Some days ago I dealt with DNSSEC and DANE in conjunction with SMTP and HTTPS. It is pretty easy to configure BIND with DNSSEC. Add to your zone configuration these lines: Generate the zone-signing key and the key-signing key in /etc/bind/keys: Now your hoster need to publish the DS record to get a full functional

SMTP and HTTPS with DANE Read More »

SFTP chroot

To put some users in a chroot for sftp you need to adjust a few settings in your sshd_config: Subsystem sftp internal-sftp Match Group sftponly ForceCommand internal-sftp -l VERBOSE ChrootDirectory /srv/sftp X11Forwarding no AllowTcpForwarding no After that you can add a user for sftp and give him a home directory under your chroot. Use /

SFTP chroot Read More »


Yesterday I found a free SSL issuer which supports all major browsers (see here). So I decided to switch my website to SSL only. If you encounter any problems please leave a message

SSL² Read More »


Perhaps some of you may have noticed that my webserver is SSL enabled quite a while. The Root CA is from You can download it here.

SSL Read More »


This is my first release of my new Android app. It is a trainings manager for Trainingsverwaltung on, a german bicycle forum. With this app you can upload your driven routes. Currently it only supports uploading and analysing your routes. The API don’t give me anything to modify or download the existing units. It

TMan-1.0 Read More »