News and updates

Unbound 1.7.0 released

Thu, 15 Mar 2018
Unbound 1.7.0 adds authority zones, for a local copy of the root zone, and also aggressive NSEC processing, for denial of nxdomain floods.
Unbound website. Direct Download. Changes.

NSD 4.1.20 released

Tue, 20 Feb 2018
This release fixes memory leaks when reading zonefiles and processing zone transfers.
NSD project page. Direct Download.

Net::DNS 1.15 released

Fri, 9 Feb 2018

The peculiar case of NSEC processing using expanded wildcard records

Tue, 30 Jan 2018
Unbound, Google public DNS, PowerDNS and Dnsmasq contained a flaw that made it possible to downgrade secure connections.
Blog post.

Bringing DNS Security and Privacy to the End User

Wed, 24 Jan 2018
How the getdns API project helps to achieve the goal of DNSSEC validation and DANE authentication at the end-points.
Blog post.

Unbound 1.6.8 released

Fri, 19 Jan 2018
Unbound 1.6.8 fixes CVE-2017-15105: vulnerability in the processing of wildcard synthesized NSEC records.
Unbound website. Direct Download. Changes.

NSD 4.1.19 released

Mon, 11 Dec 2017
This release fixes IPv6 for the notify sending feature from 4.1.18.
NSD project page. Direct Download.

DNSSEC trigger 0.15

Wed, 06 Dec 2017
This release fixes failure to start on OSX and Windows.
DNSSEC trigger project page. source. install exe. install dmg. Changes.

Privacy: Using DNS-over-TLS with the new Quad9 DNS Service

Mon, 20 Nov 2017
Hands-on install & configure of getdns and stubby to use DNS- over-TLS with Quad9 DNS service.
Blog post.

DNSSEC trigger 0.14

Tue, 10 Oct 2017
This release fixes install problems on OSX Sierra and High Sierra. The binary packages bundle the just-released unbound 1.6.7 that sends telemetry data about the root trust anchor.
DNSSEC trigger project page. source. install exe. install dmg. Changes.

Akkerhuis inductee Internet Hall of Fame

Tue, 19 Sep 2017
Jaap Akkerhuis, NLnet Lab's senior research engineer and longtime contributor to the Internet technical community, is inducted into the Internet Hall of Fame. Follow the link below to read more on the background and contributions of Jaap's work in the past 40 year.
Akkerhuis inductee IHoF2017.

NLnet Labs Annual Report 2016

Fri, 30 June 2017
We are happy to present NLnet Labs Annual report 2016. In it we present an overview of Labs' various activities and describe their impact.
Annual Report 2016 (PDF).

getdns 1.1.0 released

Thu, 13 Apr 2017
Functions for serving DNS. Stubby on board!
Announcement. Direct Download. API specification. Doxygen documentation.

ldns 1.7.0 released

Tue, 20 Dec 2016
Bugfixes and maintenance work, DANE verification delegated to OpenSSL functions, OpenSSL 1.1.0 support
ldns project page. Direct Download. Changes.

A Hybrid System for Automatic Exchanges of Routing Information

Fri, 2 December 2016
The exchange of routing information for BGP configurations is a critical functionality that help autonomous systems communicate with each other in an efficient and robust way. In this work, we propose a hybrid system for automatic exchange of routing information. It addresses security and benefits from using a hybrid model for achieving policy routing information exchange in an efficient way.
MSc. report (PDF).

Net::DNS::SEC 1.03 released

Fri, 26 Aug 2016

NSD 3.2.22 released

Tue, 14 Jun 2016
Bug fixes accrued before end of support. Note that 3.2.x has end-of-support.
NSD project page. Direct Download.

BGP Route Leaks Analysis

Fri, 6 Mar 2015
A route leak is a violation of the policies between the networks involved. In this project, we obtain routing information from differecent sources and make inferences to detect possible route leaks. These potential route leaks have been further investigated on their duration, the type of violation, and the type and origin of network that caused the leak-detection.
MSc. report (PDF).

BGP Evolution Analysis

Thu, 31 Jul 2014
The Internet has been growing rapidly for many years. A logical consequence of the growth trend is the increase in effort to discover reachability and routing information of all the networks. The project investigates the different components which together form the actual update message signal and tries to find a reason behind the growth factor.
MSc. report (PDF).

Measuring the Deployment of DNSSEC over the Internet

Thu, 2 Jul 2014
The deployment of DNSSEC is measured with the RIPE Atlas infrastructure. The results provide new insight on the distribution of DNSSEC support among resolvers, and notably show that around 90% of resolvers are DNSSEC-aware, and about 30% validate answers.
MSc. report (PDF).

Wed Sep 25 2013

© Stichting NLnet Labs

Science Park 400, 1098 XH Amsterdam, The Netherlands, subsidised by NLnet and SIDN.