Software updates
OpenDNSSEC 1.4.0 released
Mon, 22 April 2013
Version 1.4.0 of OpenDNSSEC has now been released. It includes
support for AXFR and IXFR, both input and output; HSM login; and more. Also
the Auditor is deprecated.
More information.
Unbound 1.4.20 released
Thu, 21 March 2013
NSD 3.2.15 released
Mon, 4 Feb 2013
Net::DNS 0.72 released
Fri, 28 Dec 2012
ldns 1.6.16 released
Tue, 13 Nov 2012
ldns 1.6.14 and ldns 1.6.15 had a bug in creating empty bitmaps for NSEC3 on empty non-terminals; and were unable to build a loadable pyldns module.
This release has those two bugs resolved.
ldns project page.
Direct Download.
Changes.
Credns 0.2.10 released
Fri, 22 Jun 2012
Software program aimed at fortifying DNSSEC by performing validation in the DNS notify/transfer-chain.Details.
Direct Download.
Dnssec-Trigger 0.11 released
Thu, 7 Jun 2012
experimental package that provides DNSSEC on personal computers. Bug fixes, hotspot detection, software update.Details.
Direct Download.
Changes.
OpenDNSSEC 1.3.13 released
Wed, 20 Feb 2013
Bugfix release. For downloads and more information about future release
plans, visit the OpenDNSSEC website.
OpenDNSSEC website.
Net::DNS 0.71 released
Sat, 15 Dec 2012
Unbound 1.4.19 released
Thu, 12 December 2012
Net::DNS 0.70 released
Thu, 6 Dec 2012
OpenDNSSEC 1.3.12 released
Mon, 3 Dec 2012
Bugfix release. For downloads and more information about future release
plans, visit the
OpenDNSSEC website.
OpenDNSSEC website.
OpenDNSSEC 1.3.11 released
Tue, 13 Nov 2012
Bugfix release. For downloads and more information about future release
plans, visit the
OpenDNSSEC website.
OpenDNSSEC website.
NSD 3.2.14 released
Thu, 1 Nov 2012
ldns 1.6.15 released
Tue, 25 Oct 2012
Emergency release restoring binary compatibility with previous releases.
ldns 1.6.14 had:
Many bugfixes thanks to code reviews, A big pyldns update and DANE support (RFC 6698), including a new example tool: ldns-dane for verifying and creating TLSA records.ldns project page.
Direct Download.
Changes.
ldns 1.6.14 released
Tue, 23 Oct 2012
Many bugfixes thanks to code reviews, A big pyldns update and DANE support (RFC 6698), including a new example tool: ldns-dane for verifying and creating TLSA records.ldns project page.
Direct Download.
Changes.
OpenDNSSEC 1.3.10 released
Mon, 8 Oct 2012
Bugfix release. For downloads and more information about future release
plans, visit the
OpenDNSSEC website.
OpenDNSSEC website.
Unbound 1.4.18 released
Thu, 2 August 2012
NSD 3.2.13 released
Fri, 27 Jul 2012
NSD 3.2.12 released
Thu, 19 Jul 2012
Emergency release fixing a denial of service vulnerability from non-standard DNS packet from any host on the internet. VU#624931 CVE-2012-2978
NSD project page.
Direct Download.
NSD 3.2.11 released
Mon, 9 Jul 2012
OpenDNSSEC 1.3.9 released
Mon, 18 June 2012
Bugfix release. For downloads and more information about future release plans, visit the
OpenDNSSEC website.
OpenDNSSEC website.
Unbound 1.4.17 released
Thu, 24 May 2012
ldns 1.6.13 released
Mon, 21 May 2012
Bugfixes, ECDSA support (RFC 6605) & new commandline options to ldns-verify-zone for specifying keys, whether or not to sigchase, and inception and expiration offsets.ldns project page.
Direct Download.
Changes.
OpenDNSSEC 1.3.8 released
Mon, 14 May 2012
Minor features and two bugfixes.
For downloads and more information about future release plans, visit the
OpenDNSSEC website.
OpenDNSSEC website.
OpenDNSSEC 1.3.7 released
Tue, 13 Mar 2012
Bugfix release.
For downloads and more information about future release plans, visit the OpenDNSSEC website.
