Delphinusdnsd

News

• Delphinusdnsd 1.7.3 has been released on April 14th, 2023 addressing a security fix related to TSIG'ed AXFR's. If you are using any version unter 1.7.3 it's time to upgrade either to the master branch or to 1.7.3. This security vulnerability may have been played out in the wild as a MITM on my nameservers, causing me to look for it.

• Delphinusdnsd 1.7.2 has been released on March 22nd, 2023 addressing the TXT segmentation problem with DNSSEC. It never affected pure delphinusdnsd setups but when interoperating with another DNS server.

• Delphinusdnsd 1.7.1 has been released on January 26th, 2023 fixing a single segfault condition with TSIG'ed queries. This is a patch release in the 1.7 branch.

• Delphinusdnsd 1.7.0 has been released on December 2nd, 2022. Additions in RR's are EUI48, EUI64, HTTPS, SVCB, KX, and IPSECKEY Resource Records. Other changes include: Some internal memory mapped regions were enlarged in order to allow guard pages. The RAM footprint of delphinusdnsd is quite a bit more now. A strictaxfr option was added to only allow authenticated AXFR's before sending anything to replicants. Other changes are documented in the CHANGES section and commit messages.

• Delphinusdnsd-1.6.2 has been released on May 17th, 2022. Changes are backpatches from -current as of this date. In particular answers to SRV and NAPTR RR's and ANY answers that include these records, now don't compress DNS names in the RDATA section. Uncompressed names in the SRV target and NAPTR replacement section is required by RFC.

• Milestone: On April 22nd, 2022 we have 1000 commits under the delphinusdns name. The project in total is 5988 days old (as commit records show), 2716 days under the delphinusdns name. We have 50667 lines of C and YACC code currently and it is big enough to fit just about on a 1.44MB floppy (C and YACC code are 1210956 bytes, some images would have to be discarded). We have two committers currently. We were developed since day one on OpenBSD (then version 3.8, now version 7.1) and we always tried to include the latest OpenBSD mitigations against attackers.

• Delphinusdnsd-1.6.1 has been released on March 22nd, 2022. Changes are backpatches from -current as of this date which include among others safer sandboxes by closing non-needed descriptors and a safety check around the parsing of a given domain name in a payload.

• Delphinusdnsd-1.6.0 has been released on December 20th, 2021. Changes include CDS/CDNSKEY and LOC RR addition. Please consult the CHANGES file to get a list of what else was added and improved.

• Delphinusdnsd-1.5.2 has been released on February 25th, 2021. This is a bug-fixes only release, addressing memory leakage in the new forwarding engine. It doesn't fix them all but with weekly restarts this could be manageable. A mishap with the 1.5.1 version, caused a compile fix and was tested thoroughly.

• Delphinusdnsd-1.5.0 has been released on November 24th, 2020. New features include:
  • RP, HINFO, CAA RR support
  • added a cortex process for IPC between processes.
  • added a forwarding mode with cache (TSIG protected is recommended).
  • ... and some more found in the file CHANGES in the downloaded source.

• Delphinusdnsd-1.4.3 has been released on July 30th, 2020. It features a bunch of backpatches from -current.
  • AXFR poison prevention patch (security)
  • Hangup AXFR corruption prevention patch (reliability)
  • a better description of an error when /etc/delphinusdnsd/replicant is not owned by _ddd or other configured user (DEFAULT_PRIVILEGE)
  • correct use of mkstemp() following it with fdopen() instead of fopen()
  • an uninitialized variable used in accept() which prevented dddctl to restart/stop delphinusdnsd (found on Linux, possibly fixed other OS's too).
  • This is hopefully the last release in the 1.4 branch, with 1.5.0 release happening in two to three months (november at the latest).
  • After several years of having a CVSweb online repo browser, cvsweb has been retired. What remains is a Gotweb repo in its place. I will eventually switch entirely from CVS to Git (or Got) by the end of this year, marking an end of 15 years of development with CVS. I should be CVS-free by the 1.5.0 release.
  • Snapshot configfiles after July 15, 2020 will have to have a version of 1 instead of 9, I've rolled back. Also note that online manpages will have a version 1, where delphinusdnsd 1.4.X require a version 9. More in the blog.

