Stichting NLnet Labs (NLnet Labs for short) is a not-for-profit foundation founded in 1999 in the Netherlands. Its statutes define its objectives: to develop Open Source software and open standards for the benefit of the Internet.
NLnet Labs' mission is:
To provide globally recognized innovations and expertise for those technologies that turn a network of networks into an Open Internet for All.
» Read more about Labs.
NLnet Labs is a charitable foundation (ANBI) and our main source of income is a subsidy from the NLnet Foundation. We welcome your donation! » Read more about our funding.

Software updates

NSD 4.0.3 released

Fri, 14 Mar 2014
Fix start-stop problems.
NSD project page. Direct Download.

NSD 4.0.2 released

Wed, 12 Mar 2014
Fix memory leaks. Fix ipv6 by disable of recvmmsg. REFUSED for nonhosted zones.
NSD project page. Direct Download.

Unbound 1.4.22 released

Wed, 12 March 2014
no libldns dependency, fix trustanchor full filesystem, fix lenience on validation of nxdomain empty nonterminals
Unbound website. Direct Download. Changes.

getdns 0.1.0 beta released

Wed, 26 Feb 2014
The first beta release of an open source implementation of the getdns API specification. This is an collaborative effort with Verisign and No Mountain Software.
Poject page. Direct Download. API specification.

NSD 3.2.17 released

Mon, 27 Jan 2014
Bug fixes and CAA RRtype added.
NSD project page. Direct Download.

Net::DNS 0.74 released

Thu, 16 Jan 2014
Resolves a pressing bug with TSIG. Support for CAA, EUI48 and EUI64 RR types
Net::DNS 0.74 release announcement. Project website. Direct Download. Changes.

ldns 1.6.17 released

Fri, 10 Jan 2014
Many bugfixes, All current (draft) RR types implemented, Better ldns-verify-zone performance and Perl5 bindings with the DNS::LDNS module.
ldns project page. Direct Download. Changes.

Net::DNS::SEC 0.17 released

Fri, 29 Nov 2012
Bugfixes and validation of wildcard RR sets
Net::DNS::SEC 0.17 release announcement. Project website. Direct Download. Changes.

OpenDNSSEC 1.4.0 released

Mon, 22 April 2013
Version 1.4.0 of OpenDNSSEC has now been released. It includes support for AXFR and IXFR, both input and output; HSM login; and more. Also the Auditor is deprecated.
More information.

Credns 0.2.10 released

Fri, 22 Jun 2012
Software program aimed at fortifying DNSSEC by performing validation in the DNS notify/transfer-chain.
Details. Direct Download.

Dnssec-Trigger 0.11 released

Thu, 7 Jun 2012
experimental package that provides DNSSEC on personal computers. Bug fixes, hotspot detection, software update.
Details. Direct Download. Changes.


Open Data Analysis to Retrieve Sensitive Information Regarding National-Centric Critical Infrastructures

Mon, 3 Feb 2014
Open Data repositories store a variety of information from country governments and private sectors. A concern is that with publishing data, sensitive information can be obtained by visual analytic techniques. The report shows that it is possible to retrieve precise locations where critical infrastructures overlap.
MSc. report (PDF).

Securing the last mile of DNS with CGA-TSIG

Tue, 8 Jan 2014
TSIG with shared keys is not scalable as a solution for the DNS last mile problem. CGA-TSIG extends TSIG with CGA so that shared secrets are no longer required. This research investigates the CGA-TSIG proposal by doing a security analysis and by making a PoC implementation in ldns.
MSc. report (PDF).

DNSSEC Audit Framework

Mon, 30 Dec 2013
In collaboration with SWITCH, the .CH and .LI registry, we have created a DNSSEC audit framework, that can be used to conduct a review of your or someone else's DNSSEC implementation.

NLnet Labs Strategic Plan 2014

Wed, 9 Oct 2013
This is the first time we post this type of plan publicly. With this plan we intend to communicate who we are and where we are going, it serves the NLnet Labs Board and Staff but also the parties that support our mission and want to contribute financially.
Strategic Plan(PDF).

Experiences with MPTCP in an International OpenFlow Network

Tue, 3 Sep 2013
Keeping up with the network demand in order to transfer these data sets over the Internet is a challenge. Single links do not have enough capacity anymore. Therefore we need to install more interfaces in the servers and use all available paths in the network. In this paper we describe two new technologies that help to optimally use the capacity of all multiple paths simultaneously: OpenFlow and Multipath TCP (MPTCP).
TNC2013 paper (PDF).

Recent blog posts

Tue, 24 Sep 2013 by benno
This blog post is based on the report “Discovery and Mapping of the Dutch National Critical IP Infrastructure” by Fahimeh Alizadeh and Razvan Oprea. Problem After the publication of the Critical Infrastructure Protection report more than ten years ago, the leading questions that emerge today are how critical infrastructure companies are interconnected, how resilient are these connections, ...
Mon, 16 Sep 2013 by wouter
The recent disclosure by ANSSI (CVE-2013-5661) notes problems with RRL Slip and response spoofing. This document explains explains the tradeoffs. Other documents with advice: French announcement from ANSSI: http://www.certa.ssi.gouv.fr/site/CERTA-2013-AVI-506/index.html Dutch vuln announcement: https://www.ncsc.nl/.../NCSC-2013-0597...html English: We do not have a link to English information. However the vulnerability number is: CVE-2013-5661 Redbarn from Vixie: On the Time ...
Mon, 08 Jul 2013 by wouter
For NSD 4 the TCP performance was optimised, with different socket handling compared to NSD 3. This article discusses a TCP performance test for NSD 4. In previous blog contributions, general (UDP) performance was measured and memory usage was analysed for NSD 4. The TCP performance was measured by taking the average qps reported by ...
Fri, 05 Jul 2013 by wouter
NSD 4 is currently in beta and we are expecting a release candidate soon. This is the second of a series of blog-posts in which we describe some findings that may help you to optimize your NSD4 installation. In the first article we talked about general performance, this article muses about memory usage. (This article ...

Other related news

Mon Feb 17 2014

© Stichting NLnet Labs

Science Park 400, 1098 XH Amsterdam, The Netherlands

labs@nlnetlabs.nl, subsidised by NLnet and SIDN.