How to keep yourself busy with local infrastructure, episode 100:

I keep all my local stuff (rfc1918) below a public facing tld, served by my local OpnSense. Think: “”.

Not that big of an issue.

BUT: I also have a few public facing services below the same top level domain, e.g. “”.

Now I thought it would be a brilliant idea to finally enable DNSSEC for that domain.

Well, guess what broke after I created the DNSSEC records for the top level domain. 🤕