BIND Updates Patch High-Severity Vulnerabilities Internet Systems Consortium released BIND 9 updates to fix four vulnerabilities, including two high-severity flaws that can cause memory leaks or high CPU usage in resolvers during DNSSEC processing. Patches are available for BIND 9.18.47, 9.20.21, and 9.21.20, and ISC reports no known in-the-wild exploitation. #BIND #CVE-2026-3104...

ISC patches BIND 9.18.47, 9.20.21, and 9.21.20 to fix four vulnerabilities, including two high-severity flaws causing memory leaks and high CPU during DNSSEC processing. No known exploits reported. #BIND9 #DNSSEC #USA

#IPv6 #DNSSEC #ROA

NIST Updates DNS Security Guidance After 12 Years with SP 800-81r3 NIST SP 800-81r3 modernizes DNS security guidance for the first major revision since 2013, recasting DNS as an active enforcement layer and addressing protective DNS, encrypted DNS, DNSSEC, and operational resilience. The guidance recommends hybrid cloud/on‑prem protective DNS deployments, mandates encrypted DNS for U.S. federal civilian agencies where feasible, updates cryptographic...

NIST releases SP 800-81r3, the first major DNS security update since 2013. It mandates encrypted DNS for US federal agencies, promotes hybrid protective DNS, updates cryptographic algorithms, and enhances operational best practices. #US #DNSSEC

NIST updates its DNS security guidance for the first time in over a decade - Help Net Security NIST's updated DNS security guide covers encrypted DNS, protective DNS, and DNSSEC for teams managing enterprise infrastructure.

NIST updates its DNS security guidance for the first time in over a decade

📖 Read more: www.helpnetsecurity.com/2026/03/23/n...

#cybersecurity #cybersecuritynews #DNS #DNSSEC #securitystandard

Original post on helpnetsecurity.com

NIST updates its DNS security guidance for the first time in over a decade DNS infrastructure underpins nearly every network connection an organization makes, yet security configurations for it hav...

#Don't #miss #News #cybersecurity #DNS #DNSSEC […]

[Original post on helpnetsecurity.com]

Original post on infosec.exchange

Weekend Reads

* Secure DNS deployment guide
nvlpubs.nist.gov/nistpubs/SpecialPublicat...
* Domain name renewals across ccTLDs
www.sidnlabs.nl/en/news-and-blogs/analys...
* Exposed API credentials on the web […]

NextGen@ICANN85 Presentations ICANN COMMUNITY FORUM - Mumbai - 10-11 March 2026

RECAP - NextGen@ICANN85 Presentations open.substack.com/pub/isoclive... #ICANN85 #ICANNnextgen #InternetGovernance #UniversalAcceptance #IDN #DNSAbuse #DigitalInclusion #Internet4All #DNSSEC #E2EE

PowerDNS Authoritative Server 5.1.0-alpha1 Released This is the release of Authoritative Server 5.1.0-alpha1.

PowerDNS Authoritative Server 5.1.0-alpha1 Released

blog.powerdns.com/2026/03/16/p...

#dns #dnssec

TLD-zoner (.se / .nu)

~10’ .se and ~5’ .nu domains scanned for #DNSSEC , #IPv6 etc

kommunermedipv6.se/tldzone/

Original post on infosec.exchange

Weekend Reads

* Post-quantum RPKI framework
https://arxiv.org/abs/2603.06968
* DNSSEC negative trust anchors
quad9.net/news/blog/dnssec-ntas-no...
* AS112 deployment characteristics
0x03c0.com/files/pam26-as112-camera...
* Geoff Huston on […]

Domäntest

Test your domains #IPv6 #DNSSEC #security.txt #RPKI and more at kommunermedipv6.se/test.html
Test your Internet connection here test-ipv6.se

PowerDNS DNSdist 2.1.0-beta2 Released PowerDNS DNSdist 2.1.0-beta2 Released.

PowerDNS DNSdist 2.1.0-beta2 Released

blog.powerdns.com/2026/03/12/p...

#dns #dnssec

The image features a digital background with code and circuitry, prominently displaying the text "quad9" in the center.

DNSSEC Negative Trust Anchors: No Good Compromises => learn more about them and our new policy.

quad9.net/news/blog/dn...

#infosec #DNSSEC #transparency #security #DNS

PowerDNS Recursor 5.4.0 Released We are proud to announce the release of PowerDNS Recursor 5.4.0

PowerDNS Recursor 5.4.0 Released

blog.powerdns.com/2026/03/09/p...

#dns #dnssec

DNSSEC-validatie verplicht vanaf 24 februari 2026

#Persbericht #Networking4all #SSL/TLScertificaten #DNSSEC #DNSSECcheckingtool #CertificateAuthorities #Domeincontrole #CertificateAuthorityAuthorization

Olaf Kolkman (part 1) Olaf Kolkman has had a long career in open source. In this first part, we discussed his involvement with Perl, DNSSEC and NLnet Labs.