OpenDNSSEC website.
OpenDNSSEC 1.3.6 released
Fri, 17 Feb 2012
Bugfix release.
For downloads and more information about future release plans, visit the OpenDNSSEC website.
OpenDNSSEC website.
Dnssec-Trigger 0.10 released
Fri, 17 Feb 2012
experimental package that provides DNSSEC on personal computers. Bug fixes, easier hotspot, no two popups, installer fixes.Details.
Direct Download.
Changes.
NSD 3.2.10 released
Wed, 15 Feb 2012
Unbound 1.4.16 released
Thu, 2 Feb 2012
Net::DNS 0.68 released
Mon, 30 Jan 2012
Unbound 1.4.15 released
Thu, 26 Jan 2012
ldns 1.6.12 released
Wed, 11 Jan 2012
Bugfixes (including the date transposition flaw) and minor new features such as: user definable ``current'' time, SOA serial update functions and improvements of the build system.ldns project page.
Direct Download.
Changes.
Dnssec-Trigger 0.9 released
Mon, 19 Dec 2011
experimental package that provides DNSSEC on personal computers. unbound 1.4.14 in binary packages. minor fixes.Details.
Direct Download.
Changes.
Unbound 1.4.14 released
Mon, 19 Dec 2011
Dnssec-Trigger 0.8 released
Tue, 13 Dec 2011
NSD 3.2.9 released
Wed, 23 Nov 2011
Two new features: minimize responses to reduce the setting of the TC bit
and less NSEC3 prehashing to speed up a reload after a zone transfer.
Also, a fair list of bugfixes. See the Release Notes for more information.
NSD project page.
Direct Download.
OpenDNSSEC 1.3.3 released
Thu, 17 Nov 2011
Bugfix release.
For downloads and more information about future release plans, visit the OpenDNSSEC website.
OpenDNSSEC website.
Net::DNS 0.67 released
Mon, 7 Nov 2011
Dnssec-Trigger 0.7 released
Fri, 28 Oct 2011
Dnssec-Trigger 0.6 released
Fri, 21 Oct 2011
Dnssec-Trigger 0.5 released
Thu, 29 Sep 2011
experimental test of new package. Together with unbound provides DNSSEC on 127.0.0.1 on personal computers.Details.
Direct Download.
ldns 1.6.11 released
Thu, 29 Sep 2011
Unbound 1.4.13 released
Thu, 15 Sep 2011
OpenDNSSEC 1.3.2 released
Tue, 13 Sep 2011
Two bugfixes regarding reading the backup files.
For downloads and more information about future release plans, visit the OpenDNSSEC website.
OpenDNSSEC website.
OpenDNSSEC 1.3.1 released
Wed, 6 Sep 2011
Threading bugfix release.
For downloads and more information about future release plans, visit the OpenDNSSEC website.
OpenDNSSEC website.
OpenDNSSEC 1.2.2 released
Thu, 11 Aug 2011
Bugfix release.
For downloads and more information about future release plans, visit the OpenDNSSEC website.
OpenDNSSEC website.
OpenDNSSEC 1.3.0 released
Tue, 12 Jul 2011
Unbound 1.4.12 released
Thu, 14 Jul 2011
Unbound 1.4.11 released
Thu, 30 Jun 2011
ldns 1.6.10 released
Tue, 31 May 2011
Unbound 1.4.10 released
Wed, 25 May 2011
Unbound 1.4.9 released
Thu, 24 Mar 2011
NSD 3.2.8 released
Tue, 22 Mar 2011
OpenDNSSEC 1.2.1 released
Fri, 18 Mar 2011
Bugfix release.
For downloads and more information about future release plans, visit the OpenDNSSEC website.
OpenDNSSEC website.
ldns 1.6.9 released
Wed, 18 Mar 2011
Unbound 1.4.8 released
Mon, 24 Jan 2011
ldns 1.6.8 released
Mon, 24 Jan 2011
NSD 3.2.7 released
Mon, 24 Jan 2011
OpenDNSSEC 1.2.0 out now
Fri, 14 Jan 2011
OpenDNSSEC 1.2.0 is released today. Python dependencies are dropped: the whole signer engine
is now written in c. Improvements on the enforcer.
