.blog vs .com TLD performance
Established top-level domain resolves faster than newfangled .com domain.
DNS
I value the Domain Name System’d independence from the major tech companies. I blog about the evolving DNS standards and features that make the internet work.
What to <link rel=dns-prefetch> and when to use preconnect
I’ve explored a number of web browser quirks with <link rel="dns-prefetch"> and compare it to rel="preconnect".
How to disable outgoing mDNS broadcasts on Linux
Tutorial for quieting Multicast DNS using various firewall front-ends for Linux’s iptables firewall.
Hurricane Electric secondary DNS adds support for TSIG authentication
I asked HE DNS if they had plans to support TSIG authenticated AXFR requests. Weeks later they rolled out support for the feature.
Well-Known URI vs DNS-SD for distributed web service-discovery despite internet censorship
I compared the resilience of DNS Service-Discovery vs HTTPS Well-Known URIs when routing distributed internet traffic around censorship.
Secondary authoritative DNS service providers compared
A comparison of the security features and other features offerings at 14 different secondary/slave DNS providers.
Compared DNS caching/TTL of different CDNs
Short DNS TTL times are great for failover but can be detrimental to DNS performance. Here’s a comparison of the DNS TTL caching durations of popular CDNs.
A survey of DNS caching and TTL in end-user client software
Web browsers and other clients vary greatly in their handling of DNS TTL caching hints. Some follow TTL hints, limit it at 2 seconds, or apply their own logic.
Is systemd-resolved useful?
How systemd-resolved improves DNS performance with query-caching and optionally can increase system privacy and security.
Turkey blocks BunnyCDN; Ctrl blog and 14 000 websites inaccessible
Ctrl blog was inaccessible in Turkey for five days as the country blocks the BunnyCDN content delivery network.
How I blocked myself from obtaining a Let’s Encrypt TLS certificates
A misapplied DNS CAA record blocked Certbot from obtaining a Let’s Encrypt certificate for my domain name.
DNSLink and IPNS availability survey
I surveyed millions of websites to discover which domains were IPFS P2P DNSLink-enabled websites.
Actually secure DNS over TLS in Unbound
Resolve a common DNS over TLS configuration mistake in the Unbound DNS server that makes you vulnerable to man-in-the-middle resolver interceptions.
How to randomize DNS resolver selection in Knot Resolver
Improve your privacy by spreading DNS resolution requests out among many recursive DNS resolvers. No single provider will know all you do online.
How to get faster and more secure DNS resolution with Knot Resolver on Fedora
A tutorial for setting up a recursive DNS over TLS resolver with Know Resolver on Fedora Linux.
How to take back control of /etc/resolv.conf on Linux
Take manual control of your Linux system’s DNS resolution and keep programs from interfering with and overwriting your resolv.conf file.
I regret transferring my domains to Hover
Ads had promised me that Hover.com was a great domain registrar. Trusting them to handle my domains turned out to be a big mistake.
Don’t register your domains with Automattic
I’d registered my Ctrl.blog domain with Get.blog. That service no longer exists and my domain was transferred to WordPress.com without notice.
How to prevent Let’s Encrypt from issuing a certificate for your domain
Let’s Encrypt has made it really easy to obtain TLS certificates. Here is how to block the service from issuing certificates for your domains.
Stop CAs from misissuing certificates for your domains with CAA records
Add DNS CAA records for your domains to block unauthorized certificate authorities (CAs) from issuing certificates for your domain names.
Review: Managed GeoDNS on a budget
A comparison review of six GeoDNS service providers. GeoDNS can help reduce latency by directing your website traffic to the nearest datacenter.
Linode DNS Manager pitfall: No TXT record normalization
Be wary when entering DNS TXT records in Linode DNS Manager.
DNS SRV records usage for email and calendar service discovery
A quick survey of the use of DNS SRV records for auto-configuration by email and calendar hosting service providers.
mDNS and DNS-SD slowly making their way into Windows 10
Windows 10 is working on adopting widely deployed network-discovery protocols used by every other device class.
Avahi 0.6.32 enabling IPv6 and Windows 10 log-silencing
Popular mDNS-utility Avahi sees first update in three years address multiple issues.
Resolve the battle for control over your DNS settings in Debian/Ubuntu
Two programs struggle for control over your resolv.conf of you’ve installed Debian from an IPv6-capable network.