DelphinusDNS Blog

(the latest about delphinusdnsd)
  

Previous Page


Delphinusdns.ORG algorithm change upcoming

September 20th, 2020

I'm changing the algorithm on delphinusdns.org to alg 13. To do this I have to take the zone out of DNSSEC for a day or two, which is the easiest way because there is recursive servers out there that can't do an algorithm rollover correctly. I already tested this with a test zone (dtschland.eu). These changes will be done next week, possibly starting tomorrow. The steps are 1. remove the DS entry at .org level, 2. wait 86400 seconds (TTL) 3. remove DNSKEY 4. wait 86400 seconds (TTL) 5. install new keys and sign. 6. upload new DS entry to registrar for .org level insertion. I'm also doing this for three other zones in parallel. Extra caution has to be done at the centroid.eu zone because it has a DANE setup which I may have to disable for these two days.

1 comment

Killed backward compatibility for old OpenSSL

September 17th, 2020

With this commit I took out old backward compatibility for OpenSSL before 1.0.1. Since LibreSSL is portable across many platforms and we rely on that for NetBSD and OpenBSD there is not much need for this compatibility code anymore. It will be reflected in the 1.5.0 release by next month.

0 comments

In five days this blog will be 1 year old

September 6th, 2020

On friday of this week you'll see the first "on this day" entries. Happy Anniversary Delphinusdns blog!

0 comments

Delphinusdnsd PATH's changed

September 6th, 2020

Please update your configs starting with tomorrows snapshots. Commit comment here.

1 comment

1.5.0 possibly released mid to late October

September 1st, 2020

OpenBSD 6.8 is in beta. That gives around 1 month of testing for this OS before it is released. I checked and OpenBSD 6.2 was in beta on August 20th, 2017 and it was released on October 9th, 2017, so judging by how long this takes it took them 40 days. So given the release mid October for OpenBSD, delphinusdnsd will be about 2 weeks later, but before November. We'll see. This pegging to OpenBSD is only for this year, I don't plan on doing this too often. Delphinusdnsd is developed on OpenBSD for what it's worth.

0 comments

What's next in the next few weeks?

August 30th, 2020

September is almost around. Two things need to be done before I roll the 1.5.0 release.

  • I need to do another portcheck to see that Linux, FreeBSD and NetBSD work
  • I want to move delphinusdnsd to a /var/delphinusdnsd directory as is done in the OpenBSD port (which hasn't been accepted afaik, but do that anyhow).
After that the 1.5.0 release is pretty much ready and I'll just be waiting for the OpenBSD 6.8 release so that I can release a few days after.

3 comments

Silently fixed

August 26th, 2020

Between July 6th and today there has been a countdown timer for AXFR zone TTLs. This wasn't immediately noticed because my zones are less than 1 second apart notification wise and I simply didn't notice it. Tools that I use didn't mark it either. If you need the fix you should grab tomorrows snapshot.

0 comments

Very large databases

August 26th, 2020

I have filled delphinusdnsd with a dataset of 1.4 million AAAA records. The size in memory for this is 2.4 GB roughly. But the AXFR to such a database with its individual (in my case 1440) zones took close to 2 minutes. I have just committed code to shave this off to 2.4 seconds, a win-win.

However this changes the behaviour of delphinusdnsd. Before you could do:

zone "anything you like" {
	centroid.eu,a,3600,192.168.0.1
	...
}
This is not the way things work now. You MUST put in the zone name in zone "". Many people were doing this anyhow, but now it's a requirement.
zone "centroid.eu." {
	centroid.eu,a,3600,192.168.0.1
	...
}
This behavior will be downloadable in tomorrows snapshot (27th of August) and onwards, and will be in 1.5.0 delphinusdnsd.

0 comments

Canonical sorting still problematic

August 9th, 2020

With in-depth debugging with another person who uses delphinusdnsd, we were able to make out that the canonical sorting in DNSSEC (dddctl sign) is still not right. I'm going to change this in dddctl on all functions. I will do this next week. I have a plan. Hopefully it will be a once and for all result. Many thanks goes to nlnetlabs in the netherlands who created the program ldns-verify-zone. Without you guys I'd have problems. I'm standing on the shoulders of giants.

3 comments

I have picked my project theme

July 31st, 2020

For the prototype fund (9th round) I have finalized what my project is going to be about.

It will be improvements for delphinusdnsd like I mentioned before, but I have a concrete picture of what I must do. I'm going to make delphinusdnsd an authoritative nameserver for replacing Microsoft DNS server. For that I need to do a few things: GSS-TSIG (RFC 3645), it comes with several depended RFC's that I also have to implement like TKEY (RFC 2930) and possibly KEY RR which comes with the SIG(0) RFC. Also I'm going to implement DNS Updates after RFC 2136 and RFC 3007 (secured), and if there is time left in the project time (6 months) I'll try to implement auto-signing updated records (DNSSEC).

This is all a big task, and there is always the hindthought that Microsoft Active Directory won't allow this. I have found a document from Bluecat Networks that they can do this (on a BIND9 basis). So this will be my outline that I will be working/striving towards. Wish me luck, I'm applying tomorrow, most likely.

2 comments

Next Page

Search

RSS Feed

Click here for RSS

On this day in

Other links

Have feedback?

By clicking on the header of an article you will be served a cookie. If you do not agree to this do not click on the header. Thanks!

Using a text-based webbrowser?

... such as lynx? Welcome back it's working again for the time being.

Older Blog Entries


Powered by BCHS