Since our BIND server currently does not support TLS secured queries natively, we will be using nginx rather than stunnel to provide a secured endpoint. Not only is Nginx already part of our system, i...

Nftables simplifies dual stack handling and atomic rule updates compared to iptables which will replace all rules even if only one rule needs to be replaced. We will be using a table of address fam...

Dynamic updates using TSIGs are relatively easy to setup in BIND. The mechanism to limit keys to specific hosts and their IPs may not be apparent per se on the other hand. TSIGs provide point-to-poin...