In continuation to this

DLV is gone. mobi zone is not yet signed. What to do? Wait and be prepared

Wed Dec 9 23:08:21 2015

IPSec with DNSSEC v2

Back to our business. On 11 Oct a patch to enable DNSSEC protected DANE CERTs was merged to StrongSWAN's upstream so now you can have interoperability between racoon and strongswan if you need to use CERTs for easy deployment.

The approach is pretty the same, only with StrongSWAN you have additional DNSSEC validation (racoon blindly trusts underlying DNSSEC implementation).

Sat May 10 12:03:26 2014

DNS Security

I have always been adept of DJB, sharing his ideas and attitude to ISC products. I still share attitude, and I eager to support new technologies. Indeed. However DJB dns server, despite being neat, light and efficient - does not support many of new stuff. Including IPv6. And DNSSEC. Ok, I know about that amplification and other stuff, however it is here, and now, and works.

Sat Feb 12 05:34:11 2011 Upd.: Fri Aug 16 21:35:53 2013


Since future has come, we need to pace ahead and utilize its merits. One of the benefits of having DNSSEC is independence in making own certs (with DANE) and simplified roll-out of those certs (with CERT RR).

Wed Aug 14 08:43:41 2013
© ruff 2011