101010.pl is one of the many independent Mastodon servers you can use to participate in the fediverse.
101010.pl czyli najstarszy polski serwer Mastodon. Posiadamy wpisy do 2048 znaków.

Server stats:

485
active users

#dnssec

5 posts4 participants0 posts today

Pieces for our new #DNSSEC signer Nameshed are falling into place at a steady rate. While Ximon is working on the KMIP/PKCS#11 interface for HSMs, Philip is working on the key manager and Arya just took the first step in the UI with the configuration mechanisms:
github.com/NLnetLabs/nameshed/

Our goal is to have a proof-of-concept by the end of September, so we have something to talk about at DNS-OARC45 in October. #DNS #OpenSource #rustlang

This implements the first step in the UI for Nameshed, the configuration mechanisms.  It does not yet account for zone policy files; they will be implemented in a similar style later.


A new schem...
GitHubSet up a new configuration system by bal-e · Pull Request #13 · NLnetLabs/nameshedBy bal-e

Protect your financial institution’s reputation and customer trust. Choose DNSimple for your .BANK domain hosting.

🔐 Help your customers bank securely
⛔ Eliminate spam and phishing
📈 Enhance your brand with new opportunities

DNSimple's managed #DNS service is fully compliant with all .BANK security requirements. Including #DNSSEC, multi-factor authentication, strong encryption, and #DDoS protection.

Replied in thread

@jpmens We’d love to add more functionality to `dnst` by adding a drop-in replacement for `ldns-verify-zone` and include new functionality to make it comparable to validns, if desired.

As it stands, offering a prototype for Nameshed has our priority now, so that we can release a production grade #DNSSEC signer later in the year.

That being said, perhaps one of the developers needs to scratch an itch over the summer. 😉

#DNS #OpenSource #rustlang github.com/NLnetLabs/dnst

GitHubGitHub - NLnetLabs/dnst: A DNS administration toolbox including re-implementations of important ldns programsA DNS administration toolbox including re-implementations of important ldns programs - NLnetLabs/dnst

At the ICANN83 DNSSEC And Security Workshop, we presented the flexible key management we have designed for our new #DNSSEC signing solution Nameshed. Philip explains how we avoid loading an unknown shared library into the signer process and how we keep track of state. #DNS #OpenSource #rustlang Slides: static.sched.com/hosted_files/

Quite a number of people have asked why ‘dnst’ signs so much faster than ‘ldns’.

I should note that we didn’t have performance as an initial design goal, just compatibility. So, we haven’t fully investigated the reasons for the difference. Some running theories are:

- Though signing isn't multi-threaded yet, 'dnst’ does do multi-threaded sorting.
- ‘ldns’ does NSEC chain building while loading the zone while ‘dnst’ loads and sorts it first then does the NSEC chain
- 'dnst’ uses a sequential record store while 'ldns’ builds a tree
- ‘ldns’ may be doing more work allocating memory
- ‘dnst' can use the Rust ’ring’ crate for alg 13 signing instead of OpenSSL, which may boost performance

#DNS #DNSSEC #OpenSource #rustlang
fosstodon.org/@nlnetlabs/11463

FosstodonNLnet Labs (@nlnetlabs@fosstodon.org)‘dnst' is about twice as fast as ‘ldns’ for #DNSSEC signing. This is our result with a test zone containing about 10M RRs, and using ECDSAP256SHA256 algorithm 13. Note that for our upcoming signer-pipeline Nameshed we'll make signing multi-threaded, boosting performance even more. #DNS #OpenSource #rustlang https://blog.nlnetlabs.nl/introducing-dnst-a-dns-toolbox-for-network-operators/