• 1 Post
  • 98 Comments
Joined 1 year ago
cake
Cake day: June 14th, 2023

help-circle














  • You need to include the files in the zone file. Bind 9.18.18 is a mess with the changed DNSSEC setup, it broke my domains as well. I’t isn the bind documentation, so I have to refer you there. I have no access to my setup now (or my browser history) as I’m not at my computer.

    Edit: managed to get in dns.

    named.conf.local: zonefile needa to be the .signed file the unsigned zone file must have both keys included, best is via absolute path:

    $INCLUDE "/etc/bind/keys/example.com.123456.key"
    

    for both the ZSK and KSK keys. The include is to get the RRSIG entries.


  • I’ve setup my email via a VPN to my own server.

    • DNS, mail, business web, cusromer web on VPSes (2, 1 primary, 1 secondary DNS only)
    • Personal email, incoming and outgoing via VPS, personal websites (all static) on local system (RPi 4 8GB)

    This gives the advantage that your outgoing email always comes from the VPS ip address (pick a VPS provider that is trusted) and when your line is down, incoming email is cached on your VPS. It’s a tad of double work, but pretty secure. Even connecting to my employer to work from home is not a big issue. (and that connection is limited to it’s own vlan)

    Also, with this method, you can route the mail into your network via port 26 when 25 is blocked or even set an outgoing vpn to your VPS and route the email that way. You’ll be provider independent at home. (I even have a private ipv6 /48 via a tunnel broker)

    You’ll need to work a lot on your knowledge though, without DNSSEC, SPF, DKIM and DMARC the big 2 (Google and hotmail) will refuse your email.





  • TheInsane42@lemmy.worldtoAndroid@lemmy.worldWhat happened to APKPure?
    link
    fedilink
    English
    arrow-up
    4
    ·
    edit-2
    10 months ago

    I get DNS errors on apkpure. I got the same on my own domains when bind changed how you need to setup dnssec, or finally depricated a very old method for DNSSEC. (I ssetup DNSSEC a long time ago) This invallidated my domains as they were unsigned. It looks like this. I need to check dns logs, but it looks the same as a dns outage.