[pcre-dev] Administrivia: PCRE cam.ac.uk host, DNSSEC

Pàgina inicial
Delete this message
Autor: Phil Pennock
Data:  
A: pcre-dev
Assumpte: [pcre-dev] Administrivia: PCRE cam.ac.uk host, DNSSEC
[ I am not on this mailing-list ]

This shouldn't affect folks in the PCRE realm, but rather than have you
be bitten by something hidden: the host which is:

* lists.pcre.org
* bugs.pcre.org
* vcs.pcre.org
* wiki.pcre.org (but that just redirects to GitHub)

is now using DNSSEC validation in its DNS resolver, and filtering out
RFC1918 addresses from domains too (to protect against DNS rebinding
attacks).

It's a fairly vanilla install of Unbound, it can be reconfigured to
whitelist any domains needed.

We're also likely to start using DNSSEC validation for email flowing
through this host, via DANE (this is opt-in on a per domain basis and
has no impact on domains which don't publish the relevant records); the
MTA on port 26 will get this configured before the MTA on the regular
port 25.

If you want to be kept in the loop on these changes, drop me a note.

Regards,
-Phil