For servers that do not accept mail, there's "null MX". See RFC 7505.
posted at: 22:09 | path: /configuration | permanent link
RFC 8482 deprecates DNS ANY queries. These were mostly used for debugging, i.e. retrieving all information for a domain. DNS server now just respond with HINFO "RFC8482" ""
in the CPU and OS field of the HINFO response to indicate that information has been suppressed.
See also Cloudflare blog on this topic.
And the (hard to come by) configuration for bind9 is (tada!):
minimal-any yes;Use
dig +tcp
to get a full response (see here).
posted at: 10:24 | path: /configuration | permanent link
Another nice article showing off DNSSEC strength...
Generate SSHFP DNS records for by host (pmeerw.net):
$ ssh-keygen -r @ @ IN SSHFP 1 1 3b00267ed86c211026e6d8b8eb5d9a7d9e51cf7d @ IN SSHFP 1 2 189d464e8a13d2df66d882afdcb4220fb281ba1f19eda96aa35bf1a50188b0a7 @ IN SSHFP 2 1 adb06e3c4de279d2338bbec35a9a64c8661fb431 @ IN SSHFP 2 2 50e72d460ea86ad416b74b71f9b0c948bf42004ebf730290eff9d43fea9545a6 @ IN SSHFP 3 1 aaa45514f6bd534448ab7f09842fe1e13c269142 @ IN SSHFP 3 2 cc68f391aea002966cc3d7e84ce41dc73d4cfb6c2381e5b665f26603f8317dd3 @ IN SSHFP 4 1 7482ed5e3e6621978bd0bbd61f6b9740dcef252c @ IN SSHFP 4 2 eb77b6f29bee067d6524459e4cfc696881bd70908d514be682cb068746729594
SSH can silently connect to an SSH server (without asking to verify the host fingerprint!) if VerifyHostKeyDNS
is enabled: ssh -o VerifyHostKeyDNS=yes pmeerw@pmeerw.net
.
posted at: 22:58 | path: /configuration | permanent link
RFC7929 describes a way to put OpenPGP public keys into DNS using DANE. Here's an article which I shamelessly condense here...
There is a DNS resource record that stores the complete public key. I'm using ECC to bring down key size. It looks like this:
c746aa6d791946caf1aade6dc6c5e720e6e79d650e5b882dc11a2078._openpgpkey.pmeerw.net. IN OPENPGPKEY ( mDMEY54vtRYJKwYBBAHaRw8BAQdAmhK78RNv+Azsrrcgnb4Ijf4JwEOfHM8D paY2yy1w0oG0KlBldGVyIE1lZXJ3YWxkLVN0YWRsZXIgPHBtZWVyd0BwbWVl cncubmV0PoiQBBMWCAA4FiEE5u5nS8lBNCYy5igrw5J6UWK+XtEFAmOeL7UC GwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQw5J6UWK+XtE+dAD/dZAp If2WWK2fAQgGIxOepBr6Nj2g6Z78W25wyYiSxvIA/1VtCuCsveRGmKZ0wnuQ kJP4z3v+r/XdjRJeingYSnsKuDgEY54vtRIKKwYBBAGXVQEFAQEHQPCrzg3G IRhYWFdUkps1DSqmLEZ5xQX6D96jYpq28Lp1AwEIB4h4BBgWCAAgFiEE5u5n S8lBNCYy5igrw5J6UWK+XtEFAmOeL7UCGwwACgkQw5J6UWK+XtGQyQD/RD1d zIk/Kjnb1yKcW+GAIHkpahgEQzpk7Bcxk38ReaAA/j2ZoXGMeMNVlJdOIv7d gr/Hw9ygwxInPg9Nth2wpKoB )The name part is the SHA-256 hash of "pmeerw". You can use the command
openpgpkey --create pmeerw@pmeerw.net
to create the record (install the Debian/Ubuntu hash-slinger
package).
Try openpgpkey.info to query a PGP public key!
posted at: 22:49 | path: /configuration | permanent link
Open Graph meta tags allow a web page to be interpreted/rendered nicely by social media platform, such as Twitter, Facebook (who originally created it), etc.
It's as simple as putting some <meta property="og:xxx" content="..."/>
in the <head>
of an HTML page, where xxx
can be
title
, type
, description
, image
, etc.
https://www.opengraph.xyz is really useful for checking, previewing and generating Open Graph meta tags, thanks to Duncan for pointing out!
Another proposal to add information to web pages is JSON for Linking Data (JSON-LD). Here the focus is on machine-readable meta data for a person, place, event, product, recipe, etc. Yet another is Twitter Cards.
posted at: 22:05 | path: /configuration | permanent link