DelphinusDNS Blog

(the latest about delphinusdnsd)

A usage case for delphinusdnsd

December 6th, 2022

I read somewhere that Elon Musk wants to charge 8.00 USD for twitter users. That amount of money is cheap enough to get you a vps for 5 EUR/mo and if you're lucky the remaining 2.60 EUR might give you a really cheap vps or pay toward a domain name. A VPS is a cloud computer, a virtual private server (VPS). Two VPS's is what's required for a minimal setup with a DNS authoritative server such as delphinusdnsd.

These VPS's are cloud servers from providers such as Hetzner, DigitalOcean, Vultr, OpenBSD.Amsterdam, TransIP, these are just to name a few providers, and with exception to DigitalOcean they will allow you to install OpenBSD OS. On these same VPS's you can run a webserver with your favourite blog software. Though I urge you to look into kcgi blogs as these are C based and you don't have to even install a PHP program and if run on OpenBSD you can pledge these to a stdio only pledge. This makes it rather ultra secure. Then you can also set up a SMTP server on your VPS and you have DNS, SMTP and HTTPS (if with letsencrypt). Alas you have a setup like I have it almost.

This is all available as Open Source, meaning you invest in your skills manageing this system rather than paying for the software. Delphinusdnsd works well with this sort of setup and it too is pledged. But you can also pick from other DNS programmers programs such as nsd, powerdns authoritative, BIND. So once you have one server running you need a second one for the authoritative DNS. You may invite a spouse, partner, friend, sibling to host to you this second VPS. It will cost them exactly as much as it cost you, and between the two of you you share 2 DNS domains.

This could be a come-back for the old-style blogs where you have full control of logging who visits your blog and thus you have full stats for which also some programs exist that are open source. I'm not promising you would become as big a google, but for a site serving 2-20 TB (able to do so at Hetzner 20 TB) you would be quite popular judging by traffic. It's low budget and it could help you shape your online site. If I just opened a door for you, it was my pleasure, otherwise keep it in mind for others. It may help your social status too. Who needed twitter anyhow?


1.7.0 released

December 2nd, 2022

I have released delphinusdnsd 1.7.0. More about this can be found on the mainsite under news.html. Enjoy!


Development cycle for 2022 has come to an end

November 20th, 2022

I'm calling it over for coding any more in C on delphinusdnsd this year. Of course any major bugs I'm gonna work on. I have a job interview this week and depending whether I get the job or not I will only be able to do things on weekends. We're on track for a mid december release. The only thing I will have to do still is update the web documentation, which is not hard but it requires a bit of time.

Also this job, if I get it, will change things. The version 1.7 may be the best version yet but don't expect big things for 1.8 next year and beyond for as long as I am professionally employed full time. This puts DNS Updates on the back burner indefinitely. I will get holidays but I haven't been away on holidays in ~10 years so I may not be doing code for a while, but instead go somewhere perhaps.

Do mail me with your wishes for 1.8 and if they are small enough I may just get them in.


Equinoxes not Solstices

November 6th, 2022

I looked at my commit record on github just now and my commits are based around the equinoxes. March, April, May...August, September, October is where the Lions share was. The climate of 2022 had a lot to do with this, where in the summer centred around the solstice there I did nothing. It as too hot. Call it a long siesta. Also I noticed I did around 200 commits this year.


I've been programming DNS in C for 20 years now

November 6th, 2022

In possibly July 2002 I wrote the first header files in C for DNS programming. Back then I had intention to write exploits, today I don't have those intentions anymore. DNS work straightened me out. To be exact in 2002 I wanted to write reflection and amplifier tools. It's perhaps coincidental that I'm working with pf today to filter the "sl." botnet which seemingly has 1 spoofing master ,(14 hops away from my dns server), to reflect off my DNS server. Some of you may have come across the "sl." queries by looking at your logs, I know one of you has mentioned to me before that this is an attack. It is an attack but not on us. It's more using our infrastructure to contact zombies from the master. Or so I believe.

So 20 years DNS work, and soon the codebase to delphinusdnsd will also be 20 years old (in 2025). When you look at the first checkin of wildcarddnsd there still is similarities, but with DNSSEC additions I have changed the concept of this DNS server software immensely. I enjoy the work but before 2025 it's over with the 1.9.0 release for me (being the sole programmer). I want to do other things and there is some ideas on the table already. I can't do them all so in 2024 I'll have to make a decision what I want to focus on. Otherwise I'll likely do little projects one after the other but somehow I won't find enjoyment with that. Go big, I think! Thanks for reading my thoughts here.


Two open constructions added this year

October 8th, 2022

A DNS server is never finished(tm). It's an ongoing effort all the time, but here are two construction sites in delphinusdnsd that stick out rather.

