{"id":13873,"date":"2025-08-19T00:22:22","date_gmt":"2025-08-18T22:22:22","guid":{"rendered":"https:\/\/monodes.com\/predaelli\/?p=13873"},"modified":"2025-08-19T00:22:25","modified_gmt":"2025-08-18T22:22:25","slug":"how-not-to-configure-your-domainname-internet-nl","status":"publish","type":"post","link":"https:\/\/monodes.com\/predaelli\/2025\/08\/19\/how-not-to-configure-your-domainname-internet-nl\/","title":{"rendered":"How (not) to configure your domainname [internet.nl]"},"content":{"rendered":"\n

How (not) to configure your domainname [internet.nl]<\/a><\/p>\n\n\n\n\n\n\n\n

\n

How (not) to configure your domainname [internet.nl]<\/h3>\n\n\n\n

<\/h3>\n\n\n\n

2025-08-11

The most common configurations seen in scanning domain names with Internet.nl<\/a>, e.g. those found in biannual governmental measurements<\/a>.<\/p>\n\n\n\n

\n\n\n\n

This talk will explain how to configure modern security standards on your domain name with the help of the open source<\/a> Internet.nl<\/a>. It will show common misconfigurations in DNS and security headers. Teach you why you should probably want to avoid www CNAME @<\/code>, want to enable IPv6 and other observations from the biannual measurements<\/a> of scanning more than 10.000 governmental host names in The Netherlands.<\/p>\n\n\n\n

After this talk you’ll know at least one DNS or security header improvement for your own or organization domain.<\/p>\n\n\n\n

This presentation will touch:
– why enable DNSSEC (RFC 4033<\/a> and many more), some common failures (e.g. CNAME’s)
– why enable IPv6, not talking about ‘IPv4-mapped IPv6 address’ here, issues if you’re still not supporting IPv6 (almost 30 years after RFC 1883<\/a>)
– why not CNAME to your apex domain (if you have an Mx record)
– why use Null MX (RFC 7505<\/a>)
– why configuration SPF (RFC 7208<\/a>) on all hostnames
– why there are more reasons to avoid CNAME’s
– why enable DANE (RFC 6698<\/a>) and TLSRPT (RFC 8460<\/a>) and why it’s superior to MTA-STA (RFC 8461<\/a>), how to rotate DANE
– why monitoring matters
– why first doing a https:\/\/<\/code> redirect before a domain redirect
– why a strict Content-Security-Policy (CSP v3<\/a>) will save you
– why configure ssl_reject_handshake<\/code> (nginx only)
– why have an accessible security.txt (special allow rule if you have basic auth!) that contains at least one email address
– why start cookie names with __Host-<\/code>or __Secure-<\/code> (MDN<\/a>)<\/p>\n<\/blockquote>\n","protected":false},"excerpt":{"rendered":"

