Thomas Steen Rasmussen

I build and run systems, preferrably using FreeBSD, Postgres and Django. I have a healthy interest in security, and I occasionally dabble in networking.

I've built UncensoredDNS, Hushfile, Certgrinder and other things, and I am one of the BornHack organisers.

I work as tech lead for a Danish ISP which is among the BornHack sponsors.


URLs for Thomas Steen Rasmussen

Github: https://github.com/tykling/

Blog: https://blog.tyk.nu

Twitter: https://twitter.com/tykling

Keybase: https://keybase.io/tykling


Music Act 30 Years of Danish Rap

A journey from 1988 through to 2018 where we listen to Danish rap and hiphop evolve from then to now.

Scheduled Instances of "30 Years of Danish Rap"


Talk DNS Provider Decentralisation and DNS Privacy Update

Thoughts on recursive DNS service provider decentralisation, and an update on the status of current DNS privacy initiatives.

We are currently seeing an unfortunate trend of centralisation on a few DNS service providers (like Google, Cloudflare and such). People are moving away from ISP DNS resolvers for good reasons, including censorship, missing privacy features and more - but they are moving to a few very large providers. The downsides of centralising are obvious, but the path towards decentralisation is never easy. I will discuss using my UncensoredDNS project as a blueprint for starting smaller, community driven DNS providers.

DNS-over-TLS and DNS-over-HTTPS (DoH) can be used to secure the integrity and confidentiality of DNS traffic between client and recursive resolver. Both can be used either directly from the actual client (like a laptop or a phone) or through a stub resolver on a home internet router. I will cover the current state of client- and server-side software support for these protocols, explaining how they work and how to use them.

Scheduled Instances of "DNS Provider Decentralisation and DNS Privacy Update"


Talk Introducing Certgrinder

Certgrinder is a LetsEncrypt SSH proxy which allows administrators to handle LetsEncrypt ACME challenges on a central server rather than on the individual servers which need the certificates. This software has come a long way since the lightning talk at BornHack 2017. It is written in Python and recently reached version 1.0.

Certgrinder handles certificates for the BornHack infrastructure, UncensoredDNS and more.

The talk will cover the basic principles of operation, getting started, and what kind of issues you might encounter.

Scheduled Instances of "Introducing Certgrinder"


Meetup UncensoredDNS Users Meetup

Let's get together and discuss challenges and opportunities for the UncensoredDNS project. Any past, present or potential UncensoredDNS users are very welcome to join!

Scheduled Instances of "UncensoredDNS Users Meetup"