Jasper's allotment
Newsletter

⛱ The Things We Did Last Summer

We hope you enjoyed your summer! Our caipirinha-infused break was sprinkled with train trips and community gardening. 🍸🚂👩🏼‍🌾 Now that we're all back, it's time for a new edition of our newsletter "Of Trees and Tries", covering exciting new projects, releