DelphinusDNS Blog

(the latest about delphinusdnsd)

Next minor release (1.7) may come delayed

May 18th, 2022

I'm planning on starting the DNS Updates work in around June, since this is major work, I can't promise I'll be done in December. It may go beyond into 2023 and when finished I'll roll the 1.7 minor release. Until then you'll see patch releases in the 1.6.X patch series, for whatever comes up.

I noticed someone forked delphinusdnsd meaning that my code is getting eyeballs or intend to add more features. I welcome that. I don't know the intend of this someone but I hope to find out more about them in the near-future.

What about the major releases? There is none for me, another team (if one forms) will continue on doing delphinusdnsd 2.x. But this will be beyond 2025, so there is some time left still to change my mind or set this back in time. It's two and a half years so I feel comfortable with this. What do I plan on doing after delphinusdnsd? I was thinking of doing something with VOIP but not sure yet.

0 comments

Release 1.6.2 is out

May 17th, 2022

I have released 1.6.2 as backpatches from the master branch. The fixes affect SRV, NAPTR and ANY replies. Enjoy!

0 comments

Supported RRs in Delphinusdnsd

May 10th, 2022

I came across this image chart and needed to add delphinusdnsd to it.

The image is made by Ruurtjan Pul on Wikipedia and is under the CC license. I have filled out the non-support in red and the supported records in green, other than IXFR and AXFR which the latter is supported in full. To see this chart closer you can select it with "open image in new tab" in your browser.

0 comments

Added RFC 7043 (EUI48 and EUI64) support

May 9th, 2022

Over the weekend I put in RFC 7043 support. It seemed pretty easy and I did it over 2 days. I hope I didn't forget anything it seemed a little too easy, but dddctl query support works, axfr works, raxfr works, querying eui48 and eui64 works and it appears in any queries. In logs I also noticed it is logged. Signing eui48/64 works. So perhaps I didn't forget anything.

This work was inspired by Lory (an ex-schoolmate) who appeared in a dream of mine and asked me to put this support in. With the DNS Updates delphinusdnsd will have the functionality that she described to me in the dream. I know it's weird that I dream about the DNS server. Anyhow, the idea is that MAC addresses can now be put into delphinusdnsd and reading the RFC 7043 one case of Canadian Cable ISP's doing it is mentioned.

0 comments

Some Brain-storming for DNS Updates

May 8th, 2022

I'm almost ready to start coding on DNS Updates (RFC 2137 and 3007) and I'm making plans on that. Here you will see an behind the scenes look of how I plan this out:

My NOTES on making DNS Update functionality

I) when an update comes in:

1. check TSIG pass on to update process via cortex
	a) an inserted RR can't be of DNSSEC kind (this gets calculated on fly)

2. in update process perform the following task

	a) sign with ZSK (which must be made available in 
			/var/delphinusdnsd/keys) to create an RRSIG
	b) insert into a new (in-memory) db after a copy from orignal db
	c) update SOA serial (we can only support time_t serials check for that)
	d) sign apex record replacing existing RRSIG
	e) delete all NSEC3 entries of that zone and their corresponding RRSIG's
	f) recalculate all nsec3's of that zone creating an NSEC3 and sign 
		with RRSIG
	g) dump entire database to file, this file will get precedence on
		restart over anything already existing except when the
		SOA's serial is behind at which point it gets deleted or moved
	h) the database is now complete, send to all processes to update via
		cortex process 
	i) merge in-memory database with new in-memory database

Notes)
	- this makes NSEC with updates impossible but it's ok we're master
	- we must have access to /var/delphinusdnsd/{master,keys,dynamic}/*
	- perhaps we need a global setting for serial choice (choices between
		arbitrary, time_t and YYYYMMDDXX) for updates we must have
		time_t serials which gives us second granularity to 
		Sun Feb  7 07:28:15 CET 2106 (at which point DNS will explode)
		((but I'll be long dead then))

II) on startup

1. read the configuration file
2. if a dynamic update file exists read it into a second database and merge with
   original zone database.
3. continue starting up

Hopefully I'll get this in the way I have foreseen. Do note that RFC 4033 says in section 12 (Security Considerations): An attacker may also be able to consume resources in a security-aware name server that supports DNS dynamic update, by sending a stream of update messages that force the security-aware name server to re-sign some RRsets in the zone more frequently than would otherwise be necessary. This is indeed a problem but I hope I can set up a kind of queue system in the update process.

0 comments

Milestone: 1000 commits

April 22nd, 2022

Milestone: On April 22nd, 2022 we have 1000 commits under the delphinusdns name. The project in total is 5988 days old (as commit records show), 2716 days under the delphinusdns name. We have 50667 lines of C and YACC code currently and it is big enough to fit just about on a 1.44MB floppy (C and YACC code are 1210956 bytes, some images would have to be discarded). We have two committers currently. We were developed since day one on OpenBSD (then version 3.8, now version 7.1) and we always tried to include the latest OpenBSD mitigations against attackers.

I'm very glad to be giving you this news! :-)

0 comments

Did you know?

April 20th, 2022

Did you know that the name delphinus in delphinusdnsd already contains the word "DNS"? Here is a doodle of mine:

It also contains traces of the first (and second) initials of my parents and prefix of our last name "Philipp" (liker of horses). Only until last week some time did I open my eyes to this and it fit. It seems like delphinusdnsd was the name for my program and DNS was my protocol. Anyhow I wanted to share this to you. If the ddd debugger ever requires a "_ddd" user I'll have to change it on my systems and "_delphinus" doesn't look too bad now.

I had picked delphinusdns arbitrarily after a constellation in the sky back when. Who knew what my subconcious thought?

0 comments

Delphinusdnsd 1.6.1 released

March 22nd, 2022

Proudly I am releasing delphinusdnsd 1.6.1. This is a minor bugfix around more safety in the sandboxes. The source/release can be found at github.

0 comments

Delphinusdnsd on OpenBSD 7.1-beta possibly faster

February 25th, 2022

Starting in OpenBSD 7.1, the OpenBSD team has rolled select into a wrapper of kqueue. This will unlock the kernel from a select big lock and make in the end the result may make it faster to run delphinusdnsd on OpenBSD.

Here is a comparison of two top(1) outputs:
OpenBSD 7.0:

  PID USERNAME PRI NICE  SIZE   RES STATE     WAIT      TIME    CPU COMMAND
47844 _ddd       2    0   29M   32M sleep     select    0:00  0.00% delphinusdn

OpenBSD 7.1:

  PID USERNAME PRI NICE  SIZE   RES STATE     WAIT      TIME    CPU COMMAND
78016 _ddd       2    0   59M   62M sleep/0   kqread    0:09  0.00% delphinusdn

Notice the change in the WAIT state from select to kqread.

I have always developed delphinusdnsd on OpenBSD as the primary OS. Ports to Linux, NetBSD and FreeBSD exist (in no particular order). But testing for these other OS's does not occur until a bit of time before a release.

I have seen no fallout to the OpenBSD select->kqueue change, good work!

0 comments

Development is stalled probably until mid-March

February 13th, 2022

For those that expect to see major code additions I have to disappoint you. Development is stalled on a project for my dad, which i hope to have done by mid-March. I also had to shuffle a lot of computers around at home in order to make electricity savings. That shuffle is pretty much done. I'm craving for doing additions to delphinusdnsd though and this spring when it commences will be great. A damper to that will be a new job but I haven't been accepted to any outstanding resumes, so my hopes aren't very high on that.

0 comments