of only 40 lines. No updates needed when adding or removing zones.

For this to work well though, some configuration is required for each zone on the primary. With a little trigger and function magic, this can be automized by the database.

Wheee!

radhitya / al1r4d Apr 19

I write a blog post: https://laskarnix.org/dns-server-with-nsd-on-debian-linux/

#nsd #dns #dnsserver #linux #debian #selfhosting #blogging

DNS Server With nsd on Debian Linux - Laskarnix

Big Fl👀f is watching you.Mar 30

Running #OpenBSD 7.8

DNS: #nsd (3 Master Zones), #DNSSEC & #DANE (RFC6698) + #unbound
Firewall: #pf with auto-fed tables (IPS-style), spambot-tarpitting & service rate limits.
Mail: #smtpd (Multi-domain, RFC8461/MTA-STS) + #rspamd (DKIM) + #dovecot (IMAPS-only).
Spam-Defense: #spamd with auto-SPF-walk (no more greylisting issues).
Web: #relayd (TLS-Terminator, HSTS, CSP) + #httpd (NIP-05, Autoconfig, security.txt).
Performance: Lightweight "Fail2Ban" via 1-liner shell script (No Python crap!).

#Nostr Relay in Rust building...

#SelfHosted #SysAdmin #Security #Privacy

0ct0pu5 Mar 28

I am searching for a script to handle #NSD #DNS #web interface. Has anyone come across something similar?

Sickcans Mar 8

rustig aan weer wat plaatjes hier plaatsen, hou t voor nu alleen op de throwies en pieces voor de hastags.
1. #Klips
2. #Fums
3. #NSD
4. Zooitje tags in Noord
5. #PFG
6. #KW
7. #Tosok
8. #Deo42
9. #DOD

vooral Amsterdam noord, ook een paar dr buiten

#AmsterdamGraffiti #AmsterdamNoordGraffiti #Amsterdam #Graffiti #DutchGraffiti

vermaden Feb 22

New 𝗙𝗿𝗲𝗲𝗕𝗦𝗗 𝗠𝗜𝗧 𝗞𝗲𝗿𝗯𝗲𝗿𝗼𝘀 𝗦𝗲𝗿𝘃𝗲𝗿 (FreeBSD MIT Kerberos Server) article on vermaden.wordpress.com blog.

https://vermaden.wordpress.com/2026/02/22/freebsd-mit-kerberos-server/

#verblog #freebsd #mit #kerberos #dns #nsd

vermaden Feb 22

New 𝗙𝗿𝗲𝗲𝗕𝗦𝗗 𝗠𝗜𝗧 𝗞𝗲𝗿𝗯𝗲𝗿𝗼𝘀 𝗦𝗲𝗿𝘃𝗲𝗿 (FreeBSD MIT Kerberos Server) article on vermaden.wordpress.com blog.

https://vermaden.wordpress.com/2026/02/22/freebsd-mit-kerberos-server/

#verblog #freebsd #mit #kerberos #dns #nsd

Andreas Taudte Feb 9

“Private Domain Name as a Service” is a neat idea from Lutz Donnerhacke ( https://lutz.donnerhacke.de/Blog/Private-Domain-Name-as-a-Service ). In #ISP and enterprise networks, a lot of “undeliverable” traffic hits private #IPv4, and a chunk of it is #DNS to nameservers that should not be reachable.
Run a hardened authoritative DNS ( @nlnetlabs #NSD in this case ) as a catch all for served ranges and return safe localhost answers plus a clear diagnostic hint. Less noise and clearer misconfig signals.

Sean Keeler Feb 1

🏈 NEW: "What a great guy. That was cool." 🐏 Why #CSURams football coach Jim Mora hit the road to personally mend fences with Colorado prep football coaches, up now from The @DenverPost:👇

https://www.denverpost.com/2026/02/01/csu-rams-football-jim-mora-colorado-recruiting-2026/

#NCAAfootball #collegefootball #football #NCAA #Colorado #CSURams #ColoradoStateRams #ColoradoState #CSU #Rams #ProudToBe #Relentless #RamDNA #RamRush #Pac12 #Pac12football #JimMora #FoCo #FortCollins #FortFun #recruiting #NSD #NationalSigningDay #sports #news

Keeler: CSU Rams football coach Jim Mora isn’t done mending fences with Colorado high schools

CSU Rams football hasn’t produced a class with more than two in-state prep recruits since 2023. They haven’t produced one with more than seven since 2014. Here’s why Jim Mora is w…

The Denver Post