DelphinusDNS Blog

(the latest about delphinusdnsd)
  

Previous Page


Delphinusdnsd 1.7.1 released

January 26th, 2023

This is just a patch release fixing a single error condition. A segfault was found a few days ago and this should be the right fix.

0 comments

TSIG, error condition found

January 22nd, 2023

If you use tsig to protect queries and answers there is a segfault condition that I found today when there is a DNS BADTIME reply (ie. the query has a bad time outside of the TSIG fudge). In particular when the queryname is "." the delphinusdnsd server quits with segfault. For now I recommend anyone using 1.7 to go to the git HEAD (latest commit) and wait for 1.7.1 to come out. I'm still feeling unwell to do major changes (as per the last problem found) and I just started a new medication so it may take a bit until I get delphinusdnsd in a great shape again.

0 comments

Regarding the TXT RR problem

January 3rd, 2023

I've been holding off doing any work as I'm trying to overcome an emotional blockage. It's like I said, you're only affected if you use a primary (master) other than delphinusdnsd and only if the TXT RR is greater than 255 bytes. What happens in detail is that the non-delphinusdnsd master may give a TXT RR in an AXFR which may have different offsets between segments than what delphinusdnsd expects. As the AXFR takes place delphinusdnsd writes it to a replicant file as a reassembled TXT RR and then restarts assuming that the segments are exactly 255 bytes maximally and fragments the segments on that. If the segments are not exactly like on the primary (master) the RRSIG which signed this TXT Record with on-the-wire byte orderings will not match what delphinusdnsd gives out. It should result in a SERVFAIL or the recursive nameservers may try another nameserver but it's not guaranteed that it will recover for you.

Luckily the setup of a replicant is easy enough for any alternative DNS server and the dddctl bindfile mode gives you the chance to convert your delphinudsnsd zones to BIND format. This bug has been with us since the beginning (when we started replicating) and like I said as the sole programmer I'm facing a emotional blockage right now. The fix is in parse.y and how it parses TXT records, similarily raxfr.c would need to write TXT RR's in exactly the segments that it was given them in the AXFR. This also deviates the whole parsing for a TXT record and I'll have to examine if I have to do much work in parse.y for this. Finally I'll end with a nice saying. "DNS how hard can it be?!"

0 comments

New found bug: delphinusdnsd as replicant/secondary

December 25th, 2022

In this commit here, I fixed the dddctl bindfile, today. I've come to the realisation that delphinusdnsd serving TXT's as a replicant when the primary (aka master) is NOT delphinusdnsd _could_ cause a conflict and the query answered from delphinusdnsd may not check out in DNSSEC. And this is only in DNSSEC. I'm thinking around a fix for this and it may take a few days due to the holidays. One logical way of doing this is to let delphinusdnsd know it is a replicant zone when it reads out of /var/delphinusdnsd/replicant and then expect a split TXT record when the size is over 255 bytes. In plain english it has to do with the partitioning of a TXT message that is larger than 255 bytes. I'll be working on that. In the meanwhile if you're affected (using TXT and DNSSECed zones with delphinusdnsd) dump the delphinusdnsd temporarely and look for a 1.7.1 release to pick up where you left it.

0 comments

Merry Christmas

December 24th, 2022

Let there be manna!

0 comments

I stopped logging delphinusdnsd (to file)

December 11th, 2022

In the OpenBSD system there is a nice feature in syslogd to have a circular buffer log (meaning when it's full it jumps back to the beginning). This speeds up logs because they are in memory only and I can still find the last few logs if there is a crash. My logs look something like this:

!!delphinusdnsd
#*.*                                                     /var/log/delphinusdnsd
*.info                                                  :64:delphinusdnsd
!*
notice the hashed out file log. You should be happy about this as it gives you temporarily more privacy. Though I wonder if I should collect dumps of syslogc delphinusdnsd periodically. This would be for stats collection only. Another way would be an internal stats counter to delphinusdnsd that could be dumpable with dddctl. I'll think about it.

