News and updates
OpenDNSSEC 1.4.0 released
Mon, 22 April 2013
Version 1.4.0 of OpenDNSSEC has now been released. It includes
support for AXFR and IXFR, both input and output; HSM login; and more. Also
the Auditor is deprecated.
Unbound 1.4.20 released
Thu, 21 March 2013
Defending against DNS reflection amplification attacks
Mon, 18 Feb 2013
Measurements and analysis of defense mechanisms against
DNS reflection and amplification attacks.PDF
NSD 3.2.15 released
Mon, 4 Feb 2013
Net::DNS 0.72 released
Fri, 28 Dec 2012
RFC6781: DNSSEC Operational Practices, Version 2
Mon, 24 Dec 2012
An updated set of practices for operating the DNS with
security extensions (DNSSEC).RFC6781
ldns 1.6.16 released
Tue, 13 Nov 2012
ldns 1.6.14 and ldns 1.6.15 had a bug in creating empty bitmaps for NSEC3 on empty non-terminals; and were unable to build a loadable pyldns module.
This release has those two bugs resolved.
ldns project page
We have a Blog
Fri, 14 Sep 2012
NLnet Labs now maintains a blog. We use it to publish (technical)
background informagion about design and the use of our
software and other material relevant to the community.
Resilient OpenDNSSEC (MSc. thesis)
Mon, 20 Aug 2012
This thesis analyses error situations in securing DNS zones with OpenDNSSEC. Recommendations are presented to increase the
resilience level that OpenDNSSEC can offer against such situations.
Discovering Path MTU black holes on the Internet using RIPE Atlas (MSc. thesis)
Mon, 23 July 2012
Measurement and analysis of Path MTU black holes due to ICMP and packet fragment filtering on the Internet.
Credns 0.2.10 released
Fri, 22 Jun 2012
Software program aimed at fortifying DNSSEC by performing validation in the DNS notify/transfer-chain.Details
RFC6672: DNAME redirection in the DNS
Mon, 18 June 2012
The DNAME record provides redirection for a subtree of the domain
name tree in the DNS.
RFC6635: RFC Editor Model (2)
Mon, 18 June 2012
This document describes the the RFC Series functions: the RFC Series Editor,
the RFC Production Center, and the RFC Publisher.
RFC 6605: ECDSA for DNSSEC
Mon, 18 June 2012
This document describes how to specify Elliptic Curve Digital
Signature Algorithm (DSA) keys and signatures in DNS Security
NLnet Labs Annual Report 2011
Fri, 8 June 2012
We are happy to present NLnet Labs Annual report 2011. It is
intended to present an overview of Labs' various activities
to those who support NLnet Labs financially, through grants
or support contracts, and for those who have shown a general
interest in our activities.
Annual Report 2011 (PDF)
Dnssec-Trigger 0.11 released
Thu, 7 Jun 2012
experimental package that provides DNSSEC on personal computers. Bug fixes, hotspot detection, software update.Details
Roelof Meijer joins NLnet Labs' board
Thu, 4 June 2012
As of May 31 Roelof Meijer is a member of the NLnet Labs' Board. Roelof is the CEO of SIDN, the Dutch TLD-registry which is one of the major financial contributors of NLnet Labs.
About NLnet Labs
Flexible and Robust Key Rollover in DNSSEC
Wed, 28 Mar 2012
Paper describing the OpenDNSSEC Enforcer NG design,
presented at SATIN 2012.
Collaboration between SIDN and NLnet Labs
Mon, 23 Jan 2012
SIDN, the company behind .nl, today signed a
five-year contract with NLnet Labs. NLnet Labs - the Dutch
internet technology expertise centre - has a worldwide
reputation for its work in the field of DNS and DNSSEC. Through
its financial backing for NLnet Labs, SIDN aims to support not
only the continued development of DNS applications such as
Unbound and NSD, but also NLnet Labs' general internet R&D work,
at least for the next five years.