DelphinusDNS Blog

(the latest about delphinusdnsd)


May 20th, 2024

Hi, my other hobbies are delaying this one. I'm hoping to start in June. Many thanks to someone in the US who has been mailing me for support, I have a list of todos. In other news I found the Windows programming book that I need for the edwin project. Happy Pentecostal times.


Almost ready to start EDWIN project

May 07th, 2024

EDWIN is my code name for the windows port of delphinusdnsd. It is intended to grow a business in a few years. I hope to recover my pension money with the income of this. Wish me luck! I'm starting in the next day or so.


Use TLS mode with caution

May 3rd, 2024

The original tls code was first experimental, I have turned this off on my nameservers now as I saw a lot of errors in this and until I study that code again, it will stay off on my servers. Someone wouldn't be nibbling on it if they didn't have a cause.


Two weeks before I'm back in the saddle

April 22nd, 2024

I'm most likely taking up work on the edwin project (delphinusdnsd on windows) on the 6th of May. Right now I'm juggling between a RISCV-64 project and a SIP proxy project. Both are lots of fun! The SIP proxy has already grown to 3000+ lines of code and it reminds me a lot of when I started delphinusdnsd back in 2005. I let delphinusdnsd rest as well for two years before deciding that it was worth continuing. I also have taken up doing a tarot reading every week (once per week at least). I noticed I can think clearer when I do so, it's some form of release that isn't really associated with programming. Also I'll take a look at the signing bug that I found probably on the weekend before May 6th. Have a great remaining April!


DNSSEC NSEC signing bug found

April 18th, 2024

I have observed a signing bug in the wild with NSEC records.

checking result for domain ...
Error: the NSEC record for points to the wrong next owner name
Error: the NSEC record for points to the wrong next owner name
Error: the NSEC record for points to the wrong next owner name
There were errors in the zone
something is wrong with ldns-verify-zone, exit..
I'll take a look at this when I get a chance, it will create a 1.8.1 patch release.


May I?

April 13th, 2024

I was gonna start in April but I am being delayed by some exciting projects and some not so exciting computer problems. I think I'm starting in May or so. I have the devel platform (windows server 2019), and I have a plan. What I did was poke around the Open Source Community to see what they think of an imsg port to windows. Noone seems to have done that yet, and it will be exciting, I think. I'll be releasing the windows port to imsg to the public. But the rest is mine! The approach that I think is right is to convert to a Cmake build system because it is so portable. I look to the LLVM project for this because they seem to know what they are doing and they use that. In fact I'm not going to use a Microsoft IDE I think, but I'll use clang to compile the programs. I'll look around for alternatives and perhaps use vi for windows or something. Another approach could be that I write the files on OpenBSD and use a script to upload this and build. If everything works out, I'll have a Windows version in December 2025. Which is coincidentally the year of 20 years of the initial codebase of delphinusdnsd (or it's former name).

Delphinusdnsd was built from scratch. I opened vi and saw this: ~
(anyhow I think you get the drift, I then proceeded to write it, rewrite it and re-rewrite it, and learned along the way). Remember when delphinusdnsd used a Berkeley DB backend? Now it doesn't do that anymore. Anyhow I'm enjoying life and having a good time here. Spring is magical in Germany.


DNS News (not delphinusdnsd specific, and no easter eggs sorry)

March 29th, 2024

I often read through code (as far as I can understand it) of things I use. I use squid, and I have found a bug. Squid team has been very nice in crediting me with this bug. I was able to find this based on my experiences with programming delphinusdnsd. If you, or your organization, use squid you'll now thank me that it doesn't crash on maliciously formed dns packets anymore.


Happy Easter from

March 28th, 2024

I would like to tell you that I'm very happy with how things are going. Since the 1.8 release there has been no major problems with the server software and I was hoping on starting the windows port in April. Due to some stallings in life I'm going to push that out to possible late April or even May.

I'm minding new hobbies as well. Like Tarot card playing. In the future I want to put some documentaries on here that will help people how to implement a small dns server. We'll see. Bye for now.


