[pcre-dev] Administrivia: PCRE cam.ac.uk host, DNSSEC

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
 
 
Delete this message
Author: Phil Pennock
Date:  
To: pcre-dev
Subject: [pcre-dev] Administrivia: PCRE cam.ac.uk host, DNSSEC
[ I am not on this mailing-list ]

This shouldn't affect folks in the PCRE realm, but rather than have you
be bitten by something hidden: the host which is:

* lists.pcre.org
* bugs.pcre.org
* vcs.pcre.org
* wiki.pcre.org (but that just redirects to GitHub)

is now using DNSSEC validation in its DNS resolver, and filtering out
RFC1918 addresses from domains too (to protect against DNS rebinding
attacks).

It's a fairly vanilla install of Unbound, it can be reconfigured to
whitelist any domains needed.

We're also likely to start using DNSSEC validation for email flowing
through this host, via DANE (this is opt-in on a per domain basis and
has no impact on domains which don't publish the relevant records); the
MTA on port 26 will get this configured before the MTA on the regular
port 25.

If you want to be kept in the loop on these changes, drop me a note.

Regards,
-Phil
This message was posted to the following mailing lists:
Pcre-dev
Mailing List Info | Nearby Messages		<-[pcre-dev] [Bug 1749] PCRE-JITted code should be executed from non-writable memory to obey execmem SELinux restriction[pcre-dev] ftp site HTTPS; mail domain?->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)