AI Agents Get Their Own Directory Built Atop DNS
“In the future, AI agents will be able to find one another using the Domain Name System (DNS), instead of crawling about and probing ports or checking configured resources,” writes The Register.
InfoWorld writes that “numerous proprietary agent registries are on the market, but the Linux Foundation suggests we simply extend the distributed, open Domain Name System (DNS) infras … ⌘ Read more
DynIP – Dynamic DNS with RFC 2136, IPv6, DNSSEC, and BYOD
Article URL: https://dynip.dev/
Comments URL: https://news.ycombinator.com/item?id=48276363
Points: 8
# Comments: 3 ⌘ Read more
‘Underminr’ CDN Vulnerability Hides Malicious Traffic Behind Trusted Domains
Slashdot reader wiredmikey writes: Threat actors are exploiting a vulnerability in shared content delivery network (CDN) infrastructure to hide connections to malicious domains. Researchers say the vulnerability could impact roughly 88 million domains and can bypass DNS filtering and protective DNS controls, potentially enab … ⌘ Read more
Cloudflare Appeals Piracy Shield Fine, Hopes To Kill Italy’s Site-Blocking Law
Cloudflare is appealing a 14.2 million-euro fine from Italy for refusing to comply with its “Piracy Shield” law, which requires blocking access to websites on its 1.1.1.1 DNS service within 30 minutes. The company argues the system lacks oversight, risks widespread overblocking, and could undermine core Internet infrastru … ⌘ Read more
My hoster broke UDP, so DNS is broken as well and that takes a lot of things with it. No more email for me, I guess.
Let’s hope they’ll fix it soon.
Italy Fines Cloudflare 14 Million Euros For Refusing To Filter Pirate Sites On Public 1.1.1.1 DNS
An anonymous reader quotes a report from TorrentFreak: Italy’s communications regulator AGCOM imposed a record-breaking 14.2 million-euro fine on Cloudflare after the company failed to implement the required piracy blocking measures. Cloudflare argued that filtering its global 1.1.1.1 … ⌘ Read more
French Court Orders Google DNS to Block Pirate Sites, Dismisses ‘Cloudflare-First’ Defense
Paris Judicial Court ordered Google to block additional pirate sports-streaming domains at the DNS level, rejecting Google’s argument that enforcement should target upstream providers like Cloudflare first. “The blockade was requested by Canal+ and aims to stop pirate streams of Champions League game … ⌘ Read more
↳
In-reply-to
»
@shinyoukai yeah, that's the only reason why I use sub-domains when trying anything federated (I believe Matrix has the same problem), in case things didn't go as planned I can just migrate and take it down.
⤋ Read More
@bender@twtxt.net actually I think it’s a little more nuance than that because for example with salty chat, we have support for DNS based delegation via SRV records and your identity is associated with your Apex Dom name and of course the keys.
I actually don’t understand why Federation and activity pub is so goddamn hard to migrate from one instance to another 🧐
Presidenciais: CNE reconhece legitimidade da queixa de Manuela Magno e critica modelo de debates televisivos
AWS Introduces DNS Failover Feature for Its Notoriously Unreliable US East Region
Amazon Web Services has rolled out a DNS resilience feature that allows customers to make domain name system changes within 60 minutes of a service disruption in its US East region, a direct response to the long history of outages at the cloud giant’s most troubled infrastructure.
AWS said customers in regulated i … ⌘ Read more
↳
In-reply-to
»
@prologic I will share later my GoToSocial 10 lines (or less)
⤋ Read More
config.yaml, and 4 lines Caddyfile, and you will see how easy it is.
@bender@twtxt.net That’s not the problem. The problem is the complex DNS setup and delegation. I’ve gotten it working once before, but it’s not that easy if you don’t intend to run it on the APEX Domain.
So blackholing my Gitea instance’s DNS for the day seemed to have worked 🤣 (if only I had a real target I could have made their fucking crawlers DDoS themselves 😂) – Let’s also see if enabling DDoS proection on the Edge via Vultr’s DDoS capability also helps? 🤔
Our investigation into the suspicious pressure on Archive.today
Article URL: https://adguard-dns.io/en/blog/archive-today-adguard-dns-block-demand.html
Comments URL: https://news.ycombinator.com/item?id=45936460
Points: 500
# Comments: 165 ⌘ Read more
Recursive DNS
I think I did not blog about it, but I switched back to a self-hosted AdGuard Home instance quite some time ago from NextDNS. To reduce my number of subscriptions, but also to increase my control over important infrastructure I use. ⌘ Read more
“The $12,500 DNS Trick That Hacked Snapchat’s Cloud Servers”
While studying advanced SSRF techniques, I came across a fascinating case where researchers @nahamsec, @daeken, and @ziot combined DNS…
[Continue reading on InfoSec Write-ups … ⌘ Read more
🤔 💭 🧐 What if, What if we built our own self-hosted / small-web / community-built/run Internet on top of the Internet using Wireguard as the underlying tech? What if we ran our own Root DNS servers? What if we set a zero tolerance policy on bots, spammers and other kind of abuse that should never have existed in the first place. Hmmmm
I keep getting this email occadionally:
Your iCloud storage is almost full
Now for various reasons, I don’t want my children to be using iCloud to store data, files, photos or any of the sort. They’re free to use iMessages, and other Apple services like the App Store, etc, but not storage.
So I’ve set about blocking iCloud Storage API(s) via AdGuard Home tonight as well as ensuring that my local network (client users) cannot bypass DNS policies and get out other sneaky ways, because some applications will just use other DNS servers, or DOH or DOT.
使用 dig 查詢 dns 遞歸查詢過程
DNS 查詢過程中如果沒有命中緩存,查詢實際上是一個遞歸過程。DNS 解析工具 dig 提供了 trace 功能,可以展示遞歸查詢的整個過程。以查詢 www.baidu.com 爲例,查詢結果如下:root@ubuntu:~# dig +trace +nodnssec www.baidu.com;; communications error to 114.114.114.114#53: timed ⌘ Read more
How to Enable iCloud Private Relay on Mac
iCloud Private Relay is a fantastic privacy feature that is part of the iCloud+ subscription that helps to protect your internet activity and browsing by obfuscating your IP address (via using a temporary IP address) and encrypting your DNS lookups, so that third parties can’t see what websites you’re visiting. The end result is that … Read More ⌘ Read more
How to Enable iCloud Private Relay on Mac
iCloud Private Relay is a fantastic privacy feature that is part of the iCloud+ subscription that helps to protect your internet activity and browsing by obfuscating your IP address (via using a temporary IP address) and encrypting your DNS lookups, so that third parties can’t see what websites you’re visiting. The end result is that … Read More ⌘ Read more
DNS rebinding attacks explained: The lookup is coming from inside the house!
DNS rebinding attack without CORS against local network web applications. Explore the topic further and see how it can be used to exploit vulnerabilities in the real-world.
The post [DNS rebinding attacks explained: The lookup is coming from inside the house!](https://github.blog/security/application-security/dns-rebinding-attacks-explained-the-lookup-is-coming-from- … ⌘ Read more
How to Flush DNS Cache on macOS Sequoia & Sonoma
If you’re running macOS Sequoia or macOS Sonoma, you might occasionally find yourself in a situation where you need to flush the DNS cache on your Mac. This can be necessary to fix DNS related issues or errors, to clear out outdated DNS settings or records, to resolve issues with certain websites, or even to … Read More ⌘ Read more
How to Use Surfshark DNS on Mac, iPhone, iPad
Did you know that your internet service provider default DNS servers almost certainly track and log your online activity? Basically this means that every time you visit a website or use an internet-connected application from your Mac, iPhone or iPad, your ISP is aware of that. Many ISP’s will not only log and track your … Read More ⌘ Read more
Today I added support for Let’s Encrypt to eris via DNS-01 challenge. Updated the gcore libdns package I wrote for Caddy, Maddy and now Eris. Add support for yarn’s cache to support # type = bot and optionally # retention = N so that feeds like @tiktok@feeds.twtxt.net work like they did before, and… Updated some internal metrics in yarnd to be IMO “better”, with queue depth, queue time and last processing time for feeds.
