As we make steady progress towards offering a full-fledged #BGP route collector later this year, we're excited to release Rotonda 0.3.0 'Hempcrete & Hawthorn'. #OpenSource #rustlang https://github.com/NLnetLabs/rotonda/releases/tag/v0.3.0
=> More informations about this toot | View the thread
Important commit of the day... #OpenSource #Anniversary https://github.com/NLnetLabs/.github/commit/7c353c209b4f5a035492aad88cf0402a6c8df145
=> More informations about this toot | View the thread
Routinator offered support for #RPKI Autonomous System Provider Authorization (ASPA) as an experimental feature for a number of years already. Standardization has now progressed far enough in the #IETF that we feel comfortable making #ASPA a core feature in Routinator 0.14.1. #OpenSource #OpenStandards https://github.com/NLnetLabs/routinator/releases/tag/v0.14.1
=> More informations about this toot | View the thread
We just released Routinator 0.14.1, fixing CVE-2025-0638, where non-ASCII characters in the file names listed in an #RPKI manifest lead to a crash of Routinator:
https://nlnetlabs.nl/downloads/routinator/CVE-2025-0638.txt
You should also be aware of CVE-2024-12084, fixing a heap-based buffer overflow flaw was found in the rsync daemon:
https://nvd.nist.gov/vuln/detail/cve-2024-12084
Please make sure you update both Routinator and rsync. Lastly, because gzip is re-enabled, you’ll save up to 50% bandwidth.
https://nlnetlabs.nl/news/2025/Jan/22/routinator-0.14.1-released/
=> More informations about this toot | View the thread
“… require contracted providers of Internet services to agencies to adopt and deploy Internet routing security technologies, including publishing Route Origin Authorizations and performing Route Origin Validation filtering."
In light of this Executive Order; if you need #RPKI solutions that are continually developed, have a proven track record, are trusted by the world’s largest operators and are supported with a service-level agreement, we're here for you. #OpenSource
https://www.whitehouse.gov/briefing-room/presidential-actions/2025/01/16/executive-order-on-strengthening-and-promoting-innovation-in-the-nations-cybersecurity/
=> More informations about this toot | View the thread
Willem’s new dev machine.
=> More informations about this toot | View the thread
After spending a year building new functionality for 'domain’, our #DNS library for #rustlang, we're took a step back to reflect and refactor. Tomorrow, we'll do an all-hands meeting to kick off the development work for 2025, featuring #DNSSEC signing with a new hidden primary and making connect-by-name a reality. Stay tuned! https://blog.nlnetlabs.nl/domain-foundations-the-first-of-our-five-year-vision/
=> More informations about this toot | View the thread
Even without some of the PRs merged and not counting all the spin off #DNS projects like mimir (proxy), dnsi (inspection) and dnst (toolbox), the amount of changes in our #OpenSource domain #rustlang library is massive.
git diff --shortstat 5f40b97 f826b82
369 files changed, 89151 insertions(+), 7007 deletions(-)
https://blog.nlnetlabs.nl/domain-foundations-the-first-of-our-five-year-vision/
=> More informations about this toot | View the thread
2024 has been a pivotal year for NLnet Labs. Our vision for #DNS, our commitment to the #rustlang programming language and, in its wake, the influx of new talent joining our team, all combined with the support we received from @sovtechfund, we’ve been able to make a giant leap forward in realizing our #OpenSource goals. We are eager to maintain the momentum!
In the first of a series of articles, we look back at 2024 and set the stage for things to come.
https://blog.nlnetlabs.nl/domain-foundations-the-first-of-our-five-year-vision/
=> More informations about this toot | View the thread
We have released NSD 4.11.0. One notable feature is that configuration can be reloaded and evaluated on SIGHUP, when enabled with the new "reload-config" option. Also, #DNS cookie secrets will be reevaluated from config. :blobcatcookienom: https://nlnetlabs.nl/news/2024/Dec/12/nsd-4.11.0-released/
=> More informations about this toot | View the thread
Our #DNS toolkit for #rustlang, using our domain crate, is nearing completion.
We'll offer the commands to transform a DNSKEY RR to DS RR (key2ds), create a #DNSSEC key pair (keygen), print out the NSEC3 hash for the given domain name (nsec3-hash), generate a DNSSEC signed zone (signzone), send a NOTIFY message to DNS servers and lastly for now, define functions to perform UPDATE queries.
Up next are the finishing touches, with fuzzing support, packages and man pages. https://github.com/NLnetLabs/dnst/pulls
=> More informations about this toot | View the thread
We're hard at work to make our ldns toolset future proof by offering a memory-safe equivalent in #rustlang. This involves a lot of testing, so to make it easier to run commands without making symlinks @terts added an ldns binary to our new toolset, dnst. https://github.com/NLnetLabs/dnst/pull/20
=> More informations about this toot | View the thread
With part of our #DNS #rustlang crew attending #IETF121 to discuss future work, back at the office we just merged the code for loading, storing, and generating #DNSSEC keys in our 'domain' crate. 🔐 https://github.com/NLnetLabs/domain/pull/406
=> More informations about this toot | View the thread
Philip and Petr Spacek are presenting the similarities and differences between the two DELEG proposals, comparing them against the current requirements document in the DELEG WG session at #IETF121.
=> More informations about this toot | View the thread
Based on our domain library for #DNS we offer a command line tool for inspection named dnsi, a toolbox for low-level operations called dnst, and now also an initial design for a proxy, with the working title dnsp.
When we’ve completed all the milestones at the end of the year, we'll spend a day to come up with some nice product names, and throw around some ideas for a logo.
🙃 cough Proxinator cough 😜
=> More informations about this toot | View the thread
[#]DNSSEC signing in our domain crate is coming along nicely. @bal4e now also managed to implement support for key generation using Ring, so now (aside from algorithm support differences), Ring and OpenSSL have the same features. #DNS #rustlang https://github.com/NLnetLabs/domain/pull/406
=> More informations about this toot | View the thread
We're in the final stint of our one-year commitment to @sovtechfund to build a memory-safe library for #DNS.
By the end of 2024, our domain crate for #rustlang will feature a caching stub resolver, zone transfers, #DNSSEC validation and signing, request routing and a proxy, along with tooling for DNS inspection (dnsi) and manipulation (dnst).
In 2025, we'll continue building at the same pace with the same team and we're eager to hear what you would like to see us build most. Let us know!
=> More informations about this toot | View the thread
We offer a collection of #OpenSource example programs in C called ldns, supporting all low-level #DNS and #DNSSEC operations. It also defines a higher level API which allows you to for instance create or sign packets. As part of the @sovtechfund domain milestones, we're reimplementing the most important ones in #rustlang. https://github.com/NLnetLabs/dnst/pulls
=> More informations about this toot | View the thread
With #DNSoverQUIC released in Unbound 1.22.0, we turn our attention to finalizing the review to deploy Fast Reload. As the name suggests it allows reloading the #DNS resolver configuration with no noticeable interruption of the service. #OpenSource #DoQ #QUIC https://github.com/NLnetLabs/unbound/pull/1042
=> More informations about this toot | View the thread
Unbound 1.22.0 has been released! Our #DNS resolver now features support for DNS-over-QUIC.#OpenSource #QUIC https://blog.nlnetlabs.nl/dns-over-quic-in-unbound/
=> More informations about this toot | View the thread
=> This profile with reblog | Go to nlnetlabs@fosstodon.org account This content has been proxied by September (3851b).Proxy Information
text/gemini
