By Alex Band More than two decades ago, NLnet Labs started the ldns library, with the goal of letting developers easily create RFC compliant DNS software in the C programming language. The library included a number of example programs, many of which have found their way into operator workflows. With| The NLnet Labs Blog
By Jannik Peters We have been developing support for AF_XDP sockets in NSD. They allow handling a higher rate of network packets than through the Linux network stack on supported hardware[1]—For a list of supported drivers (and by extension hardware) and their minimum Linux kernel version| The NLnet Labs Blog
By Arya K. Previously, we discussed the massive development our domain library underwent over 2024. However, the project has been around much, much longer than that – the very first commit was made all the way back in 2015! It started out as Martin's side project and grew| The NLnet Labs Blog
By Terts Diepraam We are working on an embedded scripting language for Rust. This language, called Roto, aims to be a simple yet fast and reliable scripting language for Rust applications. The need for Roto comes from Rotonda, our BGP engine written in Rust. Mature BGP applications usually feature some| The NLnet Labs Blog
By Jannik Peters We finally implemented a Prometheus metrics endpoint, providing the statistics you know from nsd-control stats/stats_noreset in Prometheus format via HTTP. To enable the Prometheus metrics endpoint, specify the option metrics-enable: yes in the config's server section. You can then point your Prometheus exporter at http:| The NLnet Labs Blog
In this series we’ll update you on our accomplishments in 2024 and our future plans. First we will focus on the work on our domain library for DNS| The NLnet Labs Blog
By Wouter Wijngaards, with contributions from Yorgos Thessalonikefs DNS-over-QUIC (DoQ) uses the QUIC transport mechanism to encrypt queries and responses. The DoQ transport for DNS is defined in RFC 9250. With the recent release, Unbound can be configured to support DoQ clients downstream. This feature is not a standard component| The NLnet Labs Blog
How do supply chain security obligations under the European NIS2 legislation affect those that develop the Free and Open Source Software used by "essential providers" of digital infrastructure? An overview of the response to the public comment period to the NIS2 draft implementing act.| The NLnet Labs Blog
Active engagement on the Cyber Resilience Act helped to change the outcome of the negotiations for FOSS. With final text expected this fall, our focus is shifting towards CRA implementation. This includes collaborating on the "open-source software steward" role in a working group at Eclipse.| The NLnet Labs Blog
In the wake of releasing a massive update of the 'domain' library, we launched DNS Investigation, aka "dnsi".| The NLnet Labs Blog
News on our open-source DNS projects, tech policy and open standards developments.| The NLnet Labs Blog
On February 14th, it feels appropriate to express some love and appreciation for the many packaging efforts for our projects.| The NLnet Labs Blog
I want to contribute to a shared understanding of how the CRA will most likely affect developers of open-source software.| The NLnet Labs Blog
Throughout 2024, Sovereign Tech Fund will commission the development of the "domain" crate, NLnet Labs' Rust library for DNS.| The NLnet Labs Blog
The milestones for expanding the domain crate, our Rust library serving as building blocks to develop DNS tooling.| The NLnet Labs Blog
In the last 25 years we have delivered on our mission to make DNS more dependable and trustworthy. These are our plans for the next five years.| The NLnet Labs Blog
We hosted a "Rust in Critical Infrastructure" Meetup and kicked off DNS software development in Rust.| The NLnet Labs Blog
When developers gather around a screen like in this picture, you know something special is cooking.| The NLnet Labs Blog
BGPsec and HSM support in Krill, the EDNS Proxy Control option, new DNS zone file parsers and more...| The NLnet Labs Blog
Proxying client information to your favorite resolver and more.| The NLnet Labs Blog
Merely doing RPKI ROV does not provide any guarantees where your packet ends up. We conducted an experiment where we look into the impact of RPKI ROV on whether the packet ends up in the intended location based on active beaconing with two servers.| The NLnet Labs Blog
Plotting graphs of DNS metrics without altering the DNS packets or touching the DNS software itself.| The NLnet Labs Blog
By Maarten Aertsen NLnet Labs is closely following a legislative proposal by the European Commission affecting almost all hardware and software on the European market. The Cyber Resilience Act (CRA) intends to ensure cybersecurity of products with digital elements by laying down requirements and obligations for manufacturers. 🥳update, december 2023:| The NLnet Labs Blog