[Maarten Van Horenbeeck]

The daemon.be servers

Location and connectivity

Historically, Daemon.be servers have been hosted with EV1Servers/RackShack/SoftLayer, SprocketData, Exportal.pl, Hetzner and ait.com. Today, Daemon is spread between Amazon EC2, Google Compute Platform and Hetzner.


Each server runs a version of the 4.x Linux kernel. Internet applications are served by Apache, Dovecot, Postfix, BIND and vsftpd. For webmail we use Roundcube. We use extensive containerization provided by LXC.

Digital certificates are provided by Let's Encrypt. The servers use a variety of security mechanisms, including the Linux auditd subsystem, OSSEC and osquery.

We serve CAA records:

; <<>> DiG 9.8.3-P1 <<>> daemon.be type257
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61850
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;daemon.be.			IN	TYPE257

daemon.be.		600	IN	TYPE257	\# 22 000569737375656C657473656E63727970742E6F7267
daemon.be.		600	IN	TYPE257	\# 28 0005696F6465666D61696C746F3A696E666F406461656D6F6E2E6265

The servers are configured to return various HTTP security headers.