XMPP Service Operators - 2026-03-31

  1. freespoken.nz

    >> Regular DNS is centralized. > for the most part you have full control over DNS, anyone who relies on DNSSEC in this room I urge you to run your own nameserver and hold your own DNSSEC keys, do not trust your DNS provider with such control. My understanding is that when a recursive resolver queries icebound.dev's NS or DS records, the answer comes from dev's name servers, not icebound.dev's ones, because it doesn't yet know where icebound.dev's name servers are, or how to verify the answers they give. So what's to stop dev's name servers from selectively sending specific victims' recursive resolvers the wrong answers?

  2. Guus

    > Guus, sorry for the ping, has Openfire ever been tested peering with unicode servers? There is basic unit testing, but i am not aware of anything beyond that

  3. sven222

    Is it possible, that jabber.de is again down? Is there any possibility to help them?

  4. Menel

    I can xmpp - ping the server

  5. Menel

    seems up

  6. sven222

    Yes, seems up again.

  7. stratself

    is there any reliable xmpp way to send a message when another server's offline? e.g. have my messages in an outbox or something until theyre online again

  8. MattJ

    There's no reason inherent in the protocol that prevents this being done, but I'm not aware that anyone has done it

  9. MattJ

    I think this is partly because XMPP is not email, it's expected to be more real-time

  10. jjj333_p [pain.agency]

    related, probably more appropriate for jdev, something like a delay send function on the server would be really nice. not sure how that would play with any pfs of omemo but idk

  11. icebound.dev

    > My understanding is that when a recursive resolver queries icebound.dev's NS or DS records, the answer comes from dev's name servers, not icebound.dev's ones, because it doesn't yet know where icebound.dev's name servers are, or how to verify the answers they give. So what's to stop dev's name servers from selectively sending specific victims' recursive resolvers the wrong answers? freespoken.nz, I am not 100% your point here? icebound.dev is using hosted DNS as of right now, some of my other servers are using nsd, this server is rather errr... old :) The tld server tells the recursive resolver where to find the icebound.dev zone. However if your zone is the same as your nameserver (aka ns1.icebound.dev) you need a glue record, which is just telling the tld server what the IP address of the nameserver is, as you need to know the IP of ns1.icebound.dev to then ask it for the IP address of ns1.icebound.dev, all other records within the zone are then stored on the authoritative DNS server, giving you full control. When it comes to DS records theres one at every level. This is why if your TLD doesn't support DNSSEC (like im. for example) you can't use it yourself. Think of it like SSL certificate chains, each level needs to be verified, otherwise a tld server could serve a spoofed authoritative DNS server.

  12. icebound.dev

    The tl;dr here is, after you have paid for your domain you are free to do with it as you wish. Although I recommend you pick a tld which supports DNSSEC :)

  13. icebound.dev

    > There's no reason inherent in the protocol that prevents this being done, but I'm not aware that anyone has done it I guess you could have a buffer server side to store pending messages for 24 hours (for example) before sending an error back to the client.

  14. icebound.dev

    But yeah I don't see the point of it. Although it would be cool to have MoXMPP (Mail over XMPP)

  15. freespoken.nz

    > The tl;dr here is, after you have paid for your domain you are free to do with it as you wish. Although I recommend you pick a tld which supports DNSSEC :) My point is that although DNSSEC and self-hosted DNS can reduce the number of ways you can be attacked, and the number of people who can attack you, they're no silver bullet for the (well-hidden, impressively mitigated) centralization of ICANN/IANA DNS. You can always be attacked by your superiors in the hierarchy.

  16. tom

    What about the centralization of LIRs in america and how they charged over 500 for PI6 address space

  17. tom

    As if ipv6 addresses were a scarce resource or only corporations need them

  18. tom

    Meanwhile over in Europe RIPE has sane policies and LIR delegation

  19. tom

    So everyone has to pay for two internet connectiona. One for last mile and another to bust through cgnat and tunnel ipv6 over

  20. tom

    So everyone has to pay for two internet connections. One for last mile and another to bust through cgnat and tunnel ipv6 over

  21. tom

    Also to stop the ISP from stripping dnssec

  22. freespoken.nz

    > What about the centralization of LIRs in america and how they charged over 500 for PI6 address space Indeed, normal delegation of IP address space is likewise centralized and hierarchical. But Yggdrasil and CJDNS (for example) allocate IP addresses automatically based on public keys, using reserved IPv6 address spaces. If this is getting too far off topic, Yggdrasil-specific discussion would fit at xmpp:yggdrasil@groups.freespoken.nz?join (which federates not only with non-ASCII domains, but also with Yggdrasil-based v6.alt domains).

  23. tom

    But its a slow userspace overlay network written in a weird programming language, when ive already had to build an overlay network from ipsec

  24. tom

    To route an ipv6 delegation from a data center over