DelphinusDNS Blog

(the latest about delphinusdnsd)

Announcing the delphinusdnsd 1.8 release

February 16th, 2024

It is with great pleasure that I announce my fruits of labour of 2023 and early 2024, of my Authoritative DNS Server DelphinusDNSD. If you've been using it you will enjoy this new version 1.8.

1. Enhanced algorithm and functionality support:

Delphinusdnsd has added algorithm 14 and 15, ECDSAP384SHA384 and Ed25519, respectively. I added NSEC and CERT RR support. Delphinusdnsd does not have to be shut down anymore to reload it's replicant zones. After notify and pulling AXFR zones it will dynamically replace it's zone content.

2. Enhanced security:

TSIG security has been enhanced in AXFR and querying. Larger keys are produced by dddctl tsig. AXFR transfers now correctly use TSIG authentication. On OpenBSD, pledge and unveil support has seen a tune-up. We now don't have any "inet" pledges in most network receiving processes. An accept(2) process passes an accepted connection to the protocol's engine (TCP, AXFR, or TLS) and from there it is ping-pong'ed again to the parsing process as before. For DNS setups utilizing NSEC for proof of non-existance, it is now supported without having to change to NSEC3 which was the first implementation with DNSSEC.

3. Enhanced reliability:

NSEC3 proof of non-existance is fixed now. It could have resulted in BOGUS answers before. TXT records now have a max size of 4096 bytes , which are useful for certificate data stored in these records, such as DKIM. Also AXFR of TXT records are now fully supported to that maximum 4K limit. In the forwarder, the forwading process now honors the requested EDNS0 length.

4. Other:

I'm sorry to say that for this minor release that NetBSD has been dropped temporarily. FreeBSD, Linux and OpenBSD support is still ongoing. When the libressl pkgsrc gets an update which is needed for Ed25519 support then I can add NetBSD support back on a patch release. Since 1.7.0 (December 2nd, 2022) I have done over 230 commits. That's roughly 15 commits every month (15 months) on average. I had a great time during this release cycle.


I'm looking forward to the 1.9 release cycle, what I wish to do is first and foremost add the Windows Operating System port. Since I don't have much experience with that platform I'm giving myself 24+ months to get that done. If it turns out well I'm going to add TKEY and Dynamic DNS Updates if I can. I'm taking a small break before starting in roughly March or April 2024. I intend to take the committing offline and not accessible. However for things that can be shared, I will share it on the github or other git repo. Finally the Windows version of 1.9 should have the same functionality as the UN*X version except that it will run on Windows and will be proprietary. I reserve the right to do whatever I wish with it.

Special thanks to the following people who contributed:

  • The people on efnet (found in niches of the chat network)
  • Ricardo (I revoked his permissions temporarily because he disappeared)
  • Francisco (who was a great help with this website and moral support)
  • OpenBSD for providing a great functional and secure development system
  • The people of #dns on libera chat, you were much help as always!
It's been a fun year, hopefully I can successfully continue striving the next few years.

Thanks! -pjp (Peter J. Philipp)


RSS Feed

Click here for RSS

On this day in

Other links

Have feedback?

By clicking on the header of an article you will be served a cookie. If you do not agree to this do not click on the header. Thanks!

Using a text-based webbrowser?

... such as lynx? Welcome back it's working again for the time being.

Older Blog Entries

Powered by BCHS