How (not) to configure your domainname [internet.nl]<\/p>\n

Read more →<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"link","meta":{"inline_featured_image":false,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"activitypub_content_warning":"","activitypub_content_visibility":"","activitypub_max_image_attachments":4,"activitypub_interaction_policy_quote":"anyone","activitypub_status":"federated","footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[72],"tags":[333],"class_list":["post-13873","post","type-post","status-publish","format-link","hentry","category-documentations","tag-dns","post_format-post-format-link"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p6daft-3BL","jetpack-related-posts":[{"id":9912,"url":"https:\/\/monodes.com\/predaelli\/2022\/12\/14\/how-to-configure-wireless-wake-on-lan-for-linux-wifi-card\/","url_meta":{"origin":13873,"position":0},"title":"How to configure wireless wake-on-lan for Linux WiFi card","author":"Paolo Redaelli","date":"2022-12-14","format":false,"excerpt":"How to configure wireless wake-on-lan for Linux WiFi card - nixCraft I have Network Attached Storage (NAS) server that backups all my devices. However, I am having a hard time with my Linux-powered laptop. I cannot back up my laptop\/computer when it is in suspended or sleep mode. How do\u2026","rel":"","context":"In "Documentations"","block_context":{"text":"Documentations","link":"https:\/\/monodes.com\/predaelli\/category\/documentations\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1462,"url":"https:\/\/monodes.com\/predaelli\/2016\/04\/29\/10-useful-ip-commands-to-configure-network-interfaces\/","url_meta":{"origin":13873,"position":1},"title":"10 Useful “IP” Commands to Configure Network Interfaces","author":"Paolo Redaelli","date":"2016-04-29","format":"link","excerpt":"http:\/\/www.tecmint.com\/ip-command-examples\/ When you read that ifconfig as been deprecated you realize your growing old: I use ifconfig almost subconsciously... It reminds me of the days I first installed Linux on my Amiga 1200 boosted with almighty 68060...","rel":"","context":"In "Documentations"","block_context":{"text":"Documentations","link":"https:\/\/monodes.com\/predaelli\/category\/documentations\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":7612,"url":"https:\/\/monodes.com\/predaelli\/2020\/09\/18\/internet-connection-sharing-with-networkmanager-fedora-magazine\/","url_meta":{"origin":13873,"position":2},"title":"Internet connection sharing with NetworkManager – Fedora Magazine","author":"Paolo Redaelli","date":"2020-09-18","format":"link","excerpt":"Internet connection sharing with NetworkManager - Fedora Magazine Or nmtui, nmcli and other commands for the shell wizard Internet connection sharing with NetworkManager Posted by Beniamino Galvani on June 17, 2020 NetworkManager is the network configuration daemon used on Fedora and many other distributions. It provides a consistent way to\u2026","rel":"","context":"In "Documentations"","block_context":{"text":"Documentations","link":"https:\/\/monodes.com\/predaelli\/category\/documentations\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1143,"url":"https:\/\/monodes.com\/predaelli\/2016\/03\/14\/how-to-secure-nginx-with-lets-encrypt-on-ubuntu-14-04-digitalocean\/","url_meta":{"origin":13873,"position":3},"title":"How To Secure Nginx with Let’s Encrypt on Ubuntu 14.04 | DigitalOcean","author":"Paolo Redaelli","date":"2016-03-14","format":false,"excerpt":"Following https:\/\/letsencrypt.readthedocs.org\/en\/latest\/using.html#installation you can obtain a nice SSL certificate for your own webservers; yet for those who likes NGinx like me this guide How To Secure Nginx with Let's Encrypt on Ubuntu 14.04 | DigitalOcean is also useful In this tutorial, we will show you how to use Let's Encrypt\u2026","rel":"","context":"In "Software Libero"","block_context":{"text":"Software Libero","link":"https:\/\/monodes.com\/predaelli\/category\/software\/software-libero\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":9107,"url":"https:\/\/monodes.com\/predaelli\/2022\/02\/16\/fai-fully-automatic-installation\/","url_meta":{"origin":13873,"position":4},"title":"FAI – Fully Automatic Installation","author":"Paolo Redaelli","date":"2022-02-16","format":"link","excerpt":"FAI - Fully Automatic Installation FAI is a tool for unattended mass deployment of Linux. It's a system to install and configure Linux systems and software packages on computers as well as virtual machines, from small labs to large-scale infrastructures like clusters and virtual environments. You can take one or\u2026","rel":"","context":"In "Debian"","block_context":{"text":"Debian","link":"https:\/\/monodes.com\/predaelli\/category\/debian\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":2355,"url":"https:\/\/monodes.com\/predaelli\/2017\/04\/14\/lets-chat\/","url_meta":{"origin":13873,"position":5},"title":"Let’s chat!","author":"Paolo Redaelli","date":"2017-04-14","format":false,"excerpt":"I've been lingering on OTFC #debian-it IRC channel and the almighty Elena of Valhalla made me discover the importance of maintain control over our communications that nowasdays are oftn channeled into various chat, social network and the like. So I've read her article \u00abModern XMPP Server\u00bb and Enrico Zini's \u00abModern\u2026","rel":"","context":"In "Android"","block_context":{"text":"Android","link":"https:\/\/monodes.com\/predaelli\/category\/smartphones\/android\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"jetpack_likes_enabled":true,"_links":{"self":[{"href":"https:\/\/monodes.com\/predaelli\/wp-json\/wp\/v2\/posts\/13873","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/monodes.com\/predaelli\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/monodes.com\/predaelli\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/monodes.com\/predaelli\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/monodes.com\/predaelli\/wp-json\/wp\/v2\/comments?post=13873"}],"version-history":[{"count":0,"href":"https:\/\/monodes.com\/predaelli\/wp-json\/wp\/v2\/posts\/13873\/revisions"}],"wp:attachment":[{"href":"https:\/\/monodes.com\/predaelli\/wp-json\/wp\/v2\/media?parent=13873"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/monodes.com\/predaelli\/wp-json\/wp\/v2\/categories?post=13873"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/monodes.com\/predaelli\/wp-json\/wp\/v2\/tags?post=13873"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}