Nearly one month after 1.8 release

March 13th, 2024

I've been using 1.8 in production for a month and didn't find anything really that needs immediate attention. What's next? In three days is my birthday. After that two more weeks of "vacation", and then I'll be examining the Windows Operating System somewhat on the windows (edwin) delphinusdnsd port. The progress initially will likely be slowish, but as I get the hang of it it'll pick up. I'm thinking of switching to a cmake system which is said to run on windows, perhaps a make/cmake hybrid. Then I'll look into porting the imsg framework to windows. I think this will be the hardest part. I need imsg for interprocess communication. I don't really want to look much beyond this then, it may take some months.


Announcing the delphinusdnsd 1.8 release

February 16th, 2024

It is with great pleasure that I announce my fruits of labour of 2023 and early 2024, of my Authoritative DNS Server DelphinusDNSD. If you've been using it you will enjoy this new version 1.8.

1. Enhanced algorithm and functionality support:

Delphinusdnsd has added algorithm 14 and 15, ECDSAP384SHA384 and Ed25519, respectively. I added NSEC and CERT RR support. Delphinusdnsd does not have to be shut down anymore to reload it's replicant zones. After notify and pulling AXFR zones it will dynamically replace it's zone content.

2. Enhanced security:

TSIG security has been enhanced in AXFR and querying. Larger keys are produced by dddctl tsig. AXFR transfers now correctly use TSIG authentication. On OpenBSD, pledge and unveil support has seen a tune-up. We now don't have any "inet" pledges in most network receiving processes. An accept(2) process passes an accepted connection to the protocol's engine (TCP, AXFR, or TLS) and from there it is ping-pong'ed again to the parsing process as before. For DNS setups utilizing NSEC for proof of non-existance, it is now supported without having to change to NSEC3 which was the first implementation with DNSSEC.

3. Enhanced reliability:

NSEC3 proof of non-existance is fixed now. It could have resulted in BOGUS answers before. TXT records now have a max size of 4096 bytes , which are useful for certificate data stored in these records, such as DKIM. Also AXFR of TXT records are now fully supported to that maximum 4K limit. In the forwarder, the forwading process now honors the requested EDNS0 length.

4. Other:

I'm sorry to say that for this minor release that NetBSD has been dropped temporarily. FreeBSD, Linux and OpenBSD support is still ongoing. When the libressl pkgsrc gets an update which is needed for Ed25519 support then I can add NetBSD support back on a patch release. Since 1.7.0 (December 2nd, 2022) I have done over 230 commits. That's roughly 15 commits every month (15 months) on average. I had a great time during this release cycle.


I'm looking forward to the 1.9 release cycle, what I wish to do is first and foremost add the Windows Operating System port. Since I don't have much experience with that platform I'm giving myself 24+ months to get that done. If it turns out well I'm going to add TKEY and Dynamic DNS Updates if I can. I'm taking a small break before starting in roughly March or April 2024. I intend to take the committing offline and not accessible. However for things that can be shared, I will share it on the github or other git repo. Finally the Windows version of 1.9 should have the same functionality as the UN*X version except that it will run on Windows and will be proprietary. I reserve the right to do whatever I wish with it.

Special thanks to the following people who contributed:

  • The people on efnet (found in niches of the chat network)
  • Ricardo (I revoked his permissions temporarily because he disappeared)
  • Francisco (who was a great help with this website and moral support)
  • OpenBSD for providing a great functional and secure development system
  • The people of #dns on libera chat, you were much help as always!
It's been a fun year, hopefully I can successfully continue striving the next few years.

Thanks! -pjp (Peter J. Philipp)


Next Page


RSS Feed

Click here for RSS

On this day in

Other links

Have feedback?

By clicking on the header of an article you will be served a cookie. If you do not agree to this do not click on the header. Thanks!

Using a text-based webbrowser?

... such as lynx? Welcome back it's working again for the time being.

Older Blog Entries

Powered by BCHS