DelphinusDNS Blog
(the latest about delphinusdnsd)
|
Previous Page
May 18th, 2022
I'm planning on starting the DNS Updates work in around June, since this is
major work, I can't promise I'll be done in December. It may go beyond into
2023 and when finished I'll roll the 1.7 minor release. Until then you'll
see patch releases in the 1.6.X patch series, for whatever comes up.
I noticed someone forked delphinusdnsd meaning that my code is getting eyeballs
or intend to add more features. I welcome that. I don't know the intend of
this someone but I hope to find out more about them in the near-future.
What about the major releases? There is none for me, another team (if one
forms) will continue on doing delphinusdnsd 2.x. But this will be beyond
2025, so there is some time left still to change my mind or set this back in
time. It's two and a half years so I feel comfortable with this. What do
I plan on doing after delphinusdnsd? I was thinking of doing something with
VOIP but not sure yet.
0 comments
Release 1.6.2 is out
May 17th, 2022
I have released 1.6.2 as backpatches from the master branch. The fixes affect
SRV, NAPTR and ANY replies. Enjoy!
0 comments
Supported RRs in Delphinusdnsd
May 10th, 2022
I came across this image chart and needed to add delphinusdnsd to it.
The image is made by Ruurtjan Pul on
Wikipedia and is under the CC license. I have filled out the non-support in
red and the supported records in green, other than IXFR and AXFR which the
latter is supported in full. To see this chart closer you can select it
with "open image in new tab" in your browser.
0 comments
Added RFC 7043 (EUI48 and EUI64) support
May 9th, 2022
Over the weekend I put in RFC 7043 support. It seemed pretty easy and I did
it over 2 days. I hope I didn't forget anything it seemed a little too easy,
but dddctl query support works, axfr works, raxfr works, querying eui48 and
eui64 works and it appears in any queries. In logs I also noticed it is
logged. Signing eui48/64 works. So perhaps I didn't forget anything.
This work was inspired by Lory (an ex-schoolmate) who appeared in a dream of
mine and asked me to put this support in. With the DNS Updates delphinusdnsd
will have the functionality that she described to me in the dream. I know
it's weird that I dream about the DNS server. Anyhow, the idea is that MAC
addresses can now be put into delphinusdnsd and reading the RFC 7043 one
case of Canadian Cable ISP's doing it is mentioned.
0 comments
Some Brain-storming for DNS Updates
May 8th, 2022
I'm almost ready to start coding on DNS Updates (RFC 2137 and 3007) and I'm
making plans on that. Here you will see an behind the scenes look of how I
plan this out:
My NOTES on making DNS Update functionality
I) when an update comes in:
1. check TSIG pass on to update process via cortex
a) an inserted RR can't be of DNSSEC kind (this gets calculated on fly)
2. in update process perform the following task
a) sign with ZSK (which must be made available in
/var/delphinusdnsd/keys) to create an RRSIG
b) insert into a new (in-memory) db after a copy from orignal db
c) update SOA serial (we can only support time_t serials check for that)
d) sign apex record replacing existing RRSIG
e) delete all NSEC3 entries of that zone and their corresponding RRSIG's
f) recalculate all nsec3's of that zone creating an NSEC3 and sign
with RRSIG
g) dump entire database to file, this file will get precedence on
restart over anything already existing except when the
SOA's serial is behind at which point it gets deleted or moved
h) the database is now complete, send to all processes to update via
cortex process
i) merge in-memory database with new in-memory database
Notes)
- this makes NSEC with updates impossible but it's ok we're master
- we must have access to /var/delphinusdnsd/{master,keys,dynamic}/*
- perhaps we need a global setting for serial choice (choices between
arbitrary, time_t and YYYYMMDDXX) for updates we must have
time_t serials which gives us second granularity to
Sun Feb 7 07:28:15 CET 2106 (at which point DNS will explode)
((but I'll be long dead then))
II) on startup
1. read the configuration file
2. if a dynamic update file exists read it into a second database and merge with
original zone database.
3. continue starting up
Hopefully I'll get this in the way I have foreseen. Do note that RFC 4033
says in section 12 (Security Considerations): An attacker may also be able to
consume resources in a security-aware name server that supports DNS
dynamic update, by sending a stream of update messages that force the
security-aware name server to re-sign some RRsets in the zone more
frequently than would otherwise be necessary. This is indeed a problem
but I hope I can set up a kind of queue system in the update process.
