DNS

A collection of 49 posts

NSD

Experimental support for AF_XDP sockets in NSD

By Jannik Peters We have been developing support for AF_XDP sockets in NSD. They allow handling a higher rate of network packets than through the Linux network stack on supported hardware[1]—For a list of supported drivers (and by extension hardware) and their minimum Linux kernel version please

DNS

Prometheus Metrics in NSD 4.12.0

By Jannik Peters We finally implemented a Prometheus metrics endpoint, providing the statistics you know from nsd-control stats/stats_noreset in Prometheus format via HTTP. To enable the Prometheus metrics endpoint, specify the option metrics-enable: yes in the config's server section. You can then point your Prometheus exporter

DNS

Domain Foundations – The first of our five year vision

By Arya K., Martin Hoffmann and Alex Band About a year ago, we unveiled our vision for the next five years of DNS at NLnet Labs. In this series of articles, we’d like to provide you with an update on our accomplishments last year and our plans for 2025

DNS

DNS-over-QUIC in Unbound

By Wouter Wijngaards, with contributions from Yorgos Thessalonikefs DNS-over-QUIC (DoQ) uses the QUIC transport mechanism to encrypt queries and responses. The DoQ transport for DNS is defined in RFC 9250. With the recent release, Unbound can be configured to support DoQ clients downstream. This feature is not a standard component

Newsletter

Introducing new DNS Diagnostics Tooling

In this DNS-centric edition of “Of Trees and Tries” we’re excited to share what we’ve been working on over the last few months. Before we get started, we have something special to share. Frances Brazier, legendary computer scientist and one of the founders of NLnet Labs, received a

Newsletter

The Spring 2024 Newsletter

Welcome back to our newsletter “Of Trees and Tries”. In this spring edition, we’re excited to share what we’ve been working on and what’s coming up in the world of open-source, open standards and tech policy. DNS Benno and Alex started the year by sharing our thoughts

DNS

The Sovereign Tech Fund Bolsters Our Sustainable Open-Source Efforts

This year, NLnet Labs will celebrate its 25th anniversary. For two and a half decades, we have stayed true to our founding principle to offer free, open-source, liberally licensed software to support core Internet infrastructure.  Throughout 2024, the Sovereign Tech Fund will support the development of one of our projects,

DNS

Domain – DNS Building Blocks for Application Developers

In the previous article of this series, we presented our vision for DNS for the coming five years. In this post, we'll outline this year's milestones for expanding the domain crate, our Rust library serving as a collection of building blocks to include components of the

DNS

The Next Five Years of DNS at NLnet Labs

2024 marks 25 years of NLnet Labs. We have delivered on our mission to make the domain name system (DNS) more dependable and trustworthy, and we are full of ambitions for the future.  DNS standards and operations have evolved significantly in the last decades as technology advances and increasingly sophisticated

DNS

Somebody Told Me

Proxying client information to your favorite resolver and more.

Research

Journeying into XDP: XDPerimenting with DNS telemetry

By Luuk Hendriks The XDP programs we’ve so far described in this series have been actively modifying DNS packets to perform functions such as response rate limiting (RRL), cookies and padding. This time, we’ll look into a passive BPF-program which enables us to plot graphs of DNS metrics

Newsletter

🛠 A confidence building toolbox

Nobody likes pushing the "Go" button to deploy and just hope things will be okay. 🤞 In this newsletter we'll cover some of the recent additions to our software aimed at giving you more operational confidence... 💬 In this issue: * Zone Verification in NSD. Prevent zones with errors

DNS

Zone verification, the feature formerly known as CreDNS, formerly known as dnSƧexy

NLnet Labs is pleased to announce version 4.6.0 of NSD. This release integrates and revives zone verification, a feature previously shipped in a separate product called CreDNS, which had its last release (0.2.10) in June 2012.

DNS

Extended DNS Error support for Unbound

Unbound 1.16.0 adds support for Extended DNS Errors (EDEs) as codified in RFC 8914. While EDE was already supported in NSD since version 4.3.6 released in April of 2021, as with most things in a resolver, EDE support took more time to implement. As a short

Research

Journeying into XDP: Fully-fledged DNS service augmentation

By Willem Toorop In our previous post on using eXpress Data Path (XDP) for DNS, we discussed how a new XDP rate-limiting queries feature can augment a DNS service running in user space (with common DNS software) to deal with denial of service (DoS) attacks. Journeying into XDP: Part 0Network

DNS

Supporting DNSSEC Key Signing Ceremonies

Over the past decade, uptake of DNSSEC has grown significantly. The vast majority of top-level domains (TLDs) is now DNSSEC-signed. While key signing ceremonies are now deployed in many places in the DNSSEC community, what is lacking is a common approach, especially related to tooling.

DNS

SAD DNS and NLnet Labs DNS software

Update 18 November 2021: we are aware of the follow-up paper published by the researchers. The text below remains accurate for Unbound users. Please note that Unbound 1.13.2 and newer has IPv6 PMTU disabled  for UDP. During the ACM CCS conference 2020, held November 9-13, researchers from UC

Research

Journeying into XDP Part 1: Augmenting DNS

How can eXpress Data Path (XDP) augment existing DNS software? We share our experiences of implementing Response Rate Limiting in XDP.

DNS

DNS-over-HTTPS in Unbound

A major step forward in end user privacy.

DNS

Some Country for Old Men

An Unbound Story of Serving Expired Records.

Research

Journeying into XDP: Part 0

Network programming using XDP has been on our radar for a while now. As tooling around this technology has vastly improved, we decided that it was time to finally get our hands dirty and see what this technology is all about.

Research

Adapting Radix Trees

NLnet Labs continuously strives to push the performance of its products. Over the course of the past year we researched improvements to main-memory databases for our authorative nameserver, NSD.

DNS

Tuning NSD for even better performance

NLnet Labs is pleased to announce version 4.3.0 of NSD. This release contains, among bug fixes, features to tune NSD for even better performance. Most notably, processor affinity.

DNS

Response Policy Zones in Unbound

We are incredibly happy to introduce Unbound 1.10. This release features RPZ, a mechanism that makes it possible to define your local policies in a standardized way, and load your policies from external sources.

Research

Measuring the impact of DNS Flag Day

DNS Flag Day 2019 stimulated a lot of awareness, and as a result, the Internet got a little better.