TLS

DNS over TLS using BIND and Nginx

Since our BIND server currently does not support TLS secured queries natively, we will be using nginx rather than stunnel to provide a secured endpoint. Not only is Nginx already part of our system, i...

Drop clients which do not indicate server names

Sometimes we want to drop clients which do not send valid server_names but probe our Nginx IPs. Using Server Name Indication (SNI) for our virtual hosts we want to drop all clients which do not speci...