For downloads and more information about future release plans, visit the OpenDNSSEC website.
OpenDNSSEC website.
Unbound 1.4.7 released
Mon, 8 Nov 2010
ldns 1.6.7 released
Mon, 8 Nov 2010
ldns 1.6.6 released
Mon, Aug 9 2010
Unbound 1.4.6 released
Tue, Aug 3 2010
NSD 3.2.6 released
Mon, Aug 2 2010
Unbound 1.4.5 released
Tue, Jun 15 2010
ldns 1.6.5 released
Tue, Jun 15 2010
Unbound 1.4.4 released
Thu, Apr 22 2010
NSD 3.2.5 released
Wed, Apr 14 2010
Unbound 1.4.3 released
Tue, Mar 11 2010
Unbound 1.4.2 released
Tue, Mar 09 2010
OpenDNSSEC 1.0.0 out now
Tue, Feb 9 2010
The first official OpenDNSSEC release is available right now.
For downloads and more information about future release plans, visit the OpenDNSSEC website.
OpenDNSSEC website.
ldns 1.6.4 released
Wed, Jan 20 2010
This new release has the pyldns contribution by Zdenek Vasicek and Karel Slany imported. Plus bug fixes.
Direct Download.
Changes.
NSD 3.2.4 released
Wed, Jan 6 2010
Unbound 1.4.1 released
Thu, Dec 17 2009
ldns 1.6.3 released
Fri, Dec 4 2009
Unbound 1.4.0 released
Thu, Nov 26 2009
ldns 1.6.2 released
Thu, Nov 12 2009
Enables SHA2 by default. Fixes lots of bugs for OpenDNSSEC and other. ldns-sign-zone will minimally sign the DNSKEY rrset. Direct Download.
Changes.
Unbound 1.3.4 released
Wed, Oct 7 2009
autotrust 0.3.1 released
Tue, Sep 8 2009
This new autotrust release offers some new features like syslog and resolver reloading,
as well as some bug fixes. Also, the configuration file format has changed, to be more
in line with Unbound.
Direct Download.
Changelog.
NSD 3.2.3 released
Mon, Aug 17 2009
ldns 1.6.1 released
Fri, Aug 14 2009
Unbound 1.3.3 released
Tue, Aug 4 2009
Unbound 1.3.2 released
Thu, Jul 13 2009
Unbound 1.3.1 released
Thu, Jul 9 2009
ldns 1.6.0 released
Thu, Jul 9 2009
Unbound 1.3.0 released
Thu, Jun 11 2009
NSD 3.2.2 release critical
Mon, May 18 2009
ldns 1.5.1 released
Tue, Feb 10 2009
Unbound 1.2.1 released
Tue, Feb 10 2009
ldns 1.5.0 released
Mon, Feb 9 2009
NSD 3.2.1. out now
Mon, Jan 19 2009
Unbound 1.2.0 released
Wed, Jan 14 2009
ldns 1.4.1 released
Fri, Dec 19 2008
Unbound 1.1.1 released
Thu, Nov 24 2008
Unbound 1.1.0 released
Thu, Nov 18 2008
NSD 3.2.0 released
Mon, Nov 10 2008
A "feature rich" release. Contains longstanding requests such as SHA support for TSIG and configuration options for setting the outgoing interface. Also AXFR fallback, and IXFR on TCP by default. VERY IMPORTANT: The format of ixfr.db has changed, so be sure to process the old one before updating to 3.2.0.
NSD project page.
Direct Download.
Changelog.
ldns 1.4.0 released
Fri, Nov 7 2008
Unbound 1.0.2 released
Thu, Aug 7 2008
NSD 3.1.1 released
Mon, Jul 21 2008
This release contains mainly bugfixes. It also allows you to configure the maximum number of allowed interfaces. If you use it, it can have consequences for your memory usage.
NSD project page.
Direct Download.
Changelog.
NSD 3.1.0 released
Mon, Jun 23 2008
New version of NSD. It supports NSEC3 by default, has a "hide-version" configuration setting, to stop NSD answering from CHAOS class version requests, has bind2nsd 0.5.0, has some bugfixes resolved and reports source and zone for denied AXFR attempts. Some operational notes: the default locations of nsd.db, ixfr.db and xfrd.state are changed to the /var/db/nsd/ directory.
