How (not) to configure your domainname [internet.nl] (WHY...

What this episode covers

The most common configurations seen in scanning domain names with [Internet.nl](https://internet.nl), e.g. those found in [biannual governmental measurements](https://www.forumstandaardisatie.nl/metingen/informatieveiligheidstandaarden). This talk will explain how to configure modern security standards on your domain name with the help of [the open source](https://github.com/internetstandards/Internet.nl/) [Internet.nl](https://internet.nl). It will show common misconfigurations in DNS and security headers. Teach you why you should probably want to avoid `www CNAME @`, want to enable IPv6 and other observations from the [biannual measurements](https://www.forumstandaardisatie.nl/metingen/informatieveiligheidstandaarden) of scanning more than 10.000 governmental host names in The Netherlands. After this talk you'll know at least one DNS or security header improvement for your own or organization domain. This presentation will touch: - why enable DNSSEC ([RFC 4033](https://datatracker.ietf.org/doc/html/rfc4033) and many more), some common failures (e.g. CNAME's) - why enable IPv6, not talking about 'IPv4-mapped IPv6 address' here, issues if you're still not supporting IPv6 (almost 30 years after [RFC 1883](https://datatracker.ietf.org/doc/html/rfc1883)) - why not CNAME to your apex domain (if you have an Mx record) - why use Null MX ([RFC 7505](https://datatracker.ietf.org/doc/html/rfc7505)) - why configuration SPF ([RFC 7208](https://datatracker.ietf.org/doc/html/rfc7208)) on all hostnames - why there are more reasons to avoid CNAME's - why enable DANE ([RFC 6698](https://datatracker.ietf.org/doc/html/rfc6698)) and TLSRPT ([RFC 8460](https://datatracker.ietf.org/doc/html/rfc8460)) and why it's superior to MTA-STA ([RFC 8461](https://datatracker.ietf.org/doc/html/rfc8461)), how to rotate DANE - why monitoring matters - why first doing a `https://` redirect before a domain redirect - why a strict Content-Security-Policy ([CSP v3](https://www.w3.org/TR/CSP3/)) will save you - why configure `ssl_reject_handshake` (nginx only) - why have an accessible security.txt (special allow rule if you have basic auth!) that contains at least one email address - why start cookie names with `__Host-`or `__Secure-` ([MDN](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Set-Cookie#cookie-namecookie-value)) Licensed to the public under https://creativecommons.org/licenses/by/4.0/ about this event: https://program.why2025.org/why2025/talk/XVET7C/

Share this episode

Similar Episodes

The Boys Podcast Season 5 Episode 3

Apr 21, 2026 ·73m

Daredevil Born Again 205 Review

Apr 18, 2026 ·95m

Invincible Season 4 Episode 7 Review

Apr 15, 2026 ·55m

The Boys Podcast Season 5 Episode 2

Apr 13, 2026 ·68m

Invincible Season 4 Episode 6 Review

Apr 11, 2026 ·59m

The Boys Podcast Season 5 Episode 1

Apr 9, 2026 ·66m

Similar Podcasts

LIGHTS, CAMERA, SMILE! Creatives Club Media Lights, Camera, Smile, is a podcast for anyone with a dream to share something with the world, out of the overflow of themselves - be it their mind, their heart, their personalities, and much more. Each of us are alive in this moment in time, with an innate ability to have ideas and create various things to benefit both ourselves and the people around us for a reason, and here, you will find the encouragement, the inspiration, and the motivation to do just that. Hosted by Cicily, founder of Creatives Club, she dives into various topics surrounding creativity and business. Exploring entrepreneurship for creatives in a corporate reality, sharing tips and tricks in a media centered company, answering questions regarding what a creative actually is are just a few of the things discussed on this podcast. Be encouraged to create for yourself as Cicily gets vulnerable by pivoting the camera to herself for the first time.To submit questions for Cicily to answer, or have her address certain t The PFN Cincinnati Bengals Podcast Pro Football Network The PFN Cincinnati Bengals Podcast is where you can stay up-to-date with the latest news and analysis on the Cincinnati Bengals! Our hosts, industry experts Jay Morrison and Dallas Robinson, provide weekly coverage of all the latest rumors and updates about the Bengals. Don’t forget to follow the show to receive new episodes directly in your podcast feed and leave a rating and review to let us know your thoughts. Piramidi Club The Bitcoin Butcher La Migliore Pizza di Firenze IT IS WHAT IT IS with SHALLZ - SHALLY ZOMORODI Shally Zomorodi What? "It is what it is" with ShallZ – Shally ZomorodiWhen? WeeklyHow long? 35 minutesEvery week, Mother of 4, wife, morning TV news anchor and ultimate hostess, Shally Zomorodi talks about life - its up's and downs and how to stay on track in her weekly podcast, ‘It is what it is.’ Known for her high energy, infectious smile and ability to see the cup as half full Shally talks about all things in life and how to work through its challenges. From parenting, marriage, friendships, current events to how to smile when it just seems impossible ‘It is what it is’ is the perfect podcast to help inspire you to dance through the rain.

Frequently Asked Questions

How long is this episode of Chaos Computer Club - recent events feed?

This episode is 50 minutes long.

When was this Chaos Computer Club - recent events feed episode published?

This episode was published on August 11, 2025.

What is this episode about?

The most common configurations seen in scanning domain names with [Internet.nl](https://internet.nl), e.g. those found in [biannual governmental measurements](https://www.forumstandaardisatie.nl/metingen/informatieveiligheidstandaarden). This talk...

Can I download this Chaos Computer Club - recent events feed episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.