DNSSEC + DANE: Part 2

Setting up DNSSEC + DANE ( + SSHFP ) Assuming you’ve been convinced that it’s a good idea to set up DNSSEC and DANE, the point of this article is to demonstrate how I did it for my own domain - the individual steps to get from nothing to valid DANE records weren’t very difficult; just not documented in a recipe-style guide anywhere. Hopefully, this will help you get set up.

Read More

DNSSEC + DANE: Part 1

Problem Communications on the Internet overwhelmingly rely on SSL/TLS for protection. There are two forms of protection this is meant to provide - from snooping of traffic, and from impersonation. The first of those gets a lot of attention but, unless we have the latter as well, an attacker can snoop on your traffic by performing a man-in-the-middle attack on you with a dodgy certificate. Unfortunately, the current method of providing protection-from-impersonation is terrible.

Read More