Stichting NLnet Labs (NLnet Labs for short) is a not-for-profit foundation founded in 1999 in the Netherlands. Its statutes define its objectives: to develop Open Source software and open standards for the benefit of the Internet.
NLnet Labs' mission is:
To provide globally recognized innovations and expertise for those technologies that turn a network of networks into an Open Internet for All.
» Read more about Labs.

NLnet Labs is a charitable foundation (ANBI) and our main source of income is a subsidy from SIDN and a subsidy from the NLnet Foundation. As we're moving forward and need to ensure our continuity, we welcome your support! In order to develop a sustainable income, we invite you to consider our Support and SLA services, provided by Open Netlabs BV being a 100% subsidiary of NLnet Labs.
» Read more about our funding.

Software updates

Unbound 1.5.5 released

Tue, 6 Oct 2015
Algorithm lenience, H root IP, fixes in RFC5011 code and other bug fixes.
Unbound website. Direct Download. Changes.

NSD 4.1.5 released

Mon, 21 Sep 2015
Fixes flaw in 4.1.4 that served by default instead of
NSD project page. Direct Download.

NSD 4.1.4 released

Wed, 09 Sep 2015
Fix fetching expired zones with wrong serial management, fix short NSID responses, URI type.
NSD project page. Direct Download.

Net::DNS::SEC 1.01 released

Mon, 3 Aug 2015
Crypto funcs for Net::DNS 1.01 DNSSEC RR's
Net::DNS::SEC 2.01 release announcement. Project website. Direct Download. Changes.

getdns 0.3.1 released

Sat, 18 Jul 2015
Bugfixes, native stub DNSSEC validation, lists of transports
Announcement. Direct Download. API specification.

Unbound 1.5.4 released

Thu, 9 July 2015
negative cache options, algorithm lenience option, ratelimits and bug fixes.
Unbound website. Direct Download. Changes.

Net::DNS 1.01 released

Mon, 6 Jul 2015
First major release, DNSSEC RR's integrated
Net::DNS 2.01 release announcement. Project website. Direct Download. Changes.

NSD 3.2.19 released

Thu, 28 May 2015
Bugfixes, tsig hashes, CDS, CDNSKEY, DNAME TTL. End-of-life has been announced for NSD 3 support.
NSD project page. Direct Download.

NSD 3 end of support May 20th, 2016

Tue, 20 May 2015
With this notification, NLnet Labs makes known the end-of-support for NSD 3. Support for NSD 3 will be continued for one year (date May 20th, 2016).
NSD project page. Email announcement.


NLnet Labs Annual Report 2014

Wed, 30 June 2015
We are happy to present NLnet Labs Annual report 2014. In it we present an overview of Labs' various activities and describe their impact.
Annual Report 2014 (PDF).

BGP Route Leaks Analysis

Fri, 6 Mar 2015
A route leak is a violation of the policies between the networks involved. In this project, we obtain routing information from differecent sources and make inferences to detect possible route leaks. These potential route leaks have been further investigated on their duration, the type of violation, and the type and origin of network that caused the leak-detection.
MSc. report (PDF).

BGP Evolution Analysis

Thu, 31 Jul 2014
The Internet has been growing rapidly for many years. A logical consequence of the growth trend is the increase in effort to discover reachability and routing information of all the networks. The project investigates the different components which together form the actual update message signal and tries to find a reason behind the growth factor.
MSc. report (PDF).

Measuring the Deployment of DNSSEC over the Internet

Thu, 2 Jul 2014
The deployment of DNSSEC is measured with the RIPE Atlas infrastructure. The results provide new insight on the distribution of DNSSEC support among resolvers, and notably show that around 90% of resolvers are DNSSEC-aware, and about 30% validate answers.
MSc. report (PDF).

Open Data Analysis to Retrieve Sensitive Information Regarding National-Centric Critical Infrastructures

Mon, 3 Feb 2014
Open Data repositories store a variety of information from country governments and private sectors. A concern is that with publishing data, sensitive information can be obtained by visual analytic techniques. The report shows that it is possible to retrieve precise locations where critical infrastructures overlap.
MSc. report (PDF).

Securing the last mile of DNS with CGA-TSIG

Tue, 8 Jan 2014
TSIG with shared keys is not scalable as a solution for the DNS last mile problem. CGA-TSIG extends TSIG with CGA so that shared secrets are no longer required. This research investigates the CGA-TSIG proposal by doing a security analysis and by making a PoC implementation in ldns.
MSc. report (PDF).


Akkerhuis selected for DNS Root Zone KSK design team

Thu, 5 Feb 2015
Jaap Akkerhuis from NLnet Labs has been selected for the DNS Root Zone KSK rollover plan design team.
ICANN Announcements.

ISC and NLnet Labs Joins Forces

Mon, 10 Nov 2014
ISC and NLnet Labs have signed an agreement to make available a combined Advance Security Notification subscription on their software products.
Press release.

Recent blog posts

Fri, 19 Sep 2014 by wouter
NSD 4.1: zonefile-mode and fork fix Use zone files and not nsd.db NSD 4.1 has been released and it contains a new feature where NSD does not use the nsd.db file, but uses the zonefiles directly.  The feature can be turned on by configuring one line in nsd.conf, it can also be turned off by ...
Mon, 15 Sep 2014 by benno
NLnet Labs announces that it will take full responsibility for continuing the activities of both the OpenDNSSEC softwareproject as well as the support activities of the Swedish OpenDNSSEC AB. OpenDNSSEC was created as an open source turn-key solution for DNSSEC, managing the security of domain names on the Internet. The project drives adoption of Domain ...
Mon, 02 Jun 2014 by olaf
July 11 I  will be leaving NLnet Labs to join the Internet Society as Chief Internet Technology Officer. During the last one-and half decade I have tried to push the needle to a more secure, resilient, and dependable Internet. For the last eight and a half years I did this at NLnet Labs by leading a ...
Thu, 01 May 2014 by wouter
Wouter Wijngaards en Olaf Kolkman Context At NLnet Labs we believe that DNSSEC allows for security innovations that will change the global security and privacy landscape. Innovations like DANE, a technology that allows people to use the global DNS to bootstrap a encrypted channel, are only the start of currently unimaginable technical innovation. The deployment ...

Fri Feb 27 2015

© Stichting NLnet Labs

Science Park 400, 1098 XH Amsterdam, The Netherlands

labs@nlnetlabs.nl, subsidised by NLnet and SIDN.