- Delphinusdnsd 1.7.3 has been released on April 14th, 2023
addressing a security fix related to TSIG'ed AXFR's. If you are using
any version unter 1.7.3 it's time to upgrade either to the master branch
or to 1.7.3. This security vulnerability may have been played out in the
wild as a MITM on my nameservers, causing me to look for it.
- Delphinusdnsd 1.7.2 has been released on March 22nd, 2023
addressing the TXT segmentation problem with DNSSEC. It never affected
pure delphinusdnsd setups but when interoperating with another DNS server.
- Delphinusdnsd 1.7.1 has been released on January 26th, 2023
fixing a single segfault condition with TSIG'ed queries. This is a patch
release in the 1.7 branch.
- Delphinusdnsd 1.7.0 has been released on December 2nd, 2022.
Additions in RR's are EUI48, EUI64, HTTPS, SVCB, KX, and IPSECKEY Resource
Records. Other changes include: Some internal memory mapped regions were
enlarged in order to allow guard pages. The RAM footprint of
delphinusdnsd is quite a bit more now. A strictaxfr option was added to
only allow authenticated AXFR's before sending anything to replicants. Other
changes are documented in the CHANGES section and commit messages.
- Delphinusdnsd-1.6.2 has been released on May 17th, 2022.
Changes are backpatches from -current as of this date. In particular
answers to SRV and NAPTR RR's and ANY answers that include these records,
now don't compress DNS names in the RDATA section. Uncompressed names in
the SRV target and NAPTR replacement section is required by RFC.
- Milestone: On April 22nd, 2022 we have 1000 commits under the
delphinusdns name. The project in total is 5988 days old (as commit records
show), 2716 days under the delphinusdns name. We have
50667 lines of C and YACC code currently and it is big enough to fit just
about on a 1.44MB floppy (C and YACC code are 1210956 bytes, some images
would have to be discarded). We have two committers currently. We were
developed since day one on OpenBSD (then version 3.8, now version 7.1) and
we always tried to include the latest OpenBSD mitigations against attackers.
- Delphinusdnsd-1.6.1 has been released on March 22nd, 2022.
Changes are backpatches from -current as of this date which include among
others safer sandboxes by closing non-needed descriptors and a safety check
around the parsing of a given domain name in a payload.
- Delphinusdnsd-1.6.0 has been released on December 20th, 2021.
Changes include CDS/CDNSKEY and LOC RR addition. Please consult the
CHANGES file to get a list of what else was added and improved.
- Delphinusdnsd-1.5.2 has been released on February 25th, 2021. This
is a bug-fixes only release, addressing memory leakage in the new forwarding
engine. It doesn't fix them all but with weekly restarts this could be
manageable. A mishap with the 1.5.1 version, caused a compile fix and was
- Delphinusdnsd-1.5.0 has been released on November 24th, 2020. New
- RP, HINFO, CAA RR support
- added a cortex process for IPC between processes.
- added a forwarding mode with cache (TSIG protected is recommended).
- ... and some more found in the file CHANGES in the downloaded source.
- Delphinusdnsd-1.4.3 has been released on July 30th, 2020. It
features a bunch of backpatches from -current.
- AXFR poison prevention patch (security)
- Hangup AXFR corruption prevention patch (reliability)
- a better description of an error when /etc/delphinusdnsd/replicant is not
owned by _ddd or other configured user (DEFAULT_PRIVILEGE)
- correct use of mkstemp() following it with fdopen() instead of fopen()
- an uninitialized variable used in accept() which prevented dddctl to
restart/stop delphinusdnsd (found on Linux, possibly fixed other OS's too).
This is hopefully the last release in the 1.4 branch, with 1.5.0 release happening in two to three months (november at the latest).
- After several years of having a CVSweb online repo browser, cvsweb has been retired. What remains is a Gotweb repo in its place. I will eventually switch entirely from CVS to Git (or Got) by the end of this year, marking an end of 15 years of development with CVS. I should be CVS-free by the 1.5.0 release.