The Underbar (the #perl podcast) has an interview with Olaf Kolkman about Perl and DNS and other things pca.st/episode/042e...

#dns #dnssec #ietf #icann

IPv6-status per kommun

Massive update at kommunermedipv6.se - The Baltics, Benelux, the British Isles, and Poland have been added for #IPv6, #DNSSEC, security.txt, SPOF and #RPKI.
OMX Stockholm Large CAP with SPOF, IPv6, security.txt, and RPKI at lnkd.in/dueZyiY3.
Everything is available at lnkd.in/dW9Y-_2B

PowerDNS DNSdist 2.1.0-beta1 Released PowerDNS DNSdist 2.1.0-beta1 Released.

PowerDNS DNSdist 2.1.0-beta1 Released

blog.powerdns.com/2026/02/23/p...

#dns #dnssec

PowerDNS Authoritative Server 5.0.3 & 4.9.13 This is the release of Authoritative Server 5.0.3 and 4.9.13.

PowerDNS Authoritative Server 5.0.3 & 4.9.13 Released

blog.powerdns.com/2026/02/20/p...

#dns #dnssec

First release candidate of PowerDNS Recursor 5.4.0 We are proud to announce the first release candidate of PowerDNS Recursor 5.4.0

First release candidate of PowerDNS Recursor 5.4.0

blog.powerdns.com/2026/02/17/f...

#dns #dnssec

How to Configure Inbound SMTP DANE & DNSSEC in Exchange Online We’re already sending emails securely, now it’s time to secure inbound email as well!Back in 2022, Microsoft enabled outbound SMTP DANE with DNSSEC for all Exchange Online customers, including MSA (ho...

Inbound SMTP still vulnerable to downgrade & MITM attacks?

Then read this post for configuring inbound DANE + DNSSEC to enforcing TLS encryption
Covers prereqs, DNS config, validation & testing.

www.chanceofsecurity.com/post/how-to-...

#ExchangeOnline #DNSSEC #DANE #EmailSecurity #Microsoft365

Fixed a DNSSEC oopsie on my domains hofsted.it and blog.hofstede.it .. Now everything validates cleanly again ..

#selfhosting #devops #dns #dnssec

Modern Email Security Explained: From Sender Authentication to Transport Security Sending an email securely requires more moving parts than most people expect, you don’t notice when it works. You really notice when it doesn’t!Email is still one of the most critical, and most abused...

Email security isn’t magic, it’s layered building blocks.
This post breaks down these blocks, and shows how they work together to protect sender identity, DNS integrity, and SMTP transport.

🔗 chanceofsecurity.com/post/modern-...

#EmailSecurity #DMARC #DNSSEC #ExchangeOnline #MicrosoftSecurity #MS

PowerDNS Security Advisory 2026-01 PowerDNS Security Advisories 2026-01: Crafted zones can lead to increased resource usage in Recursor

PowerDNS Security Advisory 2026-01
(aka PowerDNS Recursor 5.1.10, 5.2.8 and 5.3.5 released)

blog.powerdns.com/2026/02/09/p...

#dns #dnssec

DNS/DNSSEC-status per kommun

Estonia, Latvia, and Lithuania are now available on kommunermeddnssec.se and kommunermedipv6.se.
There are still some issues with domain names/geo data for Norway, Iceland, and the newly added countries, but that might be fixed tomorrow.
#IPv6 #DNSSEC

Enabling #DNSSEC is easy as cake with PowerDNS. Just a copy & paste to INWX’s domain management console and that’s it.

Enabling DANE for my e-mail server was easy afterwards as well. There is no reason today not to have it :-)

PowerDNS DNSdist 2.1.0-alpha1 Released PowerDNS DNSdist 2.1.0-alpha1 Released.

PowerDNS DNSdist 2.1.0-alpha1 Released

blog.powerdns.com/2026/01/29/p...

#dns #dnssec

First beta release of PowerDNS Recursor 5.4.0 We are proud to announce the first beta release of PowerDNS Recursor 5.4.0

First beta release of PowerDNS Recursor 5.4.0

blog.powerdns.com/2026/01/27/f... #dns #dnssec

The Excruciating Slow Rise of DNSSEC: A Dialogue With Roy Arends About Myths, Realities and Hard Lessons DNSSEC promised to secure DNS with cryptographic proof, yet messy rollouts, outages, and hype backlash ruined its reputation. This piece argues that storytelling and emotions shape adoption as much as...

Deployment of technical standards is surprisingly emotional and narrative-driven. Can’t believe it? Here you go!
circleid.com/posts/the-ex...

#DNS #DNSSEC #CircleID

We need to simplify client certificates for IoT and MTLS. One way is to anchor client certs in DNS.
The IETF DANCE working group needs more energy to complete our work. Want to join? Get on the mailing list now and help out!
https://datatracker.ietf.org/group/dance/about/

#PKI #DNSsec #MTLS #IOT