[Maarten Van Horenbeeck]
The daemon.be servers
Location and connectivity
Historically, Daemon.be servers have been hosted with EV1Servers/RackShack/SoftLayer, SprocketData, Exportal.pl, Hetzner and ait.com. Today, Daemon is spread between Amazon EC2, Google Compute Platform and Hetzner.
Software
Each server runs a version of the 4.x Linux kernel. Internet applications are served by Apache, Dovecot, Postfix, BIND and vsftpd. For webmail we use Roundcube. We use extensive containerization provided by LXC.
Digital certificates are provided by Let's Encrypt. The servers use a variety of security mechanisms, including the Linux auditd subsystem, OSSEC and osquery.
We serve CAA records:
; <<>> DiG 9.8.3-P1 <<>> daemon.be type257
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61850
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;daemon.be. IN TYPE257
;; ANSWER SECTION:
daemon.be. 600 IN TYPE257 \# 22 000569737375656C657473656E63727970742E6F7267
daemon.be. 600 IN TYPE257 \# 28 0005696F6465666D61696C746F3A696E666F406461656D6F6E2E6265
The servers are configured to return various HTTP security headers.