- Snapshot configfiles after July 15, 2020 will have to have a version of 1
instead of 9, I've rolled back. Also note that online manpages will have a
version 1, where delphinusdnsd 1.4.X require a version 9. More in the blog.
- Delphinusdnsd-1.4.2 has been released on July 9th, 2020. It
features a small backport fixing REFUSED answers.
- Delphinusdnsd is found on GITHUB, synced every hour from the master CVS
repo. Here is the
- Development is ongoing. You should know that a delphinusdnsd before the
month of April (that includes 1.4.1) cannot do a double-signature key rollover,
even if the master is PowerDNS or similar, due to a bug with RRSIG's that
was fixed on April 1st. If you don't plan on doing a key rollover until
next year then go ahead with 1.4.1 otherwise use a snapshot.
- Delphinusdnsd-1.4.1 has been released on February 4, 2020.
It fixes mostly the Linux port, no new features since 1.4.0 a reliability fix.
One possible off-by-one was fixed affecting all platforms.
- Delphinusdnsd-1.4.0 has been released on January 2nd, 2020. Enjoy!
Changes include TSIG additions , AXFR replicant mode, TXT changes, new internal
database, a query tool and a new algorithm support (alg 13). See a more complet
e list in CHANGES file in the source.
- I now have a blog. Follow the blog hyperlink for news and updates
regarding DNS and delphinusdnsd
- Good news. The ECDSAP256SHA256 Algorithm (13) is now supported with
dddctl on July 6th, 2019, but it's not default yet (as recommended by RFC 8624).
Grab tomorrow's snapshot and also benefit of a signing bugfix that also
covers RSA signing.
- A change in snapshot's gets rid of notify keywords after June 26, 2019. Please see commit revision 1.67 (e141bddad128f3188bdfe7bb7fab178aab398e3e)
- When using DNSSEC signed and non-signed zones on the same server, there
was a bug with non-signed answers when the DO bit was set on the query, as
of April 7th, 2019 this was fixed.
- TSIG queries, notifies and axfr's are supported after March 1st, 2019.
However treat the snapshots aka -current with great care as it's not
- Three bugs in snapshots from February 15th until February 24th (2019) were
it affected non-DNSSEC'ed MX and DNSSEC'ed NSEC3PARAM answers. Another one
was found, (a server crash) when someone looked up the root zone. As of
today this is fixed, I'm sorry for this.
- A new query tool is part of dddctl now, check it out, it will eventually
help delphinusdnsd become a replicant (slave) zoned server. It's like dig.
- Snapshots are made again at midnight after February 10th, 2019, after
having stopped when I moved the web server on January 24th, 2019.
Sorry for inconvenience.
- Delphinusdnsd now uses a control socket to start, restart and stop the daemon, signals handling is retained. After January 29th, 2019 use only a -HUP to the master process to restart the running daemon and use dddctl from then on.
- A KSK rollover has been performed on January 11th, 2019 with dddctl, it will take a little more testing then rollover with same algorithms are ready. Please see the handbook on how to roll a KSK key.
- Since last saturday Nov. 17, 2018, this site is TLS encrypted. Make sure you see the
lock when you visit and do downloads. For backwards compatibility unencrypted
access still works.
- OpenBSD 6.4+ users rejoice, the delphinusdnsd-current is now unveil(2)'ed
grab a snapshot after midnight CEST on the 20th of October, 2018 and it'll have the
unveil bits in the source.
- After half a release cycle DelphinusDNS 1.3.0 has been released on July 17, 2018.
- DelphinusDNSD 1.2.1 has been released on January 1, 2018.
- On January 1, 2018 the zone delphinusdns.org was signed with a 4096 bit RSA-512 key.
- DelphinusDNSD 1.2.0 has been released on December 27, 2017.
- On June 27, 2017 the domain delphinusdns.org was registered for this project.
- DelphinusDNSD 1.1.0 has been released on January 28, 2017.
- DelphinusDNSD 1.0.2 has been released on May 26, 2016.
- DelphinusDNSD 1.0.1 has been released on January 29, 2016.
- DelphinusDNSD 1.0.0 has been released on January 1, 2016.