NSD project page.
Direct Download.
Changelog.
ldns 1.3.0 released
Tue, Jun 2 2008
New version of ldns; If Unbound is to be linked against a separate copy of ldns, this
version should be used.
There are also some notable features, such as HSM support for DNSSEC signing, and
nicer output for signature chasing.
ldns project page.
Direct Download.
Changelog.
Unbound 1.0.0 released
Tue, May 20 2008
NSD 3.0.8 Release
Fri, Apr 18 2008
ldns 1.2.2 Release
Wed, Nov 28 2007
NSD 3.0.7 Release
Tue, Nov 13 2007
Fixup of error handling for bad data in IXFRs. Manual page syntax improvements.
NSD project page.
NSD 2.3.7 Release
Mon, Apr 16 2007
This is a bug-fix release on our older maintenance branch of NSD. It
includes a fixup of type WKS printing from nsd-xfer, a fixup in a call
to getservbyport. There are changes in the getaddrinfo error message
and a change to make it fall back to IPv4 if it fails for IPv6. A
typecast is added to satisfy the compiler. Furthermore a cleanup of the
text for NOTAUTH error code.
NSD project page.
ldns 1.2.0 Release
Wed, Apr 11 2007
|
Publications
Defending against DNS reflection amplification attacks
Mon, 18 Feb 2013
Measurements and analysis of defense mechanisms against
DNS reflection and amplification attacks.PDF.
RFC6781: DNSSEC Operational Practices, Version 2
Mon, 24 Dec 2012
An updated set of practices for operating the DNS with
security extensions (DNSSEC).RFC6781.
Resilient OpenDNSSEC (MSc. thesis)
Mon, 20 Aug 2012
This thesis analyses error situations in securing DNS zones with OpenDNSSEC. Recommendations are presented to increase the
resilience level that OpenDNSSEC can offer against such situations.
PDF.
Discovering Path MTU black holes on the Internet using RIPE Atlas (MSc. thesis)
Mon, 23 July 2012
Measurement and analysis of Path MTU black holes due to ICMP and packet fragment filtering on the Internet.
PDF.
RFC6672: DNAME redirection in the DNS
Mon, 18 June 2012
The DNAME record provides redirection for a subtree of the domain
name tree in the DNS.
RFC6672.
RFC6635: RFC Editor Model (2)
Mon, 18 June 2012
This document describes the the RFC Series functions: the RFC Series Editor,
the RFC Production Center, and the RFC Publisher.
RFC6635.
RFC 6605: ECDSA for DNSSEC
Mon, 18 June 2012
This document describes how to specify Elliptic Curve Digital
Signature Algorithm (DSA) keys and signatures in DNS Security
(DNSSEC).
RFC6605.
NLnet Labs Annual Report 2011
Fri, 8 June 2012
We are happy to present NLnet Labs Annual report 2011. It is
intended to present an overview of Labs' various activities
to those who support NLnet Labs financially, through grants
or support contracts, and for those who have shown a general
interest in our activities.
Annual Report 2011 (PDF).
Flexible and Robust Key Rollover in DNSSEC
Wed, 28 Mar 2012
Paper describing the OpenDNSSEC Enforcer NG design,
presented at SATIN 2012.
PDF.
Authenticated Denial of Existence in the DNS
Mon, 16 Jan 2012
Authenticated Denial of Existence in the DNS
Wed, 9 Nov 2011
Multi-Path Inter-Domain Routing: The Impact on BGP's Scalability, Stability,
and Resilience to Link Failures
Wed, 31 Aug 2011
Multi-path routing protocols are proposed to solve transient disconnectivity
during convergence time. As their name implies, these protocols are designed
to explore more paths than BGP in the attempt to keep the ASes connected in
case of link failures. The impact of the multi-path routing
protocols on scalability, stability, and resilience to link failures are
studied using simulation experiments.
MSc. thesis (PDF).
NLnet Labs Annual Report 2010
Mon, 30 May 2011
We are happy to present NLnet Labs Annual report 2010. It is
intended to present an overview of Labs' various activities
to those who support NLnet Labs financially, through grants
or support contracts, and for those who have shown a general
interest in our activities.
Annual Report 2010 (PDF).
