security

I recently got around to finally enable dnssec on the fly signing in my CoreDNS setup. Since the process to set this up isn’t very good documented I thought I’d write a short blog post about it. Steps 0. Only for docker Make sure you have a directory for the dnssec keys mounted in your container. 1. Generate the dnssec key To generate the dnssec key you need to have bind9utils installed....

Content Security Policy (CSP) is an added layer of security that helps mitigate certain types of attacks, like Cross Site Scripting and data injection attacks. CSP is a pretty powerful tool that defines what content on your Website is allowed to be parsed/executed. On top of that it is relatively easy and relatively low risk (compared to HSTS or HKPK) to deploy, since the browser doesn’t cache content security policies....