Refactored command line, simplified OpenID Connect configuration| NLnet Labs
Apple has released macOS Sequoia 15.6 as a software update for Mac users. The primary focus of MacOS Sequoia 15.6 is bug fixes and security updates, and no major changes or features are expected. A…| OS X Daily
We are delighted to announce a new release of Rotonda, version 0.4.1 ‘Melolontha²’. Rotonda is a programmable, analytical BGP engine, that allows users to gather routing data from various sources, such as routers, routing software and files, and over various protocols, such as BMP, BGP and MRT. Rotonda …| NLnet Labs
We are happy to announce the latest release of RTRTR, version 0.3.2 ‘Based on a True Story.’ RTRTR is a tool to collect RPKI data from one or more sources in multiple formats and dispatch it onwards. It provides the means to implement multiple distribution architectures for RPKI …| NLnet Labs
We are happy to announce a new release of Rotonda, version 0.4.0 ‘Bold and undaunting Youth’. Rotonda is a programmable, analytical BGP engine, that allows users to gather routing data from various sources, such as routers, routing software and files, and over various protocols, such as BMP, BGP …| NLnet Labs
Today, we released version 4.12.0 of the authoritative DNS nameserver NSD.| NLnet Labs
We are pleased to announce the latest release of Routinator, version 0.14.2 ‘Roll Initiative!’ Routinator is an RPKI relying party software that collects and validates statements in the Resource Public Key Infrastructure (RPKI) about allowed route origins and makes them available to the BGP workflow. This release updates …| NLnet Labs
We are pleased to announce the latest release of Routinator, version 0.14.1 ‘Black Cats and Voodoo Dolls.’ Routinator is an RPKI relying party software that collects and validates statements in the Resource Public Key Infrastructure (RPKI) about allowed route origins and makes them available to the BGP workflow …| NLnet Labs
Today, we released version 4.11.1 of the authoritative DNS nameserver NSD. NSD version 4.11.0 had a serious bug in which applying updates to zones (and other modifications that require a reload, such as adding and deleting zones), could stop entirely after reception of a broken or …| NLnet Labs
Updated 2025-01-18: THIS VERSION HAS A SERIOUS BUG. Please upgrade to NSD 4.11.1 at the earliest opportunity. Today, we released version 4.11.0 of the authoritative DNS nameserver NSD. Version 4.11.0 sees various small features and bugfixes. One notable feature is that configuration can be …| NLnet Labs
We are super happy to announce a new - the second - release of Rotonda, version 0.2.0 ‘Happy Fuzzballs’. Rotonda is a programmable, analytical BGP engine, that allows users to gather routing data from various sources, such as routers, routing software and files, and over various protocols, such as BMP …| NLnet Labs
We are pleased to announce the release of version 1.22.0 of the Unbound recursive DNS resolver. This release has an option to harden against unverified glue, it is enabled with harden-unverified-glue: yes. It was contributed by Karthik Umashankar from Microsoft. This protects Unbound against bad glue, that is …| NLnet Labs
We are pleased to announce the release of version 1.21.1 of the Unbound recursive DNS resolver. This security release fixes CVE-2024-8508. A vulnerability has been discovered in Unbound when handling replies with very large RRsets that Unbound needs to perform name compression for. Malicious upstreams responses with very …| NLnet Labs
We are pleased to announce the release of version 1.21.0 of the Unbound recursive DNS resolver. This release has a fix for the CAMP and CacheFlush issues. They have a low severity for Unbound, since it does not affect Unbound so much. The Compositional Amplification (CAMP) type of …| NLnet Labs
Today, we released version 4.10.1 of the authoritative DNS nameserver NSD. Version 4.10.1 consists primarily of bug fixes. @bilias implemented mutual TLS authentication for zone transfers. Please consult the nsd.conf manual for details on the newly introduced configuration options tls-auth-port and tls-auth-xfr-only. Michael Orlitzky provided …| NLnet Labs
We are pleased to announce the two releases of Krill, versions 0.13.2 ‘Be kind, rewind’ and 0.14.5 ‘Who dis? New Phone.’ Krill is a daemon for running delegated RPKI, featuring a Certificate Authority and a publication server that allows you to create and publish signed statements …| NLnet Labs
We are pleased to announce the latest release of Routinator, version 0.14.0 ‘You Must Gather Your Party Before Venturing Forth.’ Routinator is an RPKI relying party software that collects and validates statements in the Resource Public Key Infrastructure (RPKI) about allowed route origins and makes them available to …| NLnet Labs
Today, we released version 4.10.0 of the authoritative DNS nameserver NSD. Version 4.10.0 integrates simdzone and drops the Flex+Bison zone parser. NSD used a Flex+Bison based zone parser since version 1.4.0. The parser served NSD well, but zones have increased in size …| NLnet Labs
We are happy to announce the latest release of RTRTR, version 0.3.0 ‘Filmed Before a Live Studio Audience.’ RTRTR is a tool to collect RPKI data from one or more sources in multiple formats and dispatch it onwards. It provides the means to implement multiple distribution architectures for …| NLnet Labs
Fix for DNSBomb CVE-2024-33655, and other bug fixes.| NLnet Labs
We are pleased to announce the release of version 0.10.0 of domain, our Rust crate for interacting with the Domain Name System (DNS). This release is the result of the first three months of increased focus on the library. We have written more about our plans for the …| NLnet Labs
Today, we released version 4.9.0 of the authoritative DNS nameserver NSD. This release adds support for DNS Catalog Zones (RFC 9432) version "2". Both producer and consumer roles for catalog zones are implemented, but only a single consumer zone is allowed. The "coo" property, relevant when multiple consumer …| NLnet Labs
We are pleased to announce the release of version 1.19.3 of the Unbound recursive DNS resolver. This release has a number of bug fixes. The CNAME synthesized for a DNAME record uses the original TTL, of the DNAME record, and that means it can be cached for the …| NLnet Labs
We are pleased to announce the release of version 1.19.2 of the Unbound recursive DNS resolver. This security release fixes CVE-2024-1931. NLnet Labs Unbound version 1.18.0 up to and including version 1.19.1 contain a vulnerability that can cause denial of service by a certain …| NLnet Labs
Today we released version 0.13.2 ‘Existential Funk’ of Routinator. Routinator is an RPKI relying party software that collects and validates statements in the Resource Public Key Infrastructure (RPKI) about allowed route origins and makes them available to the BGP workflow. This release fixes an issue in the RTR …| NLnet Labs
We are pleased to announce the release of version 1.19.1 of the Unbound recursive DNS resolver. This security release fixes two DNSSEC validation vulnerabilities: CVE-2023-50387 (referred here as the KeyTrap vulnerability) and CVE-2023-50868 (referred here as the NSEC3 vulnerability). The KeyTrap vulnerability works by using a combination of …| NLnet Labs
We are pleased to announce the latest release of Routinator, version 0.13.1 ‘Aziz, Light!’ Routinator is an RPKI relying party software that collects and validates statements in the Resource Public Key Infrastructure (RPKI) about allowed route origins and makes them available to the BGP workflow. This release includes …| NLnet Labs
Today, we released version 4.8.0 of the authoritative DNS nameserver NSD. This release introduces PROXYv2 support and faster statistics gathering, removes the database option and fixes bugs. The proxy protocol support is an implementation of PROXYv2 for NSD. It can be configured with proxy-protocol-port: portnum with the port …| NLnet Labs
We are pleased to announce the release of version 1.19.0 of the Unbound recursive DNS resolver. This release fixes a number of bugs, and adds some smaller features. The redis-logical-db option and cachedb-no-store option can be used for cachedb configuration. The disable-edns-do option can be used for working …| NLnet Labs
We are pleased to announce the latest release of Routinator, version 0.13.0 ‘Should Have Started This in a Screen.’ Routinator is an RPKI relying party software that collects and validates statements in the Resource Public Key Infrastructure (RPKI) about allowed route origins and makes them available to the …| NLnet Labs
Today we have released version 0.12.2 of Routinator. Routinator is an RPKI relying party software that collects and validates statements in the Resource Public Key Infrastructure (RPKI) about allowed route origins and makes them available to the BGP workflow. This release fixes two issues in Routinator that can …| NLnet Labs
We are pleased to announce the release of version 1.18.0 of the Unbound recursive DNS resolver. This release adds DNS cookies downstream, support to respond with EDE error codes from cache, NAT64 support, and the capability to use a socket queue timeout to discard old packets, and other …| NLnet Labs
Today, we released version 4.7.0 of the authoritative DNS nameserver NSD. This release adds a script for bash autocompletion for nsd-control. Also nsd-control can be configured to use unencrypted operation also when compiled without openssl. There is also a systemd service unit example file contributed. The dnstap log …| NLnet Labs
This release introduces two fixes for the Krill Publication Server. If you only use Krill as an RPKI Certificate Authority and publish elsewhere, e.g. in an RPKI Publication Server provided by your RIR or NIR, then there is no need to update to this release. Firstly, this release fixes …| NLnet Labs
We are pleased to announce the release of version 1.17.1 of the Unbound recursive DNS resolver. This release fixes a number of bugs. There are also new configuration options that by default do not change the existing behaviour of Unbound. With statistics-inhibit-zero the printout of zero values by …| NLnet Labs
We are pleased to announce the latest release of Routinator, version 0.12.1 ‘Plan uw reis in de app.’ Routinator is an RPKI relying party software that collects and validates statements in the Resource Public Key Infrastructure (RPKI) about allowed route origins and makes them available to the BGP …| NLnet Labs
We are pleased to announce the latest release of Routinator, version 0.12.0 ‘Brutalism and Gardening.’ Routinator is an RPKI relying party software that collects and validates statements in the Resource Public Key Infrastructure (RPKI) about allowed route origins and makes them available to the BGP workflow. This release …| NLnet Labs
Today, we released version 4.6.1 of the authoritative DNS nameserver NSD. This release has a couple of bug fixes. The alpn is set for dns over tls connections. And the SVCB type supports the dohpath parameter. You can get source packages of this version from the downloads page …| NLnet Labs
We are pleased to announce the release of version 1.17.0 of the Unbound recursive DNS resolver. This release has new interface acl configuration options. These allow access-control actions, per interface. Also tags, and views can be configured per interface, queries over the interface are answered with these tags …| NLnet Labs
We are pleased to announce the release of version 1.16.3 of the Unbound recursive DNS resolver. This release fixes CVE-2022-3204 'Non-Responsive Delegation Attack'. It was reported by Yehuda Afek from Tel-Aviv University and Anat Bremler-Barr and Shani Stajnrod from Reichman University. This fixes for better performance when under …| NLnet Labs
We have just released Routinator 0.11.3. This release fixes a vulnerability present in Routinator 0.9.0 up to and including 0.11.2 which causes Routinator to exit if it encounters invalid data in RRDP snapshot or delta files. We have assigned CVE-2022-3029 to this issue. Due …| NLnet Labs
Version 1.8.2 of ldns had a crash bug when creating packets with an EDNS OPT resource record without options. For example when just setting the DO bit (DNSSEC OK) or when specifying a larger UDP payload size. This quick fix release has this resolved. Also the unit tests …| NLnet Labs
I am pleased to announce that version 1.8.2 of ldns is now available. Besides some bugfixes, this release also has a few new features, most notably: Since draft-ietf-dnsop-svcb-https will become RFC now anytime soon, SVCB and HTTPS RR types are now compiled by default. Functionality for parsing and …| NLnet Labs
We are pleased to announce the release of version 1.16.2 of the Unbound recursive DNS resolver. This release fixes the novel ghost domain issues CVE-2022-30698 and CVE-2022-30699. They were reported by Xiang Li from the Network and Information Security Lab of Tsinghua University. Other than that there are …| NLnet Labs
We are pleased to announce the release of version 1.16.1 of the Unbound recursive DNS resolver. This release fixes a number of bugs. The number of nxdomains encountered when looking up a nameserver is not counted as such when the lookup was from cache. Also parent side queries …| NLnet Labs
Today, we released version 4.6.0 of the authoritative DNS nameserver NSD. This release adds the zone verification support from the CreDNS code. There are also some bug fixes in the ixfr out code. Zone verification can start a verifier program that reads the new zone data. It can …| NLnet Labs
We have just released RTRTR 0.2.2. This release fixes a one bug and two issues that were introduced in the 0.2 series. All users of RTRTR 0.2.0 and 0.2.1 are advised to upgrade. The more severe of those is that RTRTR starts to …| NLnet Labs
We are pleased to announce the release of version 1.16.0 of the Unbound recursive DNS resolver. This release has EDE support, for extended EDNS error reporting, it fixes unsupported ZONEMD algorithms to load, and has more bug fixes. The EDE errors can be turned on by ede: yes …| NLnet Labs
Today, we released version 4.5.0 of the authoritative DNS nameserver NSD. This release fixes a couple of minor bugs and adds IXFR out functionality. With this functionality NSD can respond to IXFR queries and serve IXFR transfers downstream. It is default disabled, that means it does not store …| NLnet Labs
We have just released Routinator 0.11.2 which fixes an issue causing the integrated RTR server to not always report the complete set of withdrawn VRPs and router keys to a router. This could cause a router to possibly retain withdrawn VRPs or router keys for some time. This …| NLnet Labs
We are pleased to announce the latest release of Routinator, version 0.11.1. Routinator is an RPKI relying party software that collects and validates statements in the Resource Public Key Infrastructure (RPKI) about allowed route origins and makes them available to the BGP workflow. This release improves the output …| NLnet Labs
We are pleased to announce the latest release of Routinator, version 0.11.0. Routinator is an RPKI relying party software that collects and validates statements in the Resource Public Key Infrastructure (RPKI) about allowed route origins and makes them available to the BGP workflow. This release adds TLS support …| NLnet Labs
Today, we released version 4.4.0 of the authoritative DNS nameserver NSD. This release changes the memory allocation for outgoing zonetransfers, and this reduces the memory footprint. The defaults for the amounts are the same as before, but there are config options to configure the memory usage. There are …| NLnet Labs
We are pleased to announce the release of version 1.15.0 of the Unbound recursive DNS resolver. This release has bug fixes for crashes that happened on heavy network usage. The default for the aggressive-nsec option has changed, it is now enabled. The ratelimit logic had to be reworked …| NLnet Labs
We are happy to announce the latest release of RTRTR, version 0.2.0 ‘Arts and Crafts and Tactical Gear.’ RTRTR is a tool to collect RPKI data from one or more sources in multiple formats and dispatch it onwards. It provides the means to implement multiple distribution architectures for …| NLnet Labs
Today, we released version 4.3.9 of the authoritative DNS nameserver NSD. This release contains a small number of bug fixes. The reconfig failure is fixed for cpu-affinity config re-read. Version repository and continuous integration files are removed from the sourcecode tarball. You can get source packages of this …| NLnet Labs
We are pleased to announce the release of version 1.14.0 of the Unbound recursive DNS resolver. This release contains bug fixes and a full set of RPZ triggers and actions that are supported. This works with RPZ zones, configured with rpz:. It is possible to selectively enable use …| NLnet Labs
This is a quickfix release fixing bugs that had 1.8.0 installing incorrectly. Compared to the 1.7.1 release, this release has many bugfixes and also a few new features, most notably: ZONEMD support in ldns-signzone and ldns-verify-zone Draft implementation of the SVCB and HTTPS RR types. Use …| NLnet Labs
Besides many bugfixes, this release also has a few new features:| NLnet Labs
We are pleased to announce the latest release of Routinator, version 0.10.2 ‘Skuffet, men ikke overrasket.’ This release is part of a Coordinated Vulnerability Disclosure for vulnerabilities in RPKI relying party implementations conducted by the University of Twente and the National Cyber Security Centre of the Netherlands (NCSC-NL …| NLnet Labs
Today, we released version 4.3.8 of the authoritative DNS nameserver NSD. This release fixes a crash bug in delegation answers, and fixes in NSEC3 answers. Also compile fixes for OpenSSL. The OpenSSL 3.0 API is supported. The Mutual TLS feature allows for client authentication for XFR-over-TLS connections …| NLnet Labs
We are happy to announce the latest release of Routinator, version 0.10.1 ‘That's No Moon.’ Routinator is an RPKI relying party software that collects and validates statements in the Resource Public Key Infrastructure (RPKI) about allowed route origins and makes them available to the BGP workflow. This release …| NLnet Labs
We are happy to announce the latest release of Routinator, version 0.10.0 ‘Through Many Dangers, Toils, and Snares.’ Routinator is an RPKI relying party software that collects and validates statements in the Resource Public Key Infrastructure (RPKI) about allowed route origins and makes them available to the BGP …| NLnet Labs
We are pleased to announce the release of version 1.13.2 of the Unbound recursive DNS resolver. The release contains a bugfix to fix the make install of the python module after build changes introduced in this release rc1. This release contains a number of bug fixes. There is …| NLnet Labs
Today, we released version 4.3.7 of the authoritative DNS nameserver NSD. This release fixes a crash in dnstap. New features are XoT which provides AXFR and IXFR over TLS, and DNS Cookies support and SVCB and HTTPS RR type support. For zone transfer TLS can be turned on …| NLnet Labs
We are happy to announce the latest release of Routinator, version 0.9.0 ‘Raptor Bash for Life.’ Routinator is an RPKI relying party software that collects and validates statements in the Resource Public Key Infrastructure (RPKI) about allowed route origins and makes them available to the BGP workflow. This …| NLnet Labs
This release contains two changes that avoid some problems with certain HSM configuration, one of them is SoftHSMv2 in database back-end mode. This can lead to temporarily not being able to sign zones, hence upgrading is really recommended. It does not occur on all systems and configurations though. The 2 …| NLnet Labs
Today, we released version 4.3.6 of the authoritative DNS nameserver NSD. This release contains a bug fix for a zone file parse failure for text records. The release also adds the feature to print a local address, if the address is configured, in dnstap logs. The interface for …| NLnet Labs
This release of 2.1.8 fixes a number of bugs related to the purging of keys, a potential denial of service vulnerability in some installations, and a few rare but nasty potential crashes. Earlier versions of OpenDNSSEC 2.1 might not have all keys purged from the HSM if …| NLnet Labs
We are pleased to announce the release of version 1.13.1 of the Unbound recursive DNS resolver. This release contains a number of bug fixes. There is added support for the EDNS Padding option (RFC7830 and RFC8467), and the EDNS NSID option (RFC 5001). Unbound control has added commands …| NLnet Labs
We are happy to announce the latest release of Routinator, version 0.8.3 ‘Like and Subscribe.’* Routinator is an RPKI relying party software that collects and validates statements in the Resource Public Key Infrastructure (RPKI) about allowed route origins and makes them available to the BGP workflow. While we …| NLnet Labs
Today, we released version 4.3.5 of the authoritative DNS nameserver NSD. This release fixes a number of bugs. It fixes a number of corner case differences for the output more similar to Bind. The configure sources are compatible with the new autoconf 2.70. You can get source …| NLnet Labs
We are happy to announce the second release of RTRTR, version 0.1.1 ‘Death Metal Karaoke.’ RTRTR is a tool to collect RPKI data from one or more sources in multiple formats and dispatch it onwards. It provides the means to implement multiple distribution architectures for RPKI such as …| NLnet Labs
We are happy to announce the latest release of Routinator, version 0.8.2 ‘Once More, with Feeling.’ Routinator is an RPKI relying party software that collects and validates statements in the Resource Public Key Infrastructure (RPKI) about allowed route origins and makes them available to the BGP workflow. This …| NLnet Labs
We are pleased to announce the release of version 1.13.0 of the Unbound recursive DNS resolver. This version has fixes to connect for UDP sockets, slowing down potential ICMP side channel leakage. The fix can be controlled with the option udp-connect: yes, it is enabled by default. Additionally …| NLnet Labs
Today, we released version 4.3.4 of the authoritative DNS nameserver NSD. This release fixes CVE-2020-28935, this solves a problem where the pidfile is altered by a symlink, and fails if a symlink is encountered. See https://nlnetlabs.nl/downloads/nsd/CVE-2020-28935.txt for more information. Also there are …| NLnet Labs
We are happy to announce the latest release of Routinator, version 0.8.1 ‘Pure as New York Snow.’ Routinator is an RPKI relying party software that collects and validates statements in the Resource Public Key Infrastructure (RPKI) about allowed route origins and makes them available to the BGP workflow …| NLnet Labs
We are happy to introduce Krill 0.8.1 'The Gentle Art'. This release is less restrictive when creating ROAs, while still providing enough guidance to accurately reflect your routing intent. Krill automatically downloads BGP announcement information from RIPE RIS and uses this to analyse the known BGP announcements for …| NLnet Labs
We are happy to introduce Krill 0.8.0 'The Art of ROA Maintenance'. In this version we have added further refinements to the ROA management interface to give users the confidence that their authorisations accurately reflect their BGP announcements. The first of these improvements are warnings about ROAs that …| NLnet Labs
We are happy to announce the latest release of Routinator, version 0.8.0 ‘Strikes and Gutters, Ups and Downs.’ Routinator is an RPKI relying party software that collects and validates statements in the Resource Public Key Infrastructure (RPKI) about allowed route origins and makes them available to the BGP …| NLnet Labs
Today, we released version 4.3.3 of the authoritative DNS nameserver NSD. This release contains the DNS Flag Day 2020 fixes. This sets the default EDNS buffer size to 1232, that should reduce fragmentation. https://dnsflagday.net/2020/ There is a new feature where it is possible to list …| NLnet Labs
We are pleased to announce the release of version 1.12.0 of the Unbound recursive DNS resolver. This release contains the DNS Flag Day 2020 changes. This sets the default EDNS buffer size to 1232, that should reduce fragmentation. https://dnsflagday.net/2020/ There is inclusive language in the …| NLnet Labs
We are pleased to announce the release of version 1.11.0 of the Unbound recursive DNS resolver. This release contains a number of bug fixes. Also new features are introduced. The configure --with-dynlibmodule enables dynamic library support that can have code modules function like the python library scripts. It …| NLnet Labs
Today, we released version 4.3.2 of the authoritative DNS nameserver NSD. This release fixes a number of bugs, and adds options to set log-only-syslog and min-expire-time in nsd.conf and nsd -v for configure line and library versions. You can get source packages of this version from the …| NLnet Labs
This release fixes an issue where BGP RIS Dump files that were not properly retrieved would cause a thread to choke. As this can lead to lock poisoning this type of event could cause other Krill processes to stop functioning properly. All users of Krill 0.7.0 and 0 …| NLnet Labs
We are incredibly excited that six months after the first release of Krill it already powers delegated RPKI for over 150 organisations. Today we are launching Krill 0.7.1 'Sobremesa', the biggest update yet of our open source RPKI Certificate Authority software. This version lets you create and maintain …| NLnet Labs
We are happy to announce the latest release of Routinator, version 0.7.1 ’Moonlight and Love Songs.’ Routinator is an RPKI relying party software that collects and validates statements in the Resource Public Key Infrastructure (RPKI) about allowed route origins and makes them available to the BGP workflow. While …| NLnet Labs
We are pleased to announce the release of version 1.10.1 of the Unbound| NLnet Labs
A few days ago we released Krill 0.6.0 'Go with the Flow'. The most visible change in this release is that the embedded user interface now includes French, Greek and Spanish translations. The Krill user interface in Greek The vast majority of the work went into making Krill …| NLnet Labs
We are excited to announce that Krill is available as a 1-Click App on the AWS Marketplace. The Krill 1-Click App brings together all of the puzzle pieces needed to administer and run an RPKI Certificate Authority and publication server in the AWS cloud. It allows you to easily set …| NLnet Labs
fast reload, redis replica, error reporting, and bug fixes.| NLnet Labs
Apple has released MacOS Sequoia 15.3.1 update for Mac users running the Sequoia operating system. The new software update includes bug fixes and security enhancements, making it recommended for al…| OS X Daily