Enabling DNSSEC on Debian and Ubuntu (with systemd-resolved)

Using systemd-resolved opens up some options that may be easier to configure then in the past. Enabling DNSSEC: systemd-resolve –status look for “DNSSEC setting: no” sudo mkdir -p /etc/systemd/resolved.conf.d sudo nano /etc/systemd/resolved.conf.d/dnssec.conf enter: [Resolve] DNSSEC=true sudo systemctl restart systemd-resolved systemd-resolve –status look for “DNSSEC setting: yes”

Some Ubuntu 18.04 problems fixed today

I’ve drafted but not published a long list of problems I’ve experienced with Ubuntu 18.04. In short it’s been one of the worst desktop releases of Ubuntu I’ve used. My experience on servers has been fine. Anyway I haven’t looked into the details of these patches but: libwebkit2gtk-4.0-37:amd64 (2.22.6-0ubuntu0.18.04.1) libjavascriptcoregtk-4.0-18:amd64 (2.22.6-0ubuntu0.18.04.1) These package releases seem …

Continue reading ‘Some Ubuntu 18.04 problems fixed today’ »

Firefox Monitor

I’m quite happy with my initial use of Firefox Monitor. I’ve recommended it to family, friend, co-workers. I recommend signing up for continuous monitoring. Anyone who has had a password compromise should consider that password and permutations there-of to be public knowledge. https://monitor.firefox.com/ For me the near constant data breaches we’ve seen in recent months …

Continue reading ‘Firefox Monitor’ »

Blocking Countries By IP

This is not exactly the best strategy given that malicious actors probably have access to IP addresses from other countries. I was asked to research this and this is what I found. Major IP Addresses Blocks By Country Block Visitors by Country Using Firewall https://www.countryipblocks.net/country_selection.php 8 Ways to Block Visitors to Your Website by Country …

Continue reading ‘Blocking Countries By IP’ »

MTA for linux systems

I’ve mostly been using msmtp as a mail transport agent on my linux systems but I wanted to review what was available: nullmailer – 2.1 released 2017-Oct, nullmailer on github msmtp: 1.6.6 released 2016-Nov, msmtp on sourceforge dma – 0.11 released 2016-Feb, dma on github ssmtp – unmaintained esmtp – unmaintained My preference is something hosted on github …

Continue reading ‘MTA for linux systems’ »

Amazon’s new TLS library

s2n source s2n announcement I’m liking what I see, good design principles, aiming for simplicity and reviewability. I would not be surprised to see this become a huge success as people eschew the extra functionality of OpenSSL (and others) in favor of software with less security risk. Amazon’s backing is likely to propel s2n over …

Continue reading ‘Amazon’s new TLS library’ »