Research Leaping through RPKI history with Ziggy RPKI, the Resource Public Key Infrastructure, is an important cornerstone in securing the BGP routing system on the Internet. In its…
Research Measuring the impact of DNS Flag Day DNS Flag Day 2019 stimulated a lot of awareness, and as a result, the Internet got a little better.
Dev Hackathon @ Africa Internet Summit 2019 The main objectives of the NLnet Labs foundation are the development of Open Source Software and Open Standards; this combination creates…
Dev Prototyping Unbound extensions in minutes with Python and Docker How, theoretically, could one lower the barrier to trying out the connection testing feature of the Internet.nl application.
RPKI Krill — A New RPKI Certificate Authority From outer space to the depths of the sea, NLnet Labs knows no boundaries with their Resource Public Key Infrastructure (RPKI) project.
Research The Ongoing Story of OpenINTEL: Measuring the DNS for Research, Policy and Protocol Improvements Measuring the DNS for Research, Policy and Protocol Improvements.
Misc Building a new home for NLnet Labs Over the last weeks we threw ourselves at creating a brand new website for NLnet Labs, with lots of decisions to make along the way.
DNS Aggressive use of the DNSSEC-Validated cache in Unbound One of the new features in Unbound 1.7.0 is the aggressive use of the DNSSEC-Validated cache, resulting in decreased load on name servers.
DNS The peculiar case of NSEC processing using expanded wildcard records Unbound, Google public DNS, PowerDNS and Dnsmasq contained a flaw that made it possible to downgrade secure connections.
DNS Bringing DNS Security and Privacy to the End User How the getdns API project helps to achieve the goal of DNSSEC validation and DANE authentication at the end-points.
DNS Privacy: Using DNS-over-TLS with the new Quad9 DNS Service Install and configure Stubby to communicate securely with the Quad9 DNS service using DNS-over-TLS.
Dev Testdriving the CrypTech Alpha Board Experiences with the open source hardware cryptographic engine.
DNS Client based filtering in Unbound Using ‘tags’ introduced in Unbound 1.5.10 and ‘views’ in Unbound 1.6.0 to let DNS answers depend on the address of the client.
Dev I Can’t Believe It’s Not DNS! Experiences with “I Can’t Believe It’s Not DNS!”, an authoritative DNS server on the Espressif ESP8266, written in MicroPython.
DNS Algorithm Rollover in OpenDNSSEC 1.3 Roll to a new algorithm securely with OpenDNSSEC 1.3.x if you are clever about it and don’t mind some manual intervention.
DNS NSD 4.1: zonefile-mode and fork fix NSD 4.1 has a new feature where it does not use the nsd.db file, but uses the zonefiles directly.
OpenDNSSEC project transferred to NLnet Labs NLnet Labs announces that it will take full responsibility for continuing the activities of the OpenDNSSEC software project and support.
Dev Hackathon at TNW-2014 At NLnet Labs we believe that DNSSEC allows for security innovations that will change the global security and privacy landscape.
Research Does Open Data Reveal National Critical Infrastructures? This blog post is based on the report “Open Data Analysis to Retrieve Sensitive Information Regarding National-Centric Critical Infrastructures [http://www.nlnetlabs.nl/downloads/publications/RP45%20Open%20Data%20Analysis%20-%20Critical%20infrastructures.pdf] ” by Renato Fontana. Democratization of Public Data The ideas of Open Data [http://okfn.org] comes from
Research How “National” is the Dutch Critical IP Infrastructure? This blog post is based on the report “Discovery and Mapping of the Dutch National Critical IP Infrastructure [http://www.nlnetlabs.nl/downloads/publications/RP2_report_Mapping_the_Dutch_Critical_Infrastructure.pdf] ” by Fahimeh Alizadeh and Razvan Oprea. Problem After the publication of the Critical Infrastructure Protection report more than
DNS RRL SLIP and Response Spoofing By Wouter Wijngaards The recent disclosure by ANSSI (CVE-2013–5661) notes problems with RRL Slip and response spoofing. This document explains explains the tradeoffs. Other documents with advice: * French announcement from ANSSI: http://www.certa.ssi.gouv.fr/site/CERTA-2013-AVI-506/index.html * Dutch vuln announcement: https://www.ncsc.nl/.../NCSC-2013-0597.
DNS NSD4 TCP Performance By Wouter Wijngaards For NSD 4 the TCP performance was optimised, with different socket handling compared to NSD 3. This article discusses a TCP performance test for NSD 4. In previous blog contributions, general (UDP) performance [http://www.nlnetlabs.nl/blog/2013/07/05/nsd4-performance-measurements/] was measured and memory usage
DNS NSD4 High Memory Usage By Wouter Wijngaards NSD 4 is currently in beta and we are expecting a release candidate soon. This is the second of a series of blog-posts in which we describe some findings that may help you to optimize your NSD4 installation. In the first article [https://blog.nlnetlabs.nl/blog/
