DNS Supporting DNSSEC Key Signing Ceremonies Over the past decade, uptake of DNSSEC has grown significantly. The vast majority of top-level domains (TLDs) is now DNSSEC-signed. While key signing ceremonies are now deployed in many places in the DNSSEC community, what is lacking is a common approach, especially related to tooling. NLnet Labs 1 Dec 2020 • 13 min read
DNS SAD DNS and NLnet Labs DNS software Photo by arash payam / UnsplashUpdate 18 November 2021: we are aware of the follow-up paper published by the researchers. The text below remains accurate for Unbound users. Please note that NLnet Labs 18 Nov 2020 • 5 min read
Research Journeying into XDP Part 1: Augmenting DNS How can eXpress Data Path (XDP) augment existing DNS software? We share our experiences of implementing Response Rate Limiting in XDP. NLnet Labs 23 Oct 2020 • 12 min read
DNS DNS-over-HTTPS in Unbound A major step forward in end user privacy. NLnet Labs 9 Oct 2020 • 6 min read
DNS Some Country for Old Men An Unbound Story of Serving Expired Records. NLnet Labs 9 Sep 2020 • 4 min read
Research Journeying into XDP: Part 0 Network programming using XDP has been on our radar for a while now. As tooling around this technology has vastly improved, we decided that it was time to finally get our hands dirty and see what this technology is all about. NLnet Labs 20 Jul 2020 • 10 min read
Research Adapting Radix Trees NLnet Labs continuously strives to push the performance of its products. Over the course of the past year we researched improvements to main-memory databases for our authorative nameserver, NSD. NLnet Labs 11 Jun 2020 • 7 min read
DNS Tuning NSD for even better performance NLnet Labs is pleased to announce version 4.3.0 of NSD. This release contains, among bug fixes, features to tune NSD for even better performance. Most notably, processor affinity. NLnet Labs 17 Mar 2020 • 4 min read
DNS Response Policy Zones in Unbound We are incredibly happy to introduce Unbound 1.10. This release features RPZ, a mechanism that makes it possible to define your local policies in a standardized way, and load your policies from external sources. NLnet Labs 20 Feb 2020 • 9 min read
Research Measuring the impact of DNS Flag Day DNS Flag Day 2019 stimulated a lot of awareness, and as a result, the Internet got a little better. NLnet Labs 19 Aug 2019 • 8 min read
Dev Hackathon @ Africa Internet Summit 2019 The main objectives of the NLnet Labs foundation are the development of Open Source Software and Open Standards; this combination creates… NLnet Labs 4 Jul 2019 • 5 min read
Research The Ongoing Story of OpenINTEL: Measuring the DNS for Research, Policy and Protocol Improvements Measuring the DNS for Research, Policy and Protocol Improvements. NLnet Labs 4 Dec 2018 • 7 min read
DNS Sunrise DNS over TLS, sunset DNSSEC? Is DNSSEC still needed when you get your DNS over TLS? NLnet Labs 3 Sep 2018 • 8 min read
DNS Aggressive use of the DNSSEC-Validated cache in Unbound One of the new features in Unbound 1.7.0 is the aggressive use of the DNSSEC-Validated cache, resulting in decreased load on name servers. NLnet Labs 5 Apr 2018 • 5 min read
DNS The peculiar case of NSEC processing using expanded wildcard records Unbound, Google public DNS, PowerDNS and Dnsmasq contained a flaw that made it possible to downgrade secure connections. NLnet Labs 30 Jan 2018 • 10 min read
DNS Bringing DNS Security and Privacy to the End User How the getdns API project helps to achieve the goal of DNSSEC validation and DANE authentication at the end-points. NLnet Labs 24 Jan 2018 • 6 min read
DNS Privacy: Using DNS-over-TLS with the new Quad9 DNS Service Install and configure Stubby to communicate securely with the Quad9 DNS service using DNS-over-TLS. NLnet Labs 20 Nov 2017 • 3 min read
Dev Testdriving the CrypTech Alpha Board Experiences with the open source hardware cryptographic engine. NLnet Labs 15 May 2017 • 2 min read