0 comments
Milestone: 1000 commits
April 22nd, 2022
Milestone: On April 22nd, 2022 we have 1000 commits under the delphinusdns name. The project in total is 5988 days old (as commit records show), 2716 days under the delphinusdns name. We have 50667 lines of C and YACC code currently and it is big enough to fit just about on a 1.44MB floppy (C and YACC code are 1210956 bytes, some images would have to be discarded). We have two committers currently. We were developed since day one on OpenBSD (then version 3.8, now version 7.1) and we always tried to include the latest OpenBSD mitigations against attackers.
I'm very glad to be giving you this news! :-)
0 comments
Did you know?
April 20th, 2022
Did you know that the name delphinus in delphinusdnsd already contains the
word "DNS"? Here is a doodle of mine:
It also contains traces of the first (and second) initials of my parents and
prefix of our last name "Philipp" (liker of horses). Only until last week
some time did I open my eyes to this and it fit. It seems like delphinusdnsd
was the name for my program and DNS was my protocol. Anyhow I wanted to share
this to you. If the ddd debugger ever requires a "_ddd" user I'll have to
change it on my systems and "_delphinus" doesn't look too bad now.
I had picked delphinusdns arbitrarily after a constellation in the sky back
when. Who knew what my subconcious thought?
0 comments
Delphinusdnsd 1.6.1 released
March 22nd, 2022
Proudly I am releasing delphinusdnsd 1.6.1. This is a minor bugfix around
more safety in the sandboxes. The source/release can be found at github.
0 comments
Delphinusdnsd on OpenBSD 7.1-beta possibly faster
February 25th, 2022
Starting in OpenBSD 7.1, the OpenBSD team has rolled select into a wrapper of
kqueue. This will unlock the kernel from a select big lock and make in the
end the result may make it faster to run delphinusdnsd on OpenBSD.
Here is a comparison of two top(1) outputs:
OpenBSD 7.0:
PID USERNAME PRI NICE SIZE RES STATE WAIT TIME CPU COMMAND
47844 _ddd 2 0 29M 32M sleep select 0:00 0.00% delphinusdn
OpenBSD 7.1:
PID USERNAME PRI NICE SIZE RES STATE WAIT TIME CPU COMMAND
78016 _ddd 2 0 59M 62M sleep/0 kqread 0:09 0.00% delphinusdn
Notice the change in the WAIT state from select to kqread.
I have always developed delphinusdnsd on OpenBSD as the primary OS. Ports to
Linux, NetBSD and FreeBSD exist (in no particular order). But testing for
these other OS's does not occur until a bit of time before a release.
I have seen no fallout to the OpenBSD select->kqueue change, good work!
0 comments
Development is stalled probably until mid-March
February 13th, 2022
For those that expect to see major code additions I have to disappoint you.
Development is stalled on a project for my dad, which i hope to have done
by mid-March. I also had to shuffle a lot of computers around at home in
order to make electricity savings. That shuffle is pretty much done.
I'm craving for doing additions to delphinusdnsd though and this spring when
it commences will be great. A damper to that will be a new job but I haven't
been accepted to any outstanding resumes, so my hopes aren't very high on that.
0 comments
Next Page
|
Search
RSS Feed
Click here for RSS
On this day in
Other links
Have feedback?
By clicking on the header of an article you will be
served a cookie. If you do not agree to this do not
click on the header. Thanks!
Using a text-based webbrowser?
... such as lynx? Welcome back it's working again for the time being.
Older Blog Entries
May, 2023
April, 2023
March, 2023
January, 2023
December, 2022
November, 2022
October, 2022
September, 2022
August, 2022
July, 2022
June, 2022
May, 2022
April, 2022
March, 2022
February, 2022
January, 2022
December, 2021
November, 2021
March, 2021
February, 2021
January, 2021
December, 2020
November, 2020
October, 2020
September, 2020
August, 2020
July, 2020
June, 2020
May, 2020
April, 2020
March, 2020
February, 2020
January, 2020
December, 2019
November, 2019
October, 2019
September, 2019
Powered by BCHS
|