DelphinusDNS Blog

(the latest about delphinusdnsd)

Previous Page

If you track -current be vigilant

May 7th, 2020

I just did some commits that, if they have a mistake, could be detrimental to the operation of delphinusdnsd. If you read this on the 7th of may and you want an up to date copy you can download a snapshot in the next 8 hours. and it will not have this change. If however you have nothing to lose, you can continue getting the newest. It takes me some time, as noticed on april 27th after two weeks roughly, to noticed bugs. I tested this change on so if anything breaks it will break big time for me. We'll see I guess.

1 comment

The DelphinusDNS project is on GITHUB

April 28th, 2020

I have finally done the work to synchronize the delphinusdnsd CVS repo with GITHUB's git. This takes down one TODO. The script to synchronize is run per crontab at the top of the hour.

You can find the GITHUB page here: delphinusdnsd@GITHUB. Much thanks to YASUOKA Masahiko for his cvs2gitdump python script. It took me a while to figure out, but it's so simple really.


Fixed bug that was introduced April 11, 2020

April 27th, 2020

Tomorrows snapshot should have the fix. It affected signing with dddctl only. It wasn't easy to find the location of code, but eventually I found it.


Tomorrows snapshot will have new feature

April 23rd, 2020

I have just committed this new feature, tcp-on-any-only, from commitlog:

Add the tcp-on-any-only flag to options.  This replies with a TC (truncate) on
any non-tcp request, causing determined clients to retry in TCP mode.  It is
long overdue to have this option, and the fix was very simple to do.
Basically I'm throwing more TC's in the UDP way of resolving. It will force some to retry with TCP.

1 comment

DNS, my history (in short form)

April 8th, 2020

Everyone uses DNS when they use the Internet, so I have been using DNS since 1994. But I used DNS on Open Source Operating Systems since Autumn 1995 (where I installed Linux while being in College).

At work starting in Autumn 1997 I was confronted working my first DNS server. It was BIND4 I believe. This prompted me to get my first DNS book which I still have today "DNS and BIND - Paul Albitz and Cricket Liu". A very helpful book, but at edition 3 it is outdated today.

The first DNS server i wrote was wildcarddnsd the predecessor of delphinusdnsd (in name only, same codebase). I started this in 2005, the first 15 years have passed.

In 2015 I first experimented with DNSSEC. The concept is super simple if you understand simple cryptography, but to me it was a learning curve. And this is my history (in short form) of using and implementing DNS.


Regarding the rollover tests

April 7th, 2020

I have been talking a bit with DNS folks and they said it's probably best to go insecure and then secure again if an algorithm needs to be rolled. Sucks I know. There is recursive dns software that can't follow an alg rollover. So I'm planning on taking my zones insecure so that I can give them a new algorithm. When that will be I don't know yet.


Important News that shouldn't be missed

April 2nd, 2020

I just put this on the news.html:

Development is ongoing. You should know that a delphinusdnsd before 
the month of April (that includes 1.4.1) cannot do a double-signature 
key rollover, even if the master is PowerDNS or similar, due to a bug 
with RRSIG's that was fixed on April 1st. If you don't plan on doing 
a key rollover until next year then go ahead with 1.4.1 otherwise use 
a snapshot.
I thought it was worthy of stressing this.


Double-Signature Rollover Test

April 2nd, 2020

As you may know I attempted this yesterday and the code wasn't ready. So now it's in Progress. The test zone is called "" which is a test zone of mine that I got on a reduced deal with years ago. I got this domain for 10 years at the time. It's paying off now. I'm trying to roll the ZSK from alg 10 to alg 13 as well. So this should be interesting.

1 comment

Upgraded delphinusdnsd on the nameservers

April 1st, 2020

The nameservers are the servers hosting DNS for I have taken them to todays snapshot on rhombus and trapezoid. What my intention is is to check the double signature dnskey rotation method. I'll likely be using domain name which is my test zone. If you're looking for progress you may want to follow its history on which has now a history again. So you'll be seeing progress. I don't think I'm going to start today, but I might.


Delphinusdnsd replicant for Microsoft DNS server with AD

March 10th, 2020

I just tried out if Microsoft DNS Server is compatible with delphinusdnsd and it seems it is. While there I unearthed and fixed a segfault condition when someone doesn't specify a tsigkey in an rzone entry. Here is a sample rzone entry that I used against the MS DNS Server.

rzone "" {
        ;tsigkey "NOKEY";
        masterport 53;
        zonename "";
        filename "/etc/delphinusdns/replicant/";
Notice that in delphinusdnsd version 1.4.x, the tsigkey is a MUST or you'll get a segfault. After 1.5.x it will be optional. I don't want to backpatch this, so please keep this in mind.

The Microsoft DNS server serves a small Active Directory zone and all default values are supported with delphinusdnsd. This surprised me and I love it!


Next Page


RSS Feed

Click here for RSS

On this day in

Other links

Have feedback?

By clicking on the header of an article you will be served a cookie. If you do not agree to this do not click on the header. Thanks!

Using a text-based webbrowser?

... such as lynx? Welcome back it's working again for the time being.

Older Blog Entries

Powered by BCHS