fsebugoutzone.org:9999

       Posts by rgacogne@mamot.fr
 (DIR) Post #APIvMRUKnyUOnilvjE by rgacogne@mamot.fr
       2022-11-05T20:02:11Z
       
       0 likes, 0 repeats
       
       @bortzmeyer One thing that is not clear to me from that draft is whether the EDNS0 Error Reporting option is supposed to be present in all responses sent by the authoritative server? If so that feels like a waste of bandwidth for an option that will only be useful if the resolver fails to validate. I would prefer the resolver to have a way to actively request the reporting information when it needs it.
       
 (DIR) Post #APIyUcPIOQp0qO0Oo4 by rgacogne@mamot.fr
       2022-11-05T20:30:53Z
       
       0 likes, 0 repeats
       
       @bortzmeyer Understood, thanks!
       
 (DIR) Post #AQnLowchVBrWj8hIqO by rgacogne@mamot.fr
       2022-12-20T10:22:39Z
       
       0 likes, 0 repeats
       
       @bortzmeyer @shaft @Oupsman Bizarre, dns.shaftinc.fr et dot.bortzmeyer.fr fonctionnent tous les deux pour moi en utilisant &quot;DNS Privé&quot; depuis Android 13. Google ne restreint pas les serveurs DoT à ma connaissance, et on a fait beaucoup de tests à ce niveau-là récemment, notamment avec &quot;Discovery of Designated Resolvers&quot;. Il serait intéressant de regarder les requêtes DNS exactes, et les réponses obtenues, avant qu&#39;Android ne décide de refuser le serveur.
       
 (DIR) Post #AQnkk8i9d663ci3Ozo by rgacogne@mamot.fr
       2022-12-20T11:03:39Z
       
       0 likes, 0 repeats
       
       @shaft @bortzmeyer @mrj @Oupsman Piste intéressante, mais si la capture tcpdump montre que l&#39;établissement de la session TLS se fait bien et que des paquets de données sont échangés par la suite, je ne suis pas persuadé que le problème vienne du coté des certificats. Cela dit TLS continuera toujours de me surprendre :-)
       
 (DIR) Post #ASR8xrRkAEewLQvxce by rgacogne@mamot.fr
       2023-02-07T12:59:05Z
       
       0 likes, 0 repeats
       
       @bortzmeyer &quot;We use an innovative implementation of EDNS Client Subnet that conceals the IP addresses of our users from authoritative nameservers.&quot; Wait, what?
       
 (DIR) Post #ASdhvKHITNGvJez65w by rgacogne@mamot.fr
       2023-02-13T14:27:18Z
       
       0 likes, 0 repeats
       
       @bortzmeyer @winfried I see that the NS and SOA types are set in the NSEC record for ip.dyn.bortzmeyer.fr present in the answer for ip.dyn.bortzmeyer.fr|A, whichs seems to indicate that ip.dyn.bortzmeyer.fr is the apex of the current zone, while the signer of the corresponding RRSIG, and the SOA record delivered in the same answer both state that the apex is at dyn.bortzmeyer.fr. PowerDNS Recursor will reject non-apex NSEC(3)s that have both the NS and SOA bits set.
       
 (DIR) Post #ASdirieW0Umjhxgkro by rgacogne@mamot.fr
       2023-02-13T14:37:54Z
       
       0 likes, 0 repeats
       
       @bortzmeyer @winfried If I remember correctly, we added it as a hardening check when making sure we were following rfc5155 section 8.9: https://www.rfc-editor.org/rfc/rfc5155.html#section-8.9
       
 (DIR) Post #ASlwMO01hJdZIdNoQq by rgacogne@mamot.fr
       2023-02-17T13:46:43Z
       
       0 likes, 0 repeats
       
       @bortzmeyer @winfried Wonderful, thank you! For completeness, having the NS bit set when not at the apex is fine, it happens for ancestor delegations, but the SOA is indeed an issue for our validator.
       
 (DIR) Post #AdTcSIf12vz079wjey by rgacogne@mamot.fr
       2024-01-03T18:12:08Z
       
       0 likes, 0 repeats
       
       @bortzmeyer @C_Chell J&#39;ai eu exactement la même chose sur deux machines de la même gamme il y a deux ans, à moins d&#39;une semaine d&#39;intervalle. Je m&#39;étais étonné sur Twitter, déclenchant l&#39;intervention du patron de l&#39;époque, sans résultat. Je soupçonne qu&#39;il n&#39;y ait aucune investigation : la machine ne démarre plus, même en recovery, on la passe en pertes et profits. Ce n&#39;est pas surprenant à ce niveau de prix mais c&#39;est rageant.
       
 (DIR) Post #Ar0Q8f04epzEWNuZyy by rgacogne@mamot.fr
       2025-02-11T10:16:55Z
       
       0 likes, 0 repeats
       
       @bortzmeyer Il faut dire qu&#39;Octave s&#39;y connaît en centre de données flambant (pas forcément) neufs.
       
 (DIR) Post #At6qWhpTzyn0jys1bM by rgacogne@mamot.fr
       2025-04-15T08:25:04Z
       
       0 likes, 0 repeats
       
       @bortzmeyer Tu vas présenter combien de RFCs ? :-)
       
 (DIR) Post #AxnzW0Fr8odSZ1OyAq by rgacogne@mamot.fr
       2025-09-02T19:26:47Z
       
       0 likes, 0 repeats
       
       @bortzmeyer @rnb Un copain en a acheté un récemment, il est en très content pour le moment.
       
 (DIR) Post #AyVVvok74CaEMhfHN2 by rgacogne@mamot.fr
       2025-09-23T19:22:34Z
       
       0 likes, 0 repeats
       
       @bortzmeyer Vu les problèmes de propriété intellectuelle, je propose le bracodage 😇
       
 (DIR) Post #B08tGiehGolKMHkdGa by rgacogne@mamot.fr
       2025-11-11T12:31:30Z
       
       0 likes, 0 repeats
       
       @Foxboron Holler if you need help 😉
       
 (DIR) Post #B0i6obFV7yHgAv5Ky0 by rgacogne@mamot.fr
       2025-11-28T16:34:13Z
       
       0 likes, 1 repeats
       
       Are other organizations still getting valuable reports on bug bounty programs? Pretty much all of the ones we have received recently at PowerDNS have turned out to be AI lies, to the point I&#39;m seriously considering shutting down our program. Legitimate researchers are almost always contacting us by other means, and I don&#39;t want to keep wasting time looking into false, impossible to reproduce reports.
       
 (DIR) Post #B2qdgPxAZMqykk5tsO by rgacogne@mamot.fr
       2026-01-31T15:25:37Z
       
       0 likes, 0 repeats
       
       Wow the #archlinux meetup room at #fosdem2026  is more than packed, very nice :archlinux: