By Jannik Peters NSD 4.13.0 now comes with the features --enable-bind8-stats, --enable-zone-stats, --enable-ratelimit, --enable-dnstap enabled by default, reducing confusion when using the same version of NSD packaged by different distributions with different configure options. Additionally, NSD 4.13.0 contains experimental support for AF_XDP sockets as described| The NLnet Labs Blog
In most industries, service providers boast about five nines availability — 99.999%. That sounds impressive: just five minutes of downtime per year. But DNS isn’t like most industries. For top-level domains, downtime is not acceptable. If a registry goes dark, hospitals, banking systems, and e-commerce all go offline with| The NLnet Labs Blog
For years, a European TLD ran their DNSSEC toolchain without incident. Everything “just worked.” Updates were rare, and no one touched the setup. Then their only DNSSEC expert left. What looked like stability turned out to be fragility. The system wasn’t resilient — it was dependent on one person’s| The NLnet Labs Blog
By Alex Band More than two decades ago, NLnet Labs started the ldns library, with the goal of letting developers easily create RFC compliant DNS software in the C programming language. The library included a number of example programs, many of which have found their way into operator workflows. With| The NLnet Labs Blog
By Jannik Peters We have been developing support for AF_XDP sockets in NSD. They allow handling a higher rate of network packets than through the Linux network stack on supported hardware[1]—For a list of supported drivers (and by extension hardware) and their minimum Linux kernel version| The NLnet Labs Blog
By Arya K. Previously, we discussed the massive development our domain library underwent over 2024. However, the project has been around much, much longer than that – the very first commit was made all the way back in 2015! It started out as Martin's side project and grew| The NLnet Labs Blog
By Terts Diepraam We are working on an embedded scripting language for Rust. This language, called Roto, aims to be a simple yet fast and reliable scripting language for Rust applications. The need for Roto comes from Rotonda, our BGP engine written in Rust. Mature BGP applications usually feature some| The NLnet Labs Blog
By Jannik Peters We finally implemented a Prometheus metrics endpoint, providing the statistics you know from nsd-control stats/stats_noreset in Prometheus format via HTTP. To enable the Prometheus metrics endpoint, specify the option metrics-enable: yes in the config's server section. You can then point your Prometheus exporter at http:| The NLnet Labs Blog
NLnet Labs is pleased to announce version 4.6.0 of NSD. This release integrates and revives zone verification, a feature previously shipped in a separate product called CreDNS, which had its last release (0.2.10) in June 2012.| The NLnet Labs Blog
In this series we’ll update you on our accomplishments in 2024 and our future plans. First we will focus on the work on our domain library for DNS| The NLnet Labs Blog
By Wouter Wijngaards, with contributions from Yorgos Thessalonikefs DNS-over-QUIC (DoQ) uses the QUIC transport mechanism to encrypt queries and responses. The DoQ transport for DNS is defined in RFC 9250. With the recent release, Unbound can be configured to support DoQ clients downstream. This feature is not a standard component| The NLnet Labs Blog
How do supply chain security obligations under the European NIS2 legislation affect those that develop the Free and Open Source Software used by "essential providers" of digital infrastructure? An overview of the response to the public comment period to the NIS2 draft implementing act.| The NLnet Labs Blog
Active engagement on the Cyber Resilience Act helped to change the outcome of the negotiations for FOSS. With final text expected this fall, our focus is shifting towards CRA implementation. This includes collaborating on the "open-source software steward" role in a working group at Eclipse.| The NLnet Labs Blog
In the wake of releasing a massive update of the 'domain' library, we launched DNS Investigation, aka "dnsi".| The NLnet Labs Blog
News on our open-source DNS projects, tech policy and open standards developments.| The NLnet Labs Blog
On February 14th, it feels appropriate to express some love and appreciation for the many packaging efforts for our projects.| The NLnet Labs Blog
I want to contribute to a shared understanding of how the CRA will most likely affect developers of open-source software.| The NLnet Labs Blog
Throughout 2024, Sovereign Tech Fund will commission the development of the "domain" crate, NLnet Labs' Rust library for DNS.| The NLnet Labs Blog
The milestones for expanding the domain crate, our Rust library serving as building blocks to develop DNS tooling.| The NLnet Labs Blog
In the last 25 years we have delivered on our mission to make DNS more dependable and trustworthy. These are our plans for the next five years.| The NLnet Labs Blog
A step-by-step guide to running Delegated RPKI with Krill and publish ROAs with APNIC.| The NLnet Labs Blog
A step-by-step guide to running Delegated RPKI and publish ROAs with ARIN.| The NLnet Labs Blog
We hosted a "Rust in Critical Infrastructure" Meetup and kicked off DNS software development in Rust.| The NLnet Labs Blog
When developers gather around a screen like in this picture, you know something special is cooking.| The NLnet Labs Blog
BGPsec and HSM support in Krill, the EDNS Proxy Control option, new DNS zone file parsers and more...| The NLnet Labs Blog
Proxying client information to your favorite resolver and more.| The NLnet Labs Blog
Merely doing RPKI ROV does not provide any guarantees where your packet ends up. We conducted an experiment where we look into the impact of RPKI ROV on whether the packet ends up in the intended location based on active beaconing with two servers.| The NLnet Labs Blog
Plotting graphs of DNS metrics without altering the DNS packets or touching the DNS software itself.| The NLnet Labs Blog
Newsletter: Zone verification in NSD, Extended DNS Errors in Unbound, Hybrid RPKI with Krill.| The NLnet Labs Blog
Unbound 1.16.0 adds support for Extended DNS Errors (RFC 8914).| The NLnet Labs Blog
By Maarten Aertsen NLnet Labs is closely following a legislative proposal by the European Commission affecting almost all hardware and software on the European market. The Cyber Resilience Act (CRA) intends to ensure cybersecurity of products with digital elements by laying down requirements and obligations for manufacturers. 🥳update, december 2023:| The NLnet Labs Blog
