Since our BIND server currently does not support TLS secured queries natively, we will be using nginx rather than stunnel to provide a secured endpoint. Not only is Nginx already part of our system, it also allows more granular configuration. We will proxy the requests to our local BIND instance. The nginx stream module needs to […]

Sometimes we want to drop clients which do not send valid server_names but probe our Nginx IPs. Using Server Name Indication (SNI) for our virtual hosts we want to drop all clients which do not specify one of them. Typically these clients attempt to walk our IPs for well-known web applications. Let’s call our intercepting server /etc/nginx/sites-available/_default_drop. […]