Secure Routing: State-of-the-Art Deployment and Impact on Network Resilience
Tue, 28 Sep 2010
This ENISA publication reports on a study by NLnet Labs and GNKS
Consult, surveying current state-of-the-art secure routing
technologies. Network operators, engineers, and researchers are
interviewed on the deployment of secure routing technology, its
performance expectations and operating experiences, and future
perspectives.
ENISA Secure Routing Report (PDF) (external link).
Impact of Topology on BGP Convergence
Mon, 23 Aug 2010
This MSc. thesis in collaboration with VU University
Amsterdam, reports on the study to understand how the
underlying topology of the Internet influences BGP
performance. A highly scalable simulator is used to
simulate full-scale AS-level Internet. We found that BGP
is sensitive to certain topological characteristics of
the Internet, while remain completely unaffected on
variation in some other characteristics.
MSc. thesis (PDF).
NLnet Labs Annual Report 2009
Mon, June 2 2010
We are happy to present NLnet Labs Annual report 2009. It is
intended to present an overview of Labs' various activities
to those who support NLnet Labs financially, through grants
or support contracts, and for those who have shown a general
interest in our activities.
Annual Report 2009 (PDF).
NSEC3 Hash Performance
Thu, Mar 18 2010
We have measured the effect of
the number of hash iterations in NSEC3 in terms of maximum query load using
NSD and Unbound. This document presents the results of these measurements
and compares the cost for validating and authoritative name servers and allows
for an educated choice for these parameters.
PDF.
Securing DNS: Extending DNS Servers with a DNSSEC Validator
Tue, Oct 27 2009
DNS Security Extensions (DNSSEC) is a proposed standard for securely authenticating information in the Domain Name System. DNSSEC validators check the digital signatures on DNS data. However, designing a validator worth the operational costs is a challenge. Published in IEEE Security & Privacy, Sept/Oct. 2009.Securing DNS (DOI Bookmark).
DNSSEC HOWTO updated
Thu, Jul 4 2009
The DNSSEC HOWTO received its first public update after 2007. Examples have been updated to use recent versions of the software, Unbound configuration has been added, and some new material has been added.DNSSEC HOWTO (HTML).
DNSSEC HOWTO (PDF preferred).
NLnet Labs Annual Report 2008
Mon, June 8 2009
We are happy to present NLnet Labs Annual report 2008. It is
intended to present an overview of Labs' various activities
to those who support NLnet Labs financially, through grants
or support contracts, and for those who have shown a general
interest in our activities.
Annual Report 2008 (PDF).
Implementing OpenLISP with LISP+ALT
Tue, April 14 2009
The LISP protocol has been developed to address the growth of the BGP routing table in the DFZ. OpenLISP is an implementation of this protocol, but does not include a location mapping service. This reports describes how a mapping locations service should interact with OpenLISP, GRE and Quagga to use LISP+ALT as a control plane.OpenLISP report (PDF).
DNSSEC Key Maintenance Analysis
Thu, Oct 23 2008
This document provides recommendations for the generation, storage
and use of keys in the context of DNSSEC. It is a followup of NLnet
Labs document 2006-SE-01: DNS Threat Analysis, written for .SE.
pdf.
Enforcing Integrity of Agent Migration Paths by Distribution of Trust
Mon, Sep 25 2008
Agent mobility is the ability of an agent to migrate from one
location to another across a network. Though conceptually relatively
straightforward, in practice security of mobile agents is a
challenge. This paper discusses the security
issues involved and proposes protocols for secure agent migration.
AgentScape, an agent platform for mobile agents, is used to
illustrate the feasibility of the implementation of these protocols.
Download article (pdf).
Master Thesis BGP Modeling and Simulation
Mon, Sep 8 2008
In this thesis we present a new approach to BGP simulation. Instead
of focussing on intra-domain communication, network and protocol are
highly abstracted in order to allow for large-scale simulation. We
describe our model of the BGP protocol along with its implementation.
Many tracks of future researc are shown as well as many possible
uses of this kind of approach to BGP simulation.
Download master thesis (pdf).
Annual Report 2007 released
Fri, Aug 22 2008
We are happy to present NLnet Labs Annual report 2007. It is
intended to present an overview of Labs' various activities
to those who support NLnet Labs financially, through grants
or support contracts, and for those who have shown a general
interest in our activities.
