Cyberpunk 2077, Cities Skylines, Kerbal Space Program, Gadgets, Tech Repairs, 3D Printing, Linux OS, Cybersecurity.

  • 0 Posts
  • 1 Comment
Joined 2 years ago
cake
Cake day: December 3rd, 2022

help-circle
  • @Jerry@hear-me.social

    While you are securing your domain, 3 more good ideas:

    1. Enable DNSSEC. This will sign the dns query responses to help ensure your DKIM and TLSA can be trusted.

    2. Configure CAA records with only your TLS certificate issuer so any other certificates are not trusted.

    3. Configure DANE TLSA records with a hash of the public keys for your email server and websites. Also be sure to configure the “mta-sts.@“ subdomain to serve the correct text file. This will provide an additional chain of trust for your email server (and websites server).