Archive for category Tools

EURid debuts YADIFA name server

The H Open reports about a new, open-source (BSD license), DNSSEC-enabled DNS server:

An open source DNS name server that supports DNSSEC and is designed to be authoritative has been released by EURid, the European Registry of Internet Domain Names. YADIFA is intended to be a lightweight alternative to more established projects; the developers say it was “built from scratch to face today’s DNS challenges, with no compromise on security, speed and stability”.

No Comments

Authenticated Denial of Existence

Effective immediately, this site will be renamed The .NL Gazette.  Well, maybe not, but the folks at SIDN, the .NL registry, just keep producing good stuff.

We’ve recently reported on their becoming DNSSEC operational  and their surpassing .COM in the number of signed zones.  A couple of months back we lauded their excellent DNSSEC tutorial.  We’ve also mentioned several of the tools they’ve NLNet Labs produced (NSD, Unbound, Dnssec-Trigger) when talking about labs and in our articles on adding DNSSEC validation to a $70 router and its performance.

[Correction 3 July 2012:  Why the strikeout above?  Olaf M. Kolkman of NLNet Labs points out that while SIDN and NLNet Labs have had a collaborative agreement since the beginning of this year, NSD, Unbound, and Dnssec-Trigger are products of NLNet Labs.   We’re just happy that both SIDN and NLNet Labs are helping advance DNSSEC and don’t for one second want to confuse the two just because they’re both in The Netherlands!   To further make things clear, neither SIDN nor NLNet Labs produce Koetjesreep, so don’t ask for a few bars.  Thanks for the correction, Olaf!]

Now it’s time to let people know about one of their more technical articles,
Authenticated Denial of Existence in the DNS  (277KB PDF).  We ran across it while trying to debug some validation software.

The article tells the story behind why negative responses must be signed and how they can state with security and certainty that a name/resource record type combination does not exist. The article augments RFCs 4033, 4034, 4035, and 5155.

It provides the kinds of additional information in narrative and graphic format that helps with understanding.  If you want to now how authenticated denial of existence works, check out the article.


No Comments