Annual Report 2007(pdf).
HSM Tutorial
Tue, May 13 2008
Design of a Secure and Decentralized Location Service for
Agent Platforms
Wed, Sep 19 2007
Formalization and Verification of the Shim6 Protocol
Mon, Jul 16 2007
Annual Report 2006
Tue, May 21 2007
DNS Threat Analysis
Thu, May 3 2007
Annual Report 2005
Tue, Jun 18 2006
|
Other related news
We have a Blog
Fri, 14 Sep 2012
NLnet Labs now maintains a blog. We use it to publish (technical)
background informagion about design and the use of our
software and other material relevant to the community.
Blog Pages.
Roelof Meijer joins NLnet Labs' board
Thu, 4 June 2012
As of May 31 Roelof Meijer is a member of the NLnet Labs' Board. Roelof is the CEO of SIDN, the Dutch TLD-registry which is one of the major financial contributors of NLnet Labs.
About NLnet Labs.
Collaboration between SIDN and NLnet Labs
Mon, 23 Jan 2012
SIDN, the company behind .nl, today signed a
five-year contract with NLnet Labs. NLnet Labs - the Dutch
internet technology expertise centre - has a worldwide
reputation for its work in the field of DNS and DNSSEC. Through
its financial backing for NLnet Labs, SIDN aims to support not
only the continued development of DNS applications such as
Unbound and NSD, but also NLnet Labs' general internet R&D work,
at least for the next five years.
Press Announcement.
Unbound/DnssecTrigger workshop at Augsburger Linutage
Fri, 17 Feb 2012
Free Unbound/DNSSEC Trigger workshop at Augsburger Linux Infotage by Carsten Strotmann, 24 March.Programm.
Unbound advisory
Mon, 19 Dec 2011
Unbound advisory
Wed, 25 May 2011
World IPv6 Day event
Thu, 12 May 2011
On Wednesday 8 June 2011, the Dutch World IPv6 Day event will be organised at the Science Park, Amsterdam.
Programme and registration.
 .
Outage due to rehousing
Wed, 27 Apr 2011
On Thursday 28 April 2011, NLnet Labs will move office and servers to a new location.
Thereby all our services will be offline from 09:00am CET till +-12:00am.
Our new location is:
Science Park 400
1098XH Amsterdam
HowTo setup DNSSEC validation
Thu, 7 Apr 2011
describes use of unbound with root trust anchor.HowTo.
Multithreaded signing support for OpenDNSSEC
Mon, 14 Mar 2011
We have changed the design so that RRsets are added to a signing queue,
where a pool of signer threads (called drudgers) grab a signing task and perform it.
With the SCA6000 HSM we now reach maximum performance, meaning OpenDNSSEC can do a 13.000+
signatures per second. The .se zone can now be signed in 2 minute 50 seconds, of which
1 minute 14 seconds are signing operations.
Read more on the OpenDNSSEC website.
AFNIC offered a yearly Subsidy
Mon, 22 Nov 2010
AFNIC has generously offered a yearly subsidy that aids the NLnet Labs
Foundation to accomplish its chartered goals. AFNIC's Head of R&D,
Mohsen Souissi: "We want to express support for the open source and
open standards work that NLnet Labs is pursuing. By producing stable
and high quality DNSSEC-enabled software they are bringing needed
code diversity to the DNS industry and lowering the bar for global DNSSEC
deployment. The organization deserves our sustained support
More information about contributing to NLnet Labs.
Unbound timeout article
Mon, 8 Nov 2010
There is an article that describes how unbound manages timeouts from remote servers.Unbound documentation.
Unbound requestlist article
Thursday, 21 Oct 2010
Men&Mice has a nice article describing how the unbound requestlist works.Article.
Flavors of Unbound
Wed, Jul 28 2010
Men and Mice have published an article on how to select between
different flavors of Unbound compilation.
This article will explain the technical differences of the possible
flavors of Unbound and will give proposals under which type of DNS
workload a specific flavor will perform best.
The article will be kept updated when new versions of unbound are released.
The article can be found here.
DNSSEC Root Key declaration
Wed, Jul 14 2010
On 16 June 2010 around 21:20 UTC Olaf Kolkman witnessed a key generation procedure by which a DNSSEC Key Signing Key for signing the DNS root has been created. The key is known with key-ID 19036.
PGP Signed Declaration containing the DS hash.
Testing Key States of RFC 5011 in Autotrust
Mon, Jul 12 2010
Carsten Rutz of Radboud University investigated the usability
of time model-based testing in a case study: Conformance of the implementation
Autotrust with RFC 5011. The results are presented in a bachelor thesis.
HTML.
PDF.
Stale keys and unbound behaviour
Fri, Feb 12 2010
Statement regarding concerns about stale keys and Unbound behavior
mail.
SURFnet deploys DNSSEC and uses Unbound
Tue, Sep 8 2009
SURFnet announces that all SURFnet DNS (Domain Name System) resolvers now support DNSSEC.
SURFnet uses Unbound as its resolver of choice.
SURFnet is one of the first networks in the Netherlands to support DNSSEC.
More information.
Innovation vouchers
Mon, Aug 28 2009
For Dutch companies there is, under a program to promote
innovation, the possibility to receive a 2.500 Euro
subsidy. The NLnet foundation, our mother, has a program that
allows furthering of open source software by any Dutch company
that is registered with the Chamber of Commerce. It takes 10
minutes to fill in the paperwork and direct those 2.500 Euro
toward a good purpose.
NLnet innovation vouchers.
OpenDNSSEC technology preview
Thu, 30 Jul 2009
The OpenDNSSEC project announces the development of Open Source software that manages the security of domain names on the Internet.
The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.
Visit the OpenDNSSEC website for more information and to download the technology preview.
OpenDNSSEC website.
NLnet Labs is hiring
Sat, Jul 25 2009
We are looking for enthusiastic programmer/developers to
complete our 6 persons team. Somebody who will be developing and
maintaining open source software and open standards.
More information.
BSD Podcast
Wed, Jul 8 2009
The bsdtalk podcast by Will Backman interviews Wouter
Wijngaards about the Unbound resolver.bsdtalk 176.
NSD Vulnerability Announcement
Mon, May 18 2009
RFI for Unbound Tech Support
Tue, Apr 21 2009
NLnet Labs is seeking information about organizations
that would be willing and able to provide first and second line
support for Unbound and would like to know more about their ideas
on organization and cooperation.
RFI-support.
NLnet Labs joins DNSSEC industry coalition to Increase Adoption of Domain Name Security Extensions (DNSSEC).
Thu, Dec 11 2008
The DNSSEC Industry Coalition is a global group of registries and industry experts whose mission is to work collaboratively to facilitate adoption of Domain Name Security Extensions (DNSSEC) and streamline the implementations across Domain Name Registries. Members work together to establish a consistent set of tools and applications, shared best practices, specifications and shared nomenclature. DNSSEC Industry Coalition members include both generic Top-Level Domain and country code Top-Level Domain registries along with industry and educational experts of the Domain Name System.
Press release.
DNSSEC Industry Coalition.
Unbound operation explained in book
Mon, Dec 08 2008
Book "Alternative DNS Servers", also describes Unbound
and NSD operation.More.
Japan Unbound User Group
Thu, Sep 04 2008
The Japan Unbound Users Group has opened its website today, with
unbound documentation, support and forum in Japanese.
http://unbound.jp/.
DNS Cache Poisoning Vulnerability
Wed, Jul 19 2008
NSD Memory Usage Estimate
Fri, Apr 13 2007
NSD Powers Secure64 DNS Solution
Sat, Mar 31 2007
Secure64 is a company specialized in
secure and high-performance applications. They have developed SourceT,
a micro operating system geared towards secure network systems on
Itanium processors.
NSD has been ported to SourceT, and is used as the name server software
of their Secure64 DNS product, providing RFC-compliant, DNSSEC-enabled,
fast DNS services on top of their SourceT operating system.
They have performed benchmarks on a Itanium machine with SourceT running
NSD, and have been able to handle a query load of over 100,000 queries
per second with only 1 CPU. The system was able to sustain DNS service
in the face of a variety of common attack profiles until the network
link was saturated.
The full test results can be found here.
Secure64.
|
