I have been fed up with my old Wordpress-based blog for quite some time now. One factor might be the missing updates, but another issue was Wordpress (WP) itself. Sure, WP looks like a simple solution, if all you want is have a blog with some usable tools around it.
Just as a quick note here:
I originally planned to do my third part on DNSSEC with configuration hints using the popular DNS server BIND. At the moment I also use BIND for my setup.
Now I discovered the “Advanced Secuity Notifications” at ISC, which sells prior warnings about security issues in BIND. Personally, I don’t want to support this model.
Instead I am currently migrating to another DNS server implemenation, YADIFA, which I will then write about. But first I need to check my setup using this server.
As I already explained in Part 1, the current state of DNS is pretty insecure. The goal of DNSSEC is to improve this situation. Here is how that (should) work. I won’t go into cryptographic details here, but just show the general behaviour.
DNS is probably one of the most important protocols on the internet. Everybody uses it countless times each day, usually without even noticing it. Every time somebody visits any website, every time somebody sends a mail, every time somebody wants to do literallly ANYTHING on the internet, a DNS server is involved.
It looks like the DHL managed to pull my notebook back out of the lava pit it fell into. I received a mail from Lenovo that my notebook was returned to them, due to a wrong address. I phoned them and they sent it again.
Statt nur das Serverzertifikat zu wechseln habe ich gleich auch den Webserver von Apache auf Nginx umgestellt. Dabei interessiert mich die angebliche bessere Performance nur nebenbei, mir ging es um die bessere Unterstützung von TLS Ciphers.