DelphinusDNS Blog(the latest about delphinusdnsd)
January 26th, 2023
This is just a patch release fixing a single error condition. A segfault was
found a few days ago and this should be the right fix.
January 22nd, 2023
If you use tsig to protect queries and answers there is a segfault condition
that I found today when there is a DNS BADTIME reply (ie. the query has a bad
time outside of the TSIG fudge). In particular when the queryname is "." the
delphinusdnsd server quits with segfault. For now I recommend anyone using
1.7 to go to the git HEAD (latest commit) and wait for 1.7.1 to come out. I'm
still feeling unwell to do major changes (as per the last problem found) and I
just started a new medication so it may take a bit until I get delphinusdnsd
in a great shape again.
January 3rd, 2023
I've been holding off doing any work as I'm trying to overcome an emotional
blockage. It's like I said, you're only affected if you use a primary (master)
other than delphinusdnsd and only if the TXT RR is greater than 255 bytes.
What happens in detail is that the non-delphinusdnsd master may give a TXT RR
in an AXFR which may have different offsets between segments than what
delphinusdnsd expects. As the AXFR takes place delphinusdnsd writes it to
a replicant file as a reassembled TXT RR and then restarts assuming that the
segments are exactly 255 bytes maximally and fragments the segments on that.
If the segments are not exactly like on the primary (master) the RRSIG which
signed this TXT Record with on-the-wire byte orderings will not match what
delphinusdnsd gives out. It should result in a SERVFAIL or the recursive
nameservers may try another nameserver but it's not guaranteed that it will
recover for you.
Luckily the setup of a replicant is easy enough for any alternative DNS server
and the dddctl bindfile mode gives you the chance to convert your delphinudsnsd
zones to BIND format. This bug has been with us since the beginning (when
we started replicating) and like
I said as the sole programmer I'm facing a emotional blockage right now. The
fix is in parse.y and how it parses TXT records, similarily raxfr.c would need
to write TXT RR's in exactly the segments that it was given them in the AXFR.
This also deviates the whole parsing for a TXT record and I'll have to examine
if I have to do much work in parse.y for this. Finally I'll end with a nice
saying. "DNS how hard can it be?!"
December 25th, 2022
In this commit here, I fixed the dddctl bindfile,
today. I've come to the realisation that delphinusdnsd serving TXT's as a
replicant when the primary (aka master) is NOT delphinusdnsd _could_ cause a
conflict and the query answered from delphinusdnsd may not check out in DNSSEC.
And this is only in DNSSEC. I'm thinking around a fix for this and it may
take a few days due to the holidays. One logical way of doing this is to let
delphinusdnsd know it is a replicant zone when it reads out of
/var/delphinusdnsd/replicant and then expect a split TXT record when the size
is over 255 bytes. In plain english it has to do with the partitioning of a
TXT message that is larger than 255 bytes. I'll be working on that. In the
meanwhile if you're affected (using TXT and DNSSECed zones with delphinusdnsd)
dump the delphinusdnsd temporarely and look for a 1.7.1 release to pick up
where you left it.
December 24th, 2022
Let there be manna!
December 11th, 2022
In the OpenBSD system there is a nice feature in syslogd to have a circular
buffer log (meaning when it's full it jumps back to the beginning). This
speeds up logs because they are in memory only and I can still find the
last few logs if there is a crash. My logs look something like this:
notice the hashed out file log. You should be happy about this as it gives
you temporarily more privacy. Though I wonder if I should collect dumps of
syslogc delphinusdnsd periodically. This would be for stats collection only.
Another way would be an internal stats counter to delphinusdnsd that could be
dumpable with dddctl. I'll think about it.
Having admitted I collected logs for a long time for statistic purposes I'll
put forward a statement of assureness that I did not correlate this data with
my weblogs for example. I don't have the time of day and the nerves to go
through with something like that. Guess I'll just have to disappoint you that
I found your preferred nameservers to IP. Though I did see there is a MX
lookup from microsoft's nameservers whenever I log into linkedin. It makes
me think this is careless on part of microsoft, but I'm not going to try any-
thing with it because I do like my account there. Anyhow, happy 3rd advent
time, may you come to terms with christ being born those many many years ago.
December 6th, 2022
I read somewhere that Elon Musk wants to charge 8.00 USD for twitter users.
That amount of money is cheap enough to get you a vps for 5 EUR/mo and if
you're lucky the remaining 2.60 EUR might give you a really cheap vps or pay
toward a domain name. A VPS is a cloud computer, a virtual private server
(VPS). Two VPS's is what's required for a minimal setup with a DNS
authoritative server such as delphinusdnsd.
These VPS's are cloud servers
from providers such as Hetzner, DigitalOcean, Vultr, OpenBSD.Amsterdam,
TransIP, these are just to name a few providers, and with exception to
DigitalOcean they will allow you to install OpenBSD OS. On these same VPS's
you can run a webserver with your favourite blog software. Though I urge you
to look into kcgi blogs as these are C based and you don't have to even
install a PHP program and if run on OpenBSD you can pledge these to a stdio
only pledge. This makes it rather ultra secure. Then you can also set up
a SMTP server on your VPS and you have DNS, SMTP and HTTPS
(if with letsencrypt). Alas you have a setup like I have it almost.
is all available as Open Source, meaning you invest in your skills manageing
this system rather than paying for the software. Delphinusdnsd works
this sort of setup and it too is pledged. But you can also pick from other
DNS programmers programs such as nsd, powerdns authoritative, BIND. So once
you have one server running you need a second one for the authoritative DNS.
You may invite a spouse, partner, friend, sibling to host to you this second
VPS. It will cost them exactly as much as it cost you, and between the two
of you you share 2 DNS domains.
This could be a come-back for the old-style
blogs where you have full control of logging who visits your blog and thus you
have full stats for which also some programs exist that are open source.
I'm not promising you would become as big a google, but for a site serving
2-20 TB (able to do so at Hetzner 20 TB) you would be quite popular judging
by traffic. It's low budget and it could help you shape your online site.
If I just opened a door for you, it was my pleasure, otherwise keep it in
mind for others. It may help your social status too. Who needed twitter
December 2nd, 2022
I have released delphinusdnsd 1.7.0. More about this can be found on the
mainsite under news.html. Enjoy!
November 20th, 2022
I'm calling it over for coding any more in C on delphinusdnsd this year.
Of course any major bugs I'm gonna work on. I
have a job interview this week and depending whether I get the job or not I
will only be able to do things on weekends. We're on track for a mid
december release. The only thing I will have to do still is update the
web documentation, which is not hard but it requires a bit of time.
Also this job, if I get it, will change things. The version 1.7 may be the
best version yet but don't expect big things for 1.8 next year and beyond for
as long as I am professionally employed full time. This puts DNS Updates on
the back burner indefinitely. I will get holidays but I haven't been away on
holidays in ~10 years so I may not be doing code for a while, but instead go
Do mail me with your wishes for 1.8 and if they are small enough I may just
get them in.
November 6th, 2022
I looked at my commit record on github just now and my commits are based around
the equinoxes. March, April, May...August, September, October is where the
Lions share was. The climate of 2022 had a lot to do with this, where in the
summer centred around the solstice there I did nothing. It as too hot. Call
it a long siesta. Also I noticed I did around 200 commits this year.
Click here for RSS
On this day in
By clicking on the header of an article you will be
served a cookie. If you do not agree to this do not
click on the header. Thanks!
Using a text-based webbrowser?
... such as lynx? Welcome back it's working again for the time being.
Older Blog Entries
Powered by BCHS