How to keep yourself busy with local infrastructure, episode 100:
I keep all my local stuff (rfc1918) below a public facing tld, served by my local OpnSense. Think: “printer.lan.example.com”.
Not that big of an issue.
BUT: I also have a few public facing services below the same top level domain, e.g. “vault.example.com”.
Now I thought it would be a brilliant idea to finally enable DNSSEC for that domain.
Well, guess what broke after I created the DNSSEC records for the top level domain. 🤕