  1. Support for OpenWRT and WolfSSL. I started that and ran out of CPU time on my Linux computers due to not using Linux 24/7 and having to do savings. I also lost will on continuing with this, it was awkward. This is an open hanging cliff.
  2. DoT support, is stalled. There is no aDoT Subscribers other than google perhaps and it does the following over and over, making me think there is somethign wrong.
    (some cut for a query that went to
    (ttl=TLS, region=1, tta=NA) for "" type=SOA(6) class=1,  
    answering "NOERROR" (bytes=38/120, sum=NA)
    Also I can't forward TLS code like one does a descriptor passing. This is a limitation with the LibreSSL tls library, so forwarding code and AXFR won't work with DoT. I removed the code for this in tlsloop(). AXFR's will have to have their own ports in order to do TLS and I don't know if it'll happen in 2022.
  3. I thought there was a third perhaps but I can't think of it now.
So I went pretty nuts on my tree with these two. I'm gonna take it easier the next two months before release so that I can start with the DNS Updates code in 2023.


No mimmutable(2) in 1.7 release

October 8th, 2022

I just saw that Theo de Raadt committed mimmutable(2) support into OpenBSD 7.2-current. Unfortunately I don't run any -current systems at the moment so it's hard for me to put support for this in and test it for the 1.7 Delphinusdnsd release which is scheduled for after the FreeBSD release which says December 7th on some document I saw Too bad, but on the other hand it gives the OpenBSD code some time to be tested and it will be in Delphinusdnsd probably after the 7.3 OpenBSD release so look for it in our -current after April/May some time and Delphinusdnsd 1.8 in december 2023 should have the systemcall supported.


A possible breach on my (then) CVS tree?

October 4th, 2022

On the 27th of February in 2019, I did a commit with a few dubious changes. The commit is 88e1f5170fea07586416f9ba2de5f36b99985cc7, and a dubious commit looked something like this:

@@ -276,7 +279,7 @@ out:
                u_int16_t *plen;

                tmpbuf = malloc(outlen + 2);
-               if (tmpbuf == NULL) {
+               if (tmpbuf == 0) {
                        dolog(LOG_INFO, "malloc: %s\n", strerror(errno));
                plen = (u_int16_t *)tmpbuf;
As you can see it replaced a NULL with a 0. I can't explain why I would do this. I fixed it up in commit 6b8ba22a0ecdf078798e64d13af67a48b45a9fc1, yesterday. I went back to seeing what I did in that February 2019. It was when Delphinusdnsd was in 1.3 still and I was at that time putting TSIG code into it. I had correspondence with people from the west and from the east. I also bought a lot of Windows books back then, did online shopping. I find it very odd, though I dimly remember something with compiling linux caused me to write out something to prevent compile errors. Perhaps it was a file that accidentally slipped in?

My systems have changed twice over since then and I don't have evidence for any breach. Though there was a rather big smtpd vuln between OpenBSD 6.4 and now. Anyhow I can only learn from this. I need to write conciser commit log messages with every commit detailing everything. I also need to examine every commit after committing (partially doing that already) it helps in finding bugs that slip through.


Found a bug with reply_aaaa() in reply.c

October 3rd, 2022

An AAAA reply could send two packets in UDP and (possibly) double the answer in TCP. I have a patch made but won't commit until later when my developing workstation is back online. I had this to say about the bug:

09:37:29  almost a year with this bug     
09:37:38  Oct 19th, 2021
09:38:25  d6a64d50049b4c39755a0c875a6ddd7fbd63bbbd is the offending   
So it was with us for almost a year and throughout the 1.6 release. I don't think I'm going to make a backpatch unless you absolutely want me to. An email will do and I'll make a backpatch to 1.6.x version. Other than that the November/December release of 1.7 will have this fixed. So for now happy holiday.


What a difference 12 years makes

September 29th, 2022

On the blog (predecessor to the delphinusdns blog) I wrote proudly that wildcarddnsd (former name of delphinusdnsd and built on a fork of this) was over 10,000 lines of code. Well...that was then, and this:

echo$ wc -l *.[chy] | grep total
   59146 total
is now. Almost 60K lines, and more planned. Though I've written delphinusdnsd with a lot of copy/pasting from other functions and haven't compacted a lot of redundancy into their own functions. Whether I do that before I "retire", will be seen. I plan on going into in-active development after version 1.9 if you don't know yet. Delphinusdnsd doesn't have programmers other than me and if I continue on with a 2.x version it will be as a team.


Next Page


RSS Feed

Click here for RSS

On this day in

Other links

Have feedback?

By clicking on the header of an article you will be served a cookie. If you do not agree to this do not click on the header. Thanks!

Using a text-based webbrowser?

... such as lynx? Welcome back it's working again for the time being.

Older Blog Entries

Powered by BCHS