• Delphinusdnsd-1.4.2 has been released on July 9th, 2020. It features a small backport fixing REFUSED answers.
• Delphinusdnsd is found on GITHUB, synced every hour from the master CVS repo. Here is the github site.
• Development is ongoing. You should know that a delphinusdnsd before the month of April (that includes 1.4.1) cannot do a double-signature key rollover, even if the master is PowerDNS or similar, due to a bug with RRSIG's that was fixed on April 1st. If you don't plan on doing a key rollover until next year then go ahead with 1.4.1 otherwise use a snapshot.
• Delphinusdnsd-1.4.1 has been released on February 4, 2020. It fixes mostly the Linux port, no new features since 1.4.0 a reliability fix. One possible off-by-one was fixed affecting all platforms.
• Delphinusdnsd-1.4.0 has been released on January 2nd, 2020. Enjoy! Changes include TSIG additions , AXFR replicant mode, TXT changes, new internal database, a query tool and a new algorithm support (alg 13). See a more complet e list in CHANGES file in the source.
• I now have a blog. Follow the blog hyperlink for news and updates regarding DNS and delphinusdnsd
• Good news. The ECDSAP256SHA256 Algorithm (13) is now supported with dddctl on July 6th, 2019, but it's not default yet (as recommended by RFC 8624). Grab tomorrow's snapshot and also benefit of a signing bugfix that also covers RSA signing.
• A change in snapshot's gets rid of notify keywords after June 26, 2019. Please see commit revision 1.67 (e141bddad128f3188bdfe7bb7fab178aab398e3e)
• When using DNSSEC signed and non-signed zones on the same server, there was a bug with non-signed answers when the DO bit was set on the query, as of April 7th, 2019 this was fixed.
• TSIG queries, notifies and axfr's are supported after March 1st, 2019. However treat the snapshots aka -current with great care as it's not released yet.
• Three bugs in snapshots from February 15th until February 24th (2019) were found, it affected non-DNSSEC'ed MX and DNSSEC'ed NSEC3PARAM answers. Another one was found, (a server crash) when someone looked up the root zone. As of today this is fixed, I'm sorry for this.
• A new query tool is part of dddctl now, check it out, it will eventually help delphinusdnsd become a replicant (slave) zoned server. It's like dig.
• Snapshots are made again at midnight after February 10th, 2019, after having stopped when I moved the web server on January 24th, 2019. Sorry for inconvenience.
• Delphinusdnsd now uses a control socket to start, restart and stop the daemon, signals handling is retained. After January 29th, 2019 use only a -HUP to the master process to restart the running daemon and use dddctl from then on.
• A KSK rollover has been performed on January 11th, 2019 with dddctl, it will take a little more testing then rollover with same algorithms are ready. Please see the handbook on how to roll a KSK key.
• Since last saturday Nov. 17, 2018, this site is TLS encrypted. Make sure you see the lock when you visit and do downloads. For backwards compatibility unencrypted access still works.
• OpenBSD 6.4+ users rejoice, the delphinusdnsd-current is now unveil(2)'ed grab a snapshot after midnight CEST on the 20th of October, 2018 and it'll have the unveil bits in the source.
• After half a release cycle DelphinusDNS 1.3.0 has been released on July 17, 2018.
• DelphinusDNSD 1.2.1 has been released on January 1, 2018.
• On January 1, 2018 the zone delphinusdns.org was signed with a 4096 bit RSA-512 key.
• DelphinusDNSD 1.2.0 has been released on December 27, 2017.
• On June 27, 2017 the domain delphinusdns.org was registered for this project.
• DelphinusDNSD 1.1.0 has been released on January 28, 2017.
• DelphinusDNSD 1.0.2 has been released on May 26, 2016.
• DelphinusDNSD 1.0.1 has been released on January 29, 2016.
• DelphinusDNSD 1.0.0 has been released on January 1, 2016.