DNS and Rust in Critical Infrastructure
Last month we skipped our regularly scheduled newsletter to give centre stage to Maarten's article on open-source software vs. the proposed Cyber Resilience Act. In the new year we'll give you an update on what has happened since, but now we'd like to tell you about our adventures at the Science Park below sea level...
💬 In this issue:
- The "Rust in Critical Infrastructure" Meetup: We hosted a get-together with talks for Rust developers!
- DNS Software Development in Rust: Next year we intend to offer a cross-platform, asynchronous DNS library and a stub resolver
- From the News Desk: A veritable mountain of short updates on our activities
- A Bright Future: A look back on 2022 and a view forward to the future of NLnet Labs
🧑🏫 The "Rust in Critical Infrastructure" Meetup
Our friends at Tweede golf are very active in the Rust Netherlands community. A couple of months ago they asked us if we would be interested in hosting a Rust meetup, featuring a couple of topics we are working on.
On November 30th, this resulted in the "Rust in Critical Infrastructure" Meetup, with talks on open-source and open standards at the core of the Internet. With a packed venue (and quite a waiting list) we are very excited at how the event on our home ground at the Amsterdam Science Park turned out.
We had talks on the Network Time Protocol, fuzzing, automated creation of Debian, RPM and Docker packages for Rust projects, how to use Generic Associated Types (GATs), and TLS in Rust with rustls.
If you want to watch the talks to learn more about thee topics, check out this playlist on the Rust Nederland YouTube channel.
🦀 DNS Software Development in Rust
More than six years ago Martin released version 0.1.0 of the domain crate, our DNS library for Rust, as a way to learn this exciting new language that guarantees memory-safety and thread-safety.
It was this experience with Rust that gave us the confidence to use it for our BGP routing products that have been developed in the last few years, such as Krill, Routinator and Rotonda. All the while, the domain crate remained a bit of a side project. But this will change in 2023...
Martin gave the entire DNS development team a rundown of the domain crate and associated libraries, such as octseq. This kicks off our five-year mission* to take all of the lessons learned from our major DNS projects such as NSD and Unbound—but also our experimental projects like getdns and connectbyname—to build easy-to-use, memory-safe DNS solutions in Rust that guarantee performance, privacy, security, and make use of the latest standards.
Our first goal is to build a cross-platform, asynchronous DNS library for Rust that supports all modern transports, followed by a stub resolver. We believe this will provide tremendous value for the Rust developer community.
* cue Star Trek references... 👽🗞 From the News Desk
- You can now also follow our adventures on Mastodon, where we've found a home on the fosstodon.org instance.
- We attended RIPE85 in Belgrade, where Maarten presented on the Cyber Resilience Act and Willem was elected co-chair of the DNS working group.
- We went to London for IETF115, where—among many other things—we worked on the DNS Error Reporting draft during the Hackathon.
- We collaborated on the BITAG report on "Security of the Internet’s Routing Infrastructure", which contains an imporant pararaph on funding of open-source software.
- Krill 0.12.0 is out, vastly reducing CPU usage. Up next will be Trust Anchor support, gearing up for a big announcement next year. Stay tuned!
- Because ARIN now allows developers to embed their RPKI Trust Anchor Locator (TAL), Routinator 0.12.0 is out to make use of this.
- Unbound 1.17.0 brings PROXYv2 protocol support and ACLs per interface. Going forward, you can keep track of our upcoming work via GitHub milestones.
- You can now also become a patron of NLnet Labs via Liberapay.
☀️ A Bright Future
Five years ago the NLnet Labs foundation had eight employees. And, while our bylaws state that our mission is to develop and support open-source and open standards for core Internet infrastructure, our daily work mostly revolved around DNS. We always had the ambition to work in other areas in this field, such as providing software for inter-domain routing, as well as bridging technology and policy. We're incredibly proud that this year we've genuinely made a breakthrough.
Krill and Routinator, our software packages to support routing security, are now four years old, widely used and highly respected. In the last two years we've been continually building our analytical BGP engine Rotonda, which is now on the verge of a product launch. And last but not least, we've been able to bolster our policy ambitions by hiring Maarten Aertsen and expanded our research and development capacity with our latest team member Koen van Hove.
Now, with sixteen people making up NLnet Labs, our future is looking brighter than ever. It's critical to note that this is thanks to the Internet industry and our Community. The only reason we're able to offer free, open-source and liberally licensed software is because we're supported by all the organisations who rely on our work. In recent years there has been a major shift from occasional donations to recurring revenue through support contracts and paid features, giving us the financial security to make our ambitions a reality. While this year we didn't quite make a profit, we're proud that we've successfully weathered the pandemic and are in a position to expand our team.
🙌 Thank you all!
Until next time!
🎆 Love, and happy holidays from the NLnet Labs crew