The roots of NLnet Labs have their origins in NLnet, but we have been completely independent organisations for over a decade.

In 1994, the NLnet foundation created NLnet B.V., a commercial arm that pioneered the worlds first dial-in and ISDN infrastructure with full country coverage. In 1997 these commercial activities were sold to UUnet (now Verizon). Since that time the NLnet foundation has focussed on supporting the open Internet and the privacy and security of internet users. NLnet's core business is to support independent organisations and people that contribute to an open information society.

For long term research projects, NLnet Labs was founded in 1999 by the board members of NLnet and Ted Lindgreen. The first activities were focussed on creating an implementation for DNSSEC, as well as the Globe research project which focussed on the scalability issues of wide-area distributed applications.

In 2001, all 13 DNS rootservers ran BIND-8 software, which carried the risk that a single bug could affect all implementations. The RIPE NCC, as the maintainer of one of the rootservers (K-root), asked NLnet Labs to write a DNS implementation geared especially to rootservers, but not containing any code of existing software. This marked the start of the development of NSD, the authoritative nameserver package.

Over the following years the number of software and research projects expanded, such as the addition of Ldns, a C library aimed at simplifying DNS programming. NLnet Labs also deepened their involvement in Internet Governance and the technical community, participating in ICANN’s Security and Stability Advisory Committee (SSAC), the ENISA Permanent Stakeholders’ Group (PSG), conferences such as IETF and RIPE meetings and becoming a member of OARC, the DNS Operations, Analysis, and Research Center.

In 2007, NLnet Labs started work on Unbound, the validating caching resolver. In collaboration with project members from Nominet, Verisign and Kirei, a C implementation was built based on the Java package from Verisign and Nominet. NLnet Labs used the same lean and mean design philosophy from NSD, which meant a highly performant package could be presented by the end of that year. In the mean time, NSD was being used in production on various rootservers such as the L and K root, as well as several top-level domain registries such as .DE, .BR, and .UK.

In addition to an increased interest in inter-domain routing research, NLnet Labs joined the collaborative OpenDNSSEC project in 2008. The initial members of the OpenDNSSEC project were .SE, Kirei, John A Dickinson, Nominet, and NLnet Labs, joined by SIDN and SURFnet. NLnet Labs initial contribution to the project had mainly been in supplying the elements that carry “DNS intelligence”. The cryptographic and management components had been produced by other partners in the project, but have since been taken over by NLnet Labs, who is now the sole maintainer of the project.

In 2017 NLnet Labs started work on software in the area of inter-domain routing. These projects were developed exclusively in the Rust programming language. To support routing security, we are developing a full featured Resource Public Key Infrastructure (RPKI) toolset to help prevent BGP hijacking. This includes the Certificate Authority software Krill, Relying Party software Routinator and the toolkit RTRTR. To help operators analyse the RPKI, the JDR service was launched in 2020.

In 2021, more generic tooling for BGP routing is being developed as well with the routecore and rotonda projects. At the same time, the experiences with Rust are finding their way into the DNS development work as well, with the domain library as the first result.