One line DNSSEC configuration in BIND 9.16 (coming out later in February 2020):

zone "" {
type master;
file "";
dnssec-policy default;

See talk by Evan Hunt (ISC) from DNS-OARC last weekend about this and other changes coming in the new BIND 9 version:

"The only beneficiaries from the resulting wrong-think will be shareholders and employees of the garbage-spewing security vendor, and of course, the bad guys"

I'm running a (hopefully) fortnightly newsletter on Substack called The Dork Web. First issue is out on the 30th of Jan, featuring the <$200 Pinebook Pro, a Z80 SBC for running CP/M, China's social credit system in the west and more. Sign up here:

’s for -2020-0601 introduces a call to in when a faked certificate is detected.
Didier Stevens wrote a script that will write a Windows event entry in the Application event log.


Try this
nmap --script=ssl-cert.nse | grep -i Issuer | grep -i 'IOS-Self-Signed-Certificate'

If the above returns any results (adjust subnets accordingly) then you might want to read this:

Show more
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.