Having admitted I collected logs for a long time for statistic purposes I'll put forward a statement of assureness that I did not correlate this data with my weblogs for example. I don't have the time of day and the nerves to go through with something like that. Guess I'll just have to disappoint you that I found your preferred nameservers to IP. Though I did see there is a MX lookup from microsoft's nameservers whenever I log into linkedin. It makes me think this is careless on part of microsoft, but I'm not going to try any- thing with it because I do like my account there. Anyhow, happy 3rd advent time, may you come to terms with christ being born those many many years ago.

0 comments

A usage case for delphinusdnsd

December 6th, 2022

I read somewhere that Elon Musk wants to charge 8.00 USD for twitter users. That amount of money is cheap enough to get you a vps for 5 EUR/mo and if you're lucky the remaining 2.60 EUR might give you a really cheap vps or pay toward a domain name. A VPS is a cloud computer, a virtual private server (VPS). Two VPS's is what's required for a minimal setup with a DNS authoritative server such as delphinusdnsd.

These VPS's are cloud servers from providers such as Hetzner, DigitalOcean, Vultr, OpenBSD.Amsterdam, TransIP, these are just to name a few providers, and with exception to DigitalOcean they will allow you to install OpenBSD OS. On these same VPS's you can run a webserver with your favourite blog software. Though I urge you to look into kcgi blogs as these are C based and you don't have to even install a PHP program and if run on OpenBSD you can pledge these to a stdio only pledge. This makes it rather ultra secure. Then you can also set up a SMTP server on your VPS and you have DNS, SMTP and HTTPS (if with letsencrypt). Alas you have a setup like I have it almost.

This is all available as Open Source, meaning you invest in your skills manageing this system rather than paying for the software. Delphinusdnsd works well with this sort of setup and it too is pledged. But you can also pick from other DNS programmers programs such as nsd, powerdns authoritative, BIND. So once you have one server running you need a second one for the authoritative DNS. You may invite a spouse, partner, friend, sibling to host to you this second VPS. It will cost them exactly as much as it cost you, and between the two of you you share 2 DNS domains.

This could be a come-back for the old-style blogs where you have full control of logging who visits your blog and thus you have full stats for which also some programs exist that are open source. I'm not promising you would become as big a google, but for a site serving 2-20 TB (able to do so at Hetzner 20 TB) you would be quite popular judging by traffic. It's low budget and it could help you shape your online site. If I just opened a door for you, it was my pleasure, otherwise keep it in mind for others. It may help your social status too. Who needed twitter anyhow?

0 comments

1.7.0 released

December 2nd, 2022

I have released delphinusdnsd 1.7.0. More about this can be found on the mainsite under news.html. Enjoy!

0 comments

Development cycle for 2022 has come to an end

November 20th, 2022

I'm calling it over for coding any more in C on delphinusdnsd this year. Of course any major bugs I'm gonna work on. I have a job interview this week and depending whether I get the job or not I will only be able to do things on weekends. We're on track for a mid december release. The only thing I will have to do still is update the web documentation, which is not hard but it requires a bit of time.

Also this job, if I get it, will change things. The version 1.7 may be the best version yet but don't expect big things for 1.8 next year and beyond for as long as I am professionally employed full time. This puts DNS Updates on the back burner indefinitely. I will get holidays but I haven't been away on holidays in ~10 years so I may not be doing code for a while, but instead go somewhere perhaps.

Do mail me with your wishes for 1.8 and if they are small enough I may just get them in.

0 comments

Equinoxes not Solstices

November 6th, 2022

I looked at my commit record on github just now and my commits are based around the equinoxes. March, April, May...August, September, October is where the Lions share was. The climate of 2022 had a lot to do with this, where in the summer centred around the solstice there I did nothing. It as too hot. Call it a long siesta. Also I noticed I did around 200 commits this year.

0 comments

Next Page

Search

RSS Feed

Click here for RSS

On this day in

Other links

Have feedback?

By clicking on the header of an article you will be served a cookie. If you do not agree to this do not click on the header. Thanks!

Using a text-based webbrowser?

... such as lynx? Welcome back it's working again for the time being.

Older Blog Entries


Powered by BCHS