Oh, now I see. I guess then the DNS64 server needs to do the dnssec verification on behalf of the user, then drop the RRSIG records for the v4->v6 translated names.
Oh, and now I realize I confused the direction. DNS64 makes v4 into v6.
I’m fortunate to get native IPv6, so I’m not very familiar, tho I think I have basic understanding.
Did you mean you need to pick just one of {authoritative DNS server, DNS64} to listen on port 53? No, because the authoritative DNS only needs to be accessible from the outside. Run it on another machine or nonstandard port, then expose via port forwarding. Machines in LAN don’t need direct access to the authoritative DNS server, they can just as well resolve via the regular system.
Are you sure you need DYNDNS? My ‘dynamic’ IP address changes so rarely that I just update my DNS entries manually when it does.
Could you elaborate on the “non-spying” bit? There’s not much they can infer from people looking up your IP. Unless you run their daemon that updates the IP, as opposed to curl in cron.
I just self-host my own DNS server. Works like a charm. Setting up DNSSEC was a tad fiddly tho.
Long story short:
dig can use a specific server)
An official Microsoft Linux distro has existed for a while now: https://en.m.wikipedia.org/wiki/Azure_Linux
There’s more Linux than Windwoes VMs in Azure, I hear.
…all of them excellent. Dwarf Fortress, while being the bee’s knees, is not open source.
Also try out Cataclysm: DDA. It’s open source, and possibly approaches Dwarf Fortress in scope and fun.
I’ve seen some apps free on F-droid and paid in Play Store. Best of both worlds!
Here’s an example: https://play.google.com/store/apps/details?id=at.bitfire.davdroid
This implies that waiters are the root of all evil.
VS Code runs flawlessly on Linux, as does dotnet the compiler/runtime.
C# is a fine language, and you can easily upgrade to F#, if adventurous.
I use nvim with omnisharp-roslyn myself, which doesn’t work as reliably, but I’m used to Vim, so meh.
How could a hijacked DNS entry harm you?
You can leverage the trust in DNSSEC to distribute TLS and SSH fingerprints too, look up DANE.