https://www.propublica.org/article/microsoft-cloud-fedramp-cybersecurity-government

   https://www.fedramp.gov/2025-09-30-fedramp-built-a-modern-foundation-in-fy25-to-deliver-massive-improvements-in-fy26/

stub resolver (client) -> OPTIONAL forwarding resolver (server) -> recursing / caching resolver (server) -> authoritative server. "Personal DNS server" doesn't disambiguate whether your objective is recursive or authoritative... or both (there is dogma about not using the same server for both auth and recursion, if you're not running your resource as a public benefit you can mostly ignore it). If it's recursive I don't know why you'd run it in the cloud and not on-prem.

You'll find that you can restrict clients based on IP address, and you can configure what interfaces / addresses the server listens on. The traditional auth / nonrepudiation mechanism is TSIG, a shared secret. Traditionally utilized for zone transfers, but it can be utilized for any DNS request.

The traditional mechanism for encryption has been tunnels (VPNs) but now we have DoH (web-based DNS requests) and DoT (literally putting nginx in front of the server as a TCP connection terminator if it's not built in). These technologies are intended to protect traffic between the client and the recursing resolver. Encryption between recursing resolvers and auths is a work in progress. DNSSEC will protect the integrity of DNS traffic between recursives and auths. I don't know how big your personal network is, for privacy / anonymity of the herd you might want to forward your local recursing resolver's traffic to a cloud-based server and co-mingle it with some additional traffic; check the servers' documentation to see if you can protect that forwarder -> recursive traffic with DoT or you're not gaining any additional privacy; it's extra credit and mostly voodoo if you don't know what you're doing. I don't bother, I let my on prem recursives reach out directly to the auths. Once the DNS traffic leaves my ISP it's all going in different directions, or at least it should be notwithstanding the pervasive centralization of what passes for the federated / distributed internet at present.

You don't need ICANN for TLS or encryption. You can create your own CA and sign your own certs. In fact, this is typically how it's done to authenticate for example clients of a web server using certs (you install the cert in the browser).

You can use your CA to sign a cert for your ICANN-registered domain and install it in the web server; there are no internet police who are gonna stop you. Web browsers will complain about this "self-signed cert", unless you install your CA's public key in your browser. (Security-wise, you probably shouldn't go around installing random people's CA certs in your browser. You need to trust them not to issue certs for e.g. google.com. On the other hand you need to trust China and Morocco not to do that already, so maybe you're willing to accept that risk.)

> Is obtaining a domain name registration from an "ICANN-approved" registrar proof of identity for purposes of "authentication".

People make the mistake of conflating an FQDN or address with identity all the time. People point at resources in domains which don't exist (this includes DNS resources), and people register those abandoned domains and then click "forgot password" and take over whatever account was tied to that email address in that domain.

I don't know that ICANN requires any proof. There are CAs which have enhanced identity verification, this applies to the certs they issue for both servers and clients / people.

> What purpose does _purchasing_ a registration serve.

Makes you a member of ICANN's club. There are pseudo-TLDs which are registered in ICANN's tree where you can register a (sub)domain, without interacting with ICANN at all.

Rhetorically speaking, of course.

No.

And you have to accept living with / mitigating that e.g. that isolated wifi access point theoretically receives and will need to apply software updates. /s People seem to treat it as some kind of heresy if you simply deny such appliances internet access.

I'm curious how this will play out. The "John Deer" exemption from the DMCA comes to mind, not sure if it's strictly for farm equipment or still in effect.

* Reverse DNS which points to a web site which has a discoverable / well-known page which clearly describes their behavior.

* Some sort of reverse IP based, RBL and SPF -inspired TXT records which describe who, what, when, why, how, how often

so that I can make automated decisions based on it.

Yah, I don't have a lot of crawlers that I welcome... but I'm building a pretty good database of the worst offenders. At scale... there are advantages to scale which work in my favor, actually.

I documented this at the end of a blog post when I made blocking Amazon incoming requests a default policy several years ago.

If you're doing threat hunting / risk enumeration, Cloudflare is no longer a passive service that miscreants hide behind, they now actively reach out and grab your privates.

   Updated Date: 2026-03-11T07:13:31Z
   Creation Date: 2001-03-09T23:23:30Z
   Registry Expiry Date: 2027-03-09T23:23:30Z

https://www.infoblox.com/blog/threat-intelligence/abusing-ar...

> Humans walk at roughly 2.1-3.0mph. "European cities" are listed as having bus stops 984-1476 ft apart, which would imply you'd typically walk half that to reach the nearest one (492-738 ft), which for a fit 3.0mph person is 2-3 minutes, and for a frail old 2.1mph person is 3-4 minutes.

> Of course, people can be further away than that (they live orthagonally to the bus route), but you get the point. If you doubled bus stop distances to 1476ft apart, it would not add many walking minutes for the users.

Given four "bus stops" spaced at the corners of a square of dimension d, and a linear relationship of distance and time such that d == t, the distance to a stop along the edges of the square is at most d/2 == 0.5d. As the crow flies (straight line) the distance from the center of the square to any of the corners is sqrt(2*(d^2)) / 2 or (approximately) 0.71d.

But people don't fly, rather geometric physical reality is something sometimes called "manhattan distance" which essentially means that they need to walk to the edge and then along the edge (or zig-zag block by block, which amounts to the same thing just repeated at smaller scale). In this case the distance walked to any of the corners from the center is exactly d. Unless you live in the middle of a park (with stops at the corners) d is the best outcome. In a physical environment other obstacles may present which require backtracking; indeed, the bus routes (and hence stops) are likely optimized to avoid backtracking, acknowledging this physical reality.

In the beginning I got hit with something and was misdiagnosed, and almost died; hypertension didn't fit the narrative so was initially ignored. By the way, when you don't sleep for three months it fucks you up. No attempt was ever made to even acknowledge that there might be a root cause for the hypertension. The hypertension drugs worked until they didn't, and they started gaslighting me about it. Bear in mind, in the context of the theme better sleep will help with hypertension (demonstrably true!).

You need to cultivate awareness as well as evidence-based skepticism for this to work. One of the herbs I take interacts with the beta blocker I still take, and if you weren't paying attention it could kill you (nobody told me, or the herbalist, about it). Some of the herbs are pricey, but none are over $80/pound. All in, it costs me about $100 / month, and two hours of my time every three days (to boil herbs). Quite frankly, if the pills work then just do that; but don't treat it as a "solve", get to work and identify some of the root causes and what can be done about it... before they stop working or start making you sick.

Anecdata: 1) A good friend whose anxiety was largely alleviated (and sleep improved) by recognizing and treating their iron deficiency. 2) I have to (can't take the Western drug which was prescribed any more, and the Western doctors can't seem to bang the rocks together) take herbs for my hypertension but as opposed to the side effects I was experiencing from the drug I joke that all of the "side effects" from the herbs are good, they're targeting imbalances which were not recognized / treated previously and lo and behold I settle and sleep better... which helps reduce the blood pressure.