#Tag · bonfire.cafe

Quad9 has new DNS over HTTPS and DNS over TLS .mobileconfig profiles for iOS/MacOS for January 2026 <-> January 2027.

The previous profile expires today, January 20th.

The new .mobileconfig files now support MacOS >=26.1, which did not work with the previous (2025 -> 2026) files due to a breaking change introduced in MacOS 26.1.

Download the profiles here:
https://docs.quad9.net/Setup_Guides/iOS/iOS_14_and_later_%28Encrypted%29/

#infosec #DNS

Remember, sharing is caring!

iOS 14 and later (Encrypted) - Quad9 Documentation

Quad9DNS

@quad9dns@mastodon.social · 8 hours ago

Quad9 has new DNS over HTTPS and DNS over TLS .mobileconfig profiles for iOS/MacOS for January 2026 <-> January 2027.

The previous profile expires today, January 20th.

The new .mobileconfig files now support MacOS >=26.1, which did not work with the previous (2025 -> 2026) files due to a breaking change introduced in MacOS 26.1.

Download the profiles here:
https://docs.quad9.net/Setup_Guides/iOS/iOS_14_and_later_%28Encrypted%29/

#infosec #DNS

Remember, sharing is caring!

iOS 14 and later (Encrypted) - Quad9 Documentation

Hacker News

@h4ckernews@mastodon.social · yesterday

What came first: the CNAME or the A record?

https://blog.cloudflare.com/cname-a-record-order-dns-standards/

#HackerNews #CNAME #ARecord #DNS #DNSStandards #Cloudflare

The Cloudflare Blog

What came first- the CNAME or the A record

A recent change to 1.1.1.1 accidentally altered the order of CNAME records in DNS responses, breaking resolution for some clients. This post explores the technical root cause, examines the source code of affected resolvers, and dives into the inherent ambiguities of the DNS RFCs.

NLnet Labs

@nlnetlabs@social.nlnetlabs.nl · yesterday

We're experimenting with incremental DNSSEC signing in ‘dnst signer’, to prepare for this functionality in Cascade.

Currently we can sign the changes in the .se zone between last Saturday and Sunday in 3 seconds. Loading the unsigned zone takes 6 seconds and writing out the new signed zone another 12 seconds.

For comparison, the non-incremental signer took ~35 seconds (vs 3s for incremental), even with parallelism.

#DNS #DNSSEC #OpenSource #rustlang

https://github.com/NLnetLabs/dnst/pull/148

Elena Rossini on GoToSocial ⁂ boosted

Thomas Steiner :chrome:

@tomayac@toot.cafe · 5 days ago

What came first: the CNAME or the A record?
https://blog.cloudflare.com/cname-a-record-order-dns-standards/ Super interesting blog post by the Cloudflare team on #DNS record ordering and why it currently matters. (It's always DNS.)

The Cloudflare Blog

What came first- the CNAME or the A record

NLnet Labs

@nlnetlabs@social.nlnetlabs.nl · 5 days ago

Incremental signing will be part of the first Cascade production release. https://github.com/NLnetLabs/dnst/pull/148

#DNS #DNSSEC #rustlang #OpenSource

Thomas Steiner :chrome:

@tomayac@toot.cafe · 5 days ago

The Cloudflare Blog

What came first- the CNAME or the A record

NLnet Labs

@nlnetlabs@social.nlnetlabs.nl · 5 days ago

Dear DNS operators, do you have any need for setting NSEC3 salt and iterations?

https://community.nlnetlabs.nl/t/any-need-for-setting-nsec3-salt-and-iterations/62

#DNS #DNSSEC #rustlang #OpenSource

Michał "rysiek" Woźniak · 🇺🇦 boosted

PowerDNS

@PowerDNS@fosstodon.org · 7 days ago

PowerDNS Recursor 5.3.4 Released

https://blog.powerdns.com/2026/01/14/powerdns-recursor-5.3.4-released

#dns #dnssec

PowerDNS Recursor 5.3.4 Released

Release of PowerDNS Recursor 5.3.4

PowerDNS

@PowerDNS@fosstodon.org · 7 days ago

PowerDNS Recursor 5.3.4 Released

https://blog.powerdns.com/2026/01/14/powerdns-recursor-5.3.4-released

#dns #dnssec

PowerDNS Recursor 5.3.4 Released

Release of PowerDNS Recursor 5.3.4

Michał "rysiek" Woźniak · 🇺🇦

@rysiek@mstdn.social · last week

Dear #SysAdmin fedi – I am sure this has to exist, but I cannot find a tool like that.

I need a CLI tool that would canonicalize a DNS zone file. As in: put all the entries in a well-defined order, replace whitespace with a predefined pattern, organize the SOA section in a reproducible manner.

My basic need is being able to tell two zone files are 100% functionally equivalent, even if one uses tabs, the other spaces, and if entries are in completely random order, etc.

Anyone?

#DevOps .