OK I fixed the DNSSEC issues with the negative validation on the closest encloser of NSEC3. The issue has been around for at least 2 years (going back to 1.6) so I'm asking if anyone needs a backport to 1.7.4? The last release of 1.7.3 was in April, it's August now almost and November or December will be the 1.8 release. That's 4 months roughly. Let me know with email.0 comments
On June 5th, I blogged about getting a VPS for the "enhanced delphinusdnsd (for) windows" port. Well I got it now (in mid Q3 not Q4). I'll be keeping this for around 4 years. The EDWIN project is slated for porting work after january 2025 and should be finished by 2027. The VPS costs 10.95 a month and funny thing is that it is cheaper than if I ran windows 24/7 at home on my ol' xeon. Due to the cost of electricity no doubt.0 comments
I have come across a servfail where an NXDOMAIN answer should have been the case. I'll have to look at the algorithm, but I suspect it has to do with canonical sorting. For example riscv64.delphinusdns.org doesn't work, but nonexist.delphinusdns.org works, and so does nonexist101.delphinusdns.org. I updated my TODO yesterday in the master branch and I'll be looking at that. At the same time I have a partial patch to introduce NSEC support and I'll likely be dropping both these at nearly the same time. It's been a good summer break, and unfortunately I'm not making use of the low temps this year. I could be coding in other words, but I decided to follow some other hobbies of mine instead. Everyone needs breaks *smile*.0 comments
Through a mixup I donated 60 EUR to the OpenBSD Foundation. So the 5 EUR that I pledged below will cover this. Even if I don't get ED448 support the money is wired. So perhaps for 7.4 or so, if not, no big deal.0 comments
I pledged 5 EUR if LibreSSL team implements ED448 which is used for alg 16 in DNSSEC. The value of this is almost ridiculous but I can't afford more currently. The timing for this call for this feature is almost perfect since the new OpenBSD release is in roughly 4 months and the 1.8 delphinusdnsd release is in end of november/early december. Also since LibreSSL implemented ED25519 framework, the concept of ED448 is just using a different ED algorithm and a bit of copy pasting I gather, I just need ED448_keypair(3), ED448_sign(3) and ED448_verify(3) similar to the ED25519 equivalents found in the X25519(3) manpage.0 comments
I have added this algorithm based on algorithm 13. Here is the RFC 6605.0 comments
I just committed the code. A test zone worked perfectly. I'm somewhat happy.0 comments
So E.D.W.I.N. stands for "Enhanced Delphinusdnsd (for) WINdows", I'm giving it a closed source shot after december 2024. In preparation of this I'm going to rent a windows server cloud computer where I'll be developing on. Probably starting in Q4 of 2023. I'm going to use bitlocker or something similar to encrypt the source code on the cloud and use OpenBSD as the firewall for the gateway.
Edwin is the best of both worlds (both open and closed source models). It will be used to commercially profit off delphinusdnsd and to reach as many people as possible in order to maximise the profit margin. I am very excited about the idea, but not really about the hard work to port delphinusdnsd to windows. But c'est la vie, noone ever got paid for dreaming. I'm trying to get out of poverty and until I retire or die edwin will be closed source. By then people will have to evaluate whether they want the open source version or the closed source version anyhow.
PS: To be honest something snapped in me, I need money, and I'm putting down the framework to do so. The foundation has already been laid with open source of delphinusdnsd, it will always be free. So I'm not selling out completely. Also edwin project is dedicated to the Edwin Hubble telescope which has given me a lot of joy in the past 25 years or more looking at NASA's APOD. The photo you see here is NGC 7006 which is 140,000 light years in the constellation delphinus. This means it's beyond the milky way galaxy too. As we're only 120,000 light years in diameter afaik.0 comments
I have a self-imposed limit on when I want to change projects from delphinusdnsd. This will be in 1.5 years so it's not too far off in the future. I am considering going closed source for a windows port, among other things. This means I will still maintain delphinusdnsd 1.9.x as open source, but will in parallel have a for-cost closed source windows port. This is a good way that I can start a business around delphinusdnsd and it may put some money in my pockets. So far I may have gotten one or two donations not surpassing 50 EUR and I had expenditures of 200 EUR for sponsoring someone for a ruby framework. That was in the year 2015 or 2016, and since then I've replaced the ruby program with a C program of what would eventually become the dddctl(1) program.
Now I'm a fool but not a big fool, and I know what happens when you go closed source. The open source world will fork what you have and compete against your model. This is what happened in the legal case Tatu Ylonen vs. OpenSSH. However Tatu Ylonen still managed to raise a multi-million dollar company. I don't think he was in poverty since his ssh creation. I on the other hand am in poverty and noone is to blame for that but me. It took a lot of years to get this program to a level where I can possibly compete it to other DNS programs. So going away now may not be in my best interests, it is just getting good.
Also, I am taking a look around what I can do with DNS. I had considered a "nextdns" service before but it would really help if I had a windows forwarder. So that's where I'm shaping it up. Also I'm considering a closed source Solaris 10/11 port, for those oracle people. Either way, I plan on writing about delphinusdnsd on wikipedia near the 1.8 release, so near december. The remaining year will see how people are receptive to yet another dns server.0 comments
It's wonderful that it's not too hot, I was able to code a little for two hours today. I made a patch to implement (without testing) ED25519 algorithm (15) for signing. However my main workstation is sleeping and I'm not home so I can't commit it just yet. I might just test it first before committing as well. Much thanks to LibreSSL project for making this API available!. While I was there I removed algorithm 7 (RSA-SHA1-NSEC3), so what this means is that if you use dddctl to sign with algorithm 7 you will have to change the algorithm at 1.8 release time. What I'm doing is switching off alg 13 from my test zone some time this weekend and then give algorithm 15 to it. Hope it works without much fiddling around.0 comments
On this day in
By clicking on the header of an article you will be served a cookie. If you do not agree to this do not click on the header. Thanks!
Using a text-based webbrowser?
... such as lynx? Welcome back it's working again for the time being.
Older Blog Entries