Go 利用 github-com-miekg-dns 進行安全分析與防護
在網絡安全領域,DNS(域名系統)是攻擊者和防禦者都非常關注的目標。攻擊者可以利用 DNS 進行隧道通信、數據滲透、欺騙攻擊,而安全專家則需要檢測和防禦這些威脅。本文將簡單地介紹 github.com/miekg/dns 庫,並通過代碼演示如何利用它進行 DNS 監控、流量分析和攻擊檢測。miekg/dns 介紹miekg/dns 是 Go 語言中比較流行的 DNS 解析庫之一,它支持:自定義 D ⌘ Read more
Fast Flux: The DNS Botnet Technique Alarming National Security Agencies ⌘ Read more
Localhost dangers: CORS and DNS rebinding
What is CORS and how can a CORS misconfiguration lead to security issues? In this blog post, we’ll describe some common CORS issues as well as how you can find and fix them.
The post Localhost dangers: CORS and DNS rebinding appeared first on The GitHub Blog. ⌘ Read more
用 Go 語言手撕 DNS 協議:從理論到 gothdns 的工程實踐
在互聯網基礎設施的基石中,DNS(域名系統)堪稱最優雅的分佈式系統設計典範。這個將域名轉換爲 IP 地址的魔法系統,每秒處理着數以億計的查詢請求。Go 語言憑藉其簡潔的併發模型和高效的網絡編程能力,成爲實現 DNS 協議的絕佳選擇。理解 DNS 協議需要把握三個核心要素:分層樹狀結構的域名空間 UDP/TCP 雙協議支持 資源記錄(RR)的二進制編碼規範 Go 語言標準庫中的ne ⌘ Read more
Mastercard DNS error went unnoticed for years
Article URL: https://krebsonsecurity.com/2025/01/mastercard-dns-error-went-unnoticed-for-years/
Comments URL: https://news.ycombinator.com/item?id=42793783
Points: 500
# Comments: 151 ⌘ Read more
prologic/caddy-gcore: Caddy DNS provider for GCore - caddy-gcore - Mills
prologic/caddy-gcore: Caddy DNS provider for GCore - caddy-gcore - Mills ⌘ Read more
StackExchange/dnscontrol: Infrastructure as code for DNS! 👈👈 Now this looks might interesting… I might look into this for managing my …
StackExchange/dnscontrol: Infrastructure as code for DNS! 👈👈 Now this looks might interesting… I might look into this for managing my own domains and DNS. I note that my current registrar isn’t on the list of supported registrars, oh well, I don’t like OnlyDomains™ much anyway. Anyone familiar with these regisrars?
AWS Route 53
CSC Global
C … ⌘ Read more
**(#cmttsmq) This is how I build my caddy:
proxy-1:~# cat build.caddy.sh
#!/bin/sh
xcaddy build \
--with github.com/caddy-dns/cloudflare \
...**
This is how I build my caddy:
proxy-1:~# cat build.caddy.sh
#!/bin/sh
xcaddy build
--with github.com/caddy-dns/cloudflare \
--with github.com/caddyserver/cache-handler \
--with git.mills.io/prologic/caddy-ratelimit \
--with git.mills.io/prologic/caddy-waf
proxy-1:~#
⌘ [Read more](https://twtxt.net/twt/dokh7ca)
(#fcwg4zq) @kat So far it’s been alright. I wasn’t too impressed with Caddy’s logging capabilities though or the fact you have to custom build c …
@kat @yarn.girlonthemoon.xyz So far it’s been alright. I wasn’t too impressed with Caddy’s logging capabilities though or the fact you have to custom build caddy just to support DNS-01 ACME challenge. But other than that, it’s okay. ⌘ Read more
(#onhxoea) @lyse Nah I’m fone with using their DNS. I could shove DNS onto Vultr too I suppose or run my own DNS server(s), but I don’t see th …
@lyse @lyse.isobeef.org Nah I’m fone with using their DNS. I could shove DNS onto Vultr too I suppose or run my own DNS server(s), but I don’t see the value in that… ⌘ Read more
(#mgmtiha) @movq I was using Cloudflare primarily for 3 reasons: 1) For hosting DNS records 2) For reverse proxying into my infra’s services and …
@movq @www.uninformativ.de I was using Cloudflare primarily for 3 reasons: 1) For hosting DNS records 2) For reverse proxying into my infra’s services and 3) As a layer of defense against DDoS attacks or stupid misbehaving bots. I’m still using Cloudflare for 1) but 2/3 are now done entirely by something I’ve … ⌘ Read more
