I have been fed up with my old Wordpress-based blog for quite some time now. One factor might be the missing updates, but another issue was Wordpress (WP) itself. Sure, WP looks like a simple solution, if all you want is have a blog with some usable tools around it.
Just as a quick note here:
I originally planned to do my third part on DNSSEC with configuration hints using the popular DNS server BIND. At the moment I also use BIND for my setup.
Now I discovered the “Advanced Secuity Notifications” at ISC, which sells prior warnings about security issues in BIND. Personally, I don’t want to support this model.
Instead I am currently migrating to another DNS server implemenation, YADIFA, which I will then write about. But first I need to check my setup using this server.
As I already explained in Part 1, the current state of DNS is pretty insecure. The goal of DNSSEC is to improve this situation. Here is how that (should) work. I won’t go into cryptographic details here, but just show the general behaviour.
DNS is probably one of the most important protocols on the internet. Everybody uses it countless times each day, usually without even noticing it. Every time somebody visits any website, every time somebody sends a mail, every time somebody wants to do literallly ANYTHING on the internet, a DNS server is involved.
If you are anything like me , you like to have dedicated Services which do stuff for you. One of the Services I like in particular is pyLoad . This program you be used to automatically load files from OneClick Hosters. This is esspecially useful if you run this on a small computer like the Raspberry Pi  and dump the downloaded data to a central Storage like a NAS.
There are lots of blogposts out there which detail how to install pyLoad on a RaspberryPi [4, 5, 6]. For most parts I don’t really want to say anything against these, but there was one point in particular that I dislike about all of these. This is the reason why I am now writing my own guide. So let’s get started.
Statt nur das Serverzertifikat zu wechseln habe ich gleich auch den Webserver von Apache auf Nginx umgestellt. Dabei interessiert mich die angebliche bessere Performance nur nebenbei, mir ging es um die bessere Unterstützung von TLS Ciphers.