DelphinusDNS Blog
(the latest about delphinusdnsd)
|
Previous Page
June 3rd, 2023
It's wonderful that it's not too hot, I was able to code a little for two hours
today. I made a patch to implement (without testing) ED25519 algorithm (15) for
signing. However my main workstation is sleeping and I'm not home so I can't
commit it just yet. I might just test it first before committing as well.
Much thanks to LibreSSL project for making this API available!. While
I was there I removed algorithm 7 (RSA-SHA1-NSEC3), so what this means is that
if you use dddctl to sign with algorithm 7 you will have to change the algorithm
at 1.8 release time. What I'm doing is switching off alg 13 from my test zone
some time this weekend and then give algorithm 15 to it. Hope it works without
much fiddling around.
0 comments
Going to apply for Open Source funding once more
May 24th, 2023
I have done so twice already in the past at a project called
prototypefund.de.
I applied there in 2018 for the fifth round of funding (delphinusdnsd 1.3), once
in 2020 for the 9th round of funding (delphinusdnsd 1.5/1.6). And now again
for the 14th round of funding. Both times I had applied I got turned down.
I'm gonna try one more time, also because it is my last year alone in 2024
to be working on version 1.9 delphinusdnsd.
What I would plan for this release, if I get funding I'd work towards (signed)
DNS Updates.
So August 1st is the first day to apply for the funding and put forth my idea.
If I get funding, it may propell delphinusdnsd into version 2.x with me. If
not I may call it quits after december 2024.
Delphinusdnsd started under another name in 2005 and has been open source from
day one. Back then it was at sourceforge, inbetween I took it to my own CVSweb,
and then latest I use github.com to share this creation. I'm very proud of
this server software, and it helped me through some odd times in life (writing
it). It is a genuine german project having been written in Frankfurt (2005) and
Schweinfurt (after 2007). What do you think? Does the world need another
authoritative nameserver? Does the world need a german DNS server? Does
Germany need a project where DNS talent resides? Things that make you go
hmm. So far in europe there is only four Projects that I can think of right now
that do DNS. PowerDNS and NLNetlabs in the Netherlands, Knot DNS in the Czech
Republic and Yadifa which was written at EUrid (possibly in spain). I've
always filled a niche with delphinusdnsd it is unlike any other DNS server
software I've seen. I trust its design a great deal. Anyhow... more on this
later.
0 comments
Seems stable, memory leak?
May 18th, 2023
On april 28th I gave the green light for -current again. That was nearly 20
days ago. I've been running delphinusdnsd since the 29th of April without
restart:
_ddd 96881 0.0 4.8 58768 49252 ?? Spc 29Apr23 0:36.12 \
delphinusdnsd -f /var/delphinusdnsd/etc/delphinusdns.conf \
-s /var/run/delphinusdnsd.sock
I have done changes perhaps three times since that start. What I'm noticing
is that there is perhaps a memory leak that I introduced with changing the
databases. I'll have to look into that in the future.
I haven't touched the code in a few weeks so I'm gonna take up on that soon
again. Last I was working on a patch to get statistics working, but it was
error prone and I need to improve it. After that I'm gonna start working on
new algorithm in dddctl with Ed25519 perhaps.
0 comments
I would like some clarity on this
May 12th, 2023
The
EU's Cyber Resilience Act is said to harm open source developers. Like me.
What are we dealing with here and why can't I vote someone who makes these
acts legal out of office? I can, but who do I vote for? Will I make an
impact with my vote? I've been writing open source for a very long time.
Since the 90's at least. Some of the stuff though is not offered anymore and
you can't find it. I've sticked to delphinusdnsd working on it like a second
job during my time at Enhancedvoip.net. In the mornings I'd write on
delphinusdnsd and in the afternoon's I'd do my job for 6 hours a day. More
was not allowed by the doctors, and it matched the Eastern American time zone
working from 2PM until 8PM. Some time later I worked full time on
delphinusdnsd while looking for work. I applied for government grants via
the prototype fund during this time as well. I did not get that money but
they always wished me good luck for the future (thanks!). Now, currently
I'm writing sparingly, delphinusdnsd has become a serious hobby. But where
exactly does it stand? Can I share the code even? I'm a hobby programmer.
