
.blog vs .com TLD performance
Established top-level domain resolves faster than newfangled .com domain.
I value the Domain Name System’d independence from the major tech companies. I blog about the evolving DNS standards and features that make the internet work.
Established top-level domain resolves faster than newfangled .com domain.
<link rel=dns-prefetch>
and when to use preconnect
Learn the difference between dns-prefecth vs preconnect, how to work around browser bugs, and when to use which? iOS and Safari requires special attention.
Tutorial for quieting Multicast DNS using various firewall front-ends for Linux’s iptables firewall.
I asked HE DNS if they had plans to support TSIG authenticated AXFR requests. Weeks later they rolled out support for the feature.
I compare the resilience of DNS Service-Discovery vs HTTPS Well-Known URIs when routing distributed internet traffic around censorship.
A comparison of the security features and other features offerings at 14 different secondary/slave DNS providers.
Short DNS TTL times are great for failover but can be detrimental to DNS performance. Here’s a comparison of the DNS TTL caching durations of popular CDNs.
Web browsers and other clients vary greatly in their handling of DNS TTL caching hints. Some follow TTL hints, limit it at 2 seconds, or apply their own logic.
systemd-resolved
systemd-resolved improves DNS performance with query-caching. Learn how to configure it to increase system privacy and security with DNS over TLS and DNSSEC.
Ctrl blog was inaccessible in Turkey for five days as the country blocks the BunnyCDN content delivery network.
A misapplied DNS CAA record blocked Certbot from obtaining a Let’s Encrypt certificate for my domain name.
I surveyed millions of websites to discover which domains were IPFS P2P DNSLink-enabled websites.
Resolve a common DNS over TLS configuration mistake in the Unbound DNS server that makes you vulnerable to attacker-in-the-middle resolver interceptions.
Improve your privacy by spreading DNS resolution requests out among many recursive DNS resolvers. No single provider will know all you do online.
A tutorial for setting up a recursive DNS over TLS resolver with Knot Resolver on Fedora Linux.
/etc/resolv.conf
on LinuxTake manual control of your Linux system’s DNS resolution and keep programs from interfering with and overwriting your resolv.conf file.
Ads had promised me that Hover.com was a great domain registrar. Trusting them to handle my domains turned out to be a big mistake.
I’d registered my Ctrl.blog domain with Get.blog. That service no longer exists and my domain was transferred to WordPress.com without notice.
Let’s Encrypt has made it really easy to obtain TLS certificates. Here is how to block the service from issuing certificates for your domains.
Add DNS CAA records for your domains to block unauthorized certificate authorities (CAs) from issuing certificates for your domain names.
A comparison review of six GeoDNS service providers. GeoDNS can help reduce latency by directing your website traffic to the nearest datacenter.
TXT
record normalizationBe wary when entering DNS TXT records in Linode DNS Manager.
A quick survey of the use of DNS SRV records for auto-configuration by email and calendar hosting service providers.
Windows 10 is working on adopting widely deployed network-discovery protocols used by every other device class.
Popular mDNS-utility Avahi sees first update in three years address multiple issues.
Two programs struggle for control over your resolv.conf of you’ve installed Debian from an IPv6-capable network.