I am now proud to say, that as of this moment, I am off of Clownflare 🤣 Still using Cloudflare for DNS, but no longer proxying through their …
I am now proud to say, that as of this moment, I am off of Clownflare 🤣 Still using Cloudflare for DNS, but no longer proxying through their services or terminating TLS at their edge. Instead, all my sites and services now terminate TLS on my own edge proxy running Caddy+Wireguard ( so all ingress is actually egress 🤣) 🥳 #Clownflare [#Cloudflare]( … ⌘ Read more
(#ywl4paq) Ahh I see what I’ve done. That was a bit unfortunate 🤣 Because git.mills.io was a non-proxied DNS entry so that Git+SSH would al …
Ahh I see what I’ve done. That was a bit unfortunate 🤣 Because git.mills.io was a non-proxied DNS entry so that Git+SSH would also work, I now have a problem hmm. How not to expose my IP(s) directly and open them up to attack? 🤔 ⌘ Read more
0xFFFC posts October-November 2024 Monero dev report
0xFFFC1 has posted a second progress report (October 1-14 November 2024)2 for their full-time Monero dev work CCS proposal3:
Work overviewLast month I worked on multiple PRs. Right now I am working on a few tasks: 1. Investigating wallet-rpc communication with daemon. 2. DNS TXT limitation issue we have.
”`
Reviews:
- ringct: add operator!= for key #9556
- p2p: allow comments in banlist files #9558
- c … ⌘ Read more”`
Would it make sense for twtxt v.2 to do something similar to bluesky, where you use a domain as you handle by creating a specific DNS record as explained by: https://matthiasott.com/notes/how-to-set-your-domain-as-your-bluesky-handle
Drew DeVault Behind Stallman-Report.org Hit Piece
Some mild DNS sleuthing has revealed the “anonymous” author of the attack on Richard Stallman. ⌘ Read more
Fix MacOS Sequoia Network & Wi-Fi Issues with These 6 Tips
Some MacOS Sequoia users have discovered various networking issues with their Mac since installing the MacOS Sequoia 15 system software update. The reported network problems can range from and include random intermittent connection issues with MacOS Sequoia, inability to connect to the internet, unusually slow internet, DNS resolution failures, problems with VPN services, problems with … [Read More](https://osxdaily.com/2024/10/08/f … ⌘ Read more
@bender@twtxt.net I’m not a yarnd user, but automatically unfollowing on 404 doesn’t seem right. Besides @lyse@lyse.isobeef.org’s example, I could imagine just accidentally renaming my own twtxt file, or forgetting to push it when I point my DNS to a new web server. I’d rather not lose all my yarnd followers in a situation like that (and hopefully they feel the same).
I have a question for the IndieWeb community: What can we do against Webmention spam, except filter it out, when it fails validation? I receive hundreds of invalid Webmentions a day, and even using a filtering DNS server doesn’t seem to help much. But I also don’t want to waste network traffic to access all those spam sites. Is there any good block list I can check first before doing the request for validation? I thought about Akismet, but the API has no such option to only check the submitted URL. ⌘ Read more
The power of control
You know, I’ve found a pretty effective way to reduce my addiction to certain websites: blocking them at the DNS level using NextDNS. It’s a trick I picked up after realizing I was spending far too much time on Hacker News (my addiction to that is gone for quite some time already!). And now? I’ve extended it to a forum I used to frequent multiple times a day. ⌘ Read more