DelphinusDNS Blog

(the latest about delphinusdnsd)
  


Does delphinusdnsd have a slight memory leak?

May 25th, 2020

Really interested to what people are observing out there. Here is what I saw on a delphinusdnsd that was up 11 days:

_ddd     77316  0.0  0.1 18368 21128 ??  Sp     14May20    \
0:03.99 /usr/local/sbin/delphinusdnsd -l    
When restarting it and ps auxwww again, this is what I see:
_ddd     69292  0.0  0.1 16852 18192 ??  Sp      5:32PM    \
0:00.04 /usr/local/sbin/delphinusdnsd -l
The OS currently is OpenBSD 6.6 with all patches. I don't know if I have the energy in the next month to seriously look into this, right now I don't want to do the work. But it looks like there is a slight memory leak since this is the parent process and there can be no CoW (copy on write) paging. Hmm anyhow. That particular delphinusdnsd runs 10 zones. So rather small.

1 comment

What is iodine and how does it relate to DNS?

May 17th, 2020

I've been thinking of making an iodine-like feature in delphinusdnsd. Only I don't know when and if DNS Updates takes precedence. I was thinking of this for version 1.6 perhaps, or higher. So next year. So what's iodine? Iodine is a substance they give out to radiation victims in the vicinity of a nuclear disaster :-|. It has the atomic number 53 in the periodic table of the elements as far as I can remember. So it has something in common with DNS which uses the ports 53 (tcp and udp) for communication. The program iodine is a way to tunnel IP over DNS.

This in effect, if implanted into delphinusdnsd , would be going against the reason why delphinusdnsd was first created. Let me explain. When I first programmed wildcarddnsd (I was living in frankfurt at the time) it was to make a secure portal, and fake websites answers. But it didn't work because of DNS caching in solaris and windows. So you could say that delphinusdnsd is in a transformation from good to evil. The way I was envisioning doing the iodine-functionality would be with a tunnel connecting more than one nameservers to the master so that only the master answers the end-point. It won't be an IP tunnel but rather a tty tunnel and it would use /usr/bin/login for an operator of this tunnel to log in and get a pseudo terminal. This is just thoughts, I hope I can implement this some day.

0 comments

If you track -current be vigilant

May 7th, 2020

I just did some commits that, if they have a mistake, could be detrimental to the operation of delphinusdnsd. If you read this on the 7th of may and you want an up to date copy you can download a snapshot in the next 8 hours. and it will not have this change. If however you have nothing to lose, you can continue getting the newest. It takes me some time, as noticed on april 27th after two weeks roughly, to noticed bugs. I tested this change on centroid.eu so if anything breaks it will break big time for me. We'll see I guess.

1 comment

The DelphinusDNS project is on GITHUB

April 28th, 2020

I have finally done the work to synchronize the delphinusdnsd CVS repo with GITHUB's git. This takes down one TODO. The script to synchronize is run per crontab at the top of the hour.

You can find the GITHUB page here: delphinusdnsd@GITHUB. Much thanks to YASUOKA Masahiko for his cvs2gitdump python script. It took me a while to figure out, but it's so simple really.

0 comments

Fixed bug that was introduced April 11, 2020

April 27th, 2020

Tomorrows snapshot should have the fix. It affected signing with dddctl only. It wasn't easy to find the location of code, but eventually I found it.

0 comments

Tomorrows snapshot will have new feature

April 23rd, 2020

I have just committed this new feature, tcp-on-any-only, from commitlog:

Add the tcp-on-any-only flag to options.  This replies with a TC (truncate) on
any non-tcp request, causing determined clients to retry in TCP mode.  It is
long overdue to have this option, and the fix was very simple to do.
Basically I'm throwing more TC's in the UDP way of resolving. It will force some to retry with TCP.

1 comment

DNS, my history (in short form)

April 8th, 2020

Everyone uses DNS when they use the Internet, so I have been using DNS since 1994. But I used DNS on Open Source Operating Systems since Autumn 1995 (where I installed Linux while being in College).

At work starting in Autumn 1997 I was confronted working my first DNS server. It was BIND4 I believe. This prompted me to get my first DNS book which I still have today "DNS and BIND - Paul Albitz and Cricket Liu". A very helpful book, but at edition 3 it is outdated today.

The first DNS server i wrote was wildcarddnsd the predecessor of delphinusdnsd (in name only, same codebase). I started this in 2005, the first 15 years have passed.

In 2015 I first experimented with DNSSEC. The concept is super simple if you understand simple cryptography, but to me it was a learning curve. And this is my history (in short form) of using and implementing DNS.

0 comments

Regarding the rollover tests

April 7th, 2020

I have been talking a bit with DNS folks and they said it's probably best to go insecure and then secure again if an algorithm needs to be rolled. Sucks I know. There is recursive dns software that can't follow an alg rollover. So I'm planning on taking my zones insecure so that I can give them a new algorithm. When that will be I don't know yet.

0 comments

Important News that shouldn't be missed

April 2nd, 2020

I just put this on the news.html:

Development is ongoing. You should know that a delphinusdnsd before 
the month of April (that includes 1.4.1) cannot do a double-signature 
key rollover, even if the master is PowerDNS or similar, due to a bug 
with RRSIG's that was fixed on April 1st. If you don't plan on doing 
a key rollover until next year then go ahead with 1.4.1 otherwise use 
a snapshot.
I thought it was worthy of stressing this.

0 comments

Double-Signature Rollover Test

April 2nd, 2020

As you may know I attempted this yesterday and the code wasn't ready. So now it's in Progress. The test zone is called "dtschland.eu" which is a test zone of mine that I got on a reduced deal with joker.com years ago. I got this domain for 10 years at the time. It's paying off now. I'm trying to roll the ZSK from alg 10 to alg 13 as well. So this should be interesting.

1 comment

Next Page

Search

RSS Feed

Click here for RSS

Other links

Have feedback?

By clicking on the header of an article you will be served a cookie. If you do not agree to this do not click on the header. Thanks!

Using a text-based webbrowser?

... such as lynx? Welcome back it's working again for the time being.

Older Blog Entries


Powered by BCHS