This should be answered and clarified, and there needs to be unbiased
discussion what Open Source really is to the voting population.
0 comments
Removed pod.delphinusdns.org
May 3rd, 2023
Normally I don't say this here, but since I used pod.delphinusdns.org in an
example, I'd just like to say I've retired the server as a nameserver and will
likely turn it off permanently (delete the instance) come friday or saturday.
The replacement is a new arm64 vps called superpod.delphinusdns.org. It is
almost as fast but has twice the memory which made it appealing to me.
0 comments
I believe I fixed it now
April 28th, 2023
I just committed some code to fix the issue I reported on April 23rd. I don't
see the symptoms anymore now. If you do decide to go with
delphinusdnsd-current please keep an eye on the database for corruption.
0 comments
Master branch delphinusdnsd (-current) is currently broken
April 23rd, 2023
I tested this out today and there is some problems with AXFR's still. What
I had done was a forest-wide update (4 zones) a few days ago and then did one
update to the delphinusdns.org zone and noticed centroid.eu lost it's DNSSEC
zonedata. This is the symptom. I'll be looking for the cause soon. One
working newer but old version was from april 1st. (84c26f8). Use that if
you have to have stability. When I find time next week I'll look into this.
0 comments
FYI - FreeBSD 13.1 can run delphinusdnsd-current
April 19th, 2023
For a friend who wants to run delphinusdnsd on FreeBSD I tested this out in
10 minutes. FreeBSD compiles delphinusdnsd with some warnings but it links.
Also checking whether tcp and udp work (with the drill program) worked.
0 comments
There is no going back, OpenBSD has advanced
April 18th, 2023
So I just put the commits for mimmutable(2) into delphinusdnsd. This means
that you MUST be at version 7.3 or on -current (snapshots). In order to run
it on version below 7.3 you have to edit the code and #if 0 (deaden) the
mimmutable() code. The benefits outdo the drawbacks here. It's a great
security addition.
0 comments
A possible MITM attack caused me to find a vulnerability with AXFR's
April 14th, 2023
Please, if you run below 1.7.3 it's time to upgrade. 1.7.3 and master branch
have the fix as of today. A few weeks ago my amsterdam vps did an AXFR.
What was weird about this AXFR that it was blank, but it went through. This
caused my nameserver to die. I can't rule out that someone mitm'ed the
transfer. It was highly odd. So last night I had the idea and this morning
and afternoon I implemented custom code to see if my hypothesis was right.
It was correct, the replicants axfr did not check whether the answer even had
any TSIG's in it. In a mitm the TSIG's could have been removed and new or
replaced records could have been put in, it would have passed it. Now then,
the fix is that we require a TSIG to be seen if we use TSIG authentication.
Also if there is trailing data after the TSIG this constitutes as an error.
On the master branch the fix has signature
e5a3d3828452127df428a47c77f8b3a8a4722451
and on the STABLE_1_7 branch it has signature
a798b07e20065050c6178ae69f0fdd3e3899d199. Feel free to use either one.
Though the master branch has some new code, it hasn't seen much production use
yet. So, the sureshot use should be 1.7.3 release.
I found the vulnerability, but was I the first one ever? The mind boggles.
0 comments
Next Page
|
Search
RSS Feed
Click here for RSS
On this day in
Other links
Have feedback?
By clicking on the header of an article you will be
served a cookie. If you do not agree to this do not
click on the header. Thanks!
Using a text-based webbrowser?
... such as lynx? Welcome back it's working again for the time being.
Older Blog Entries
November, 2023
October, 2023
September, 2023
August, 2023
July, 2023
June, 2023
May, 2023
April, 2023
March, 2023
January, 2023
December, 2022
November, 2022
October, 2022
September, 2022
August, 2022
July, 2022
June, 2022
May, 2022
April, 2022
March, 2022
February, 2022
January, 2022
December, 2021
November, 2021
March, 2021
February, 2021
January, 2021
December, 2020
November, 2020
October, 2020
September, 2020
August, 2020
July, 2020
June, 2020
May, 2020
April, 2020
March, 2020
February, 2020
January, 2020
December, 2019
November, 2019
October, 2019
September, 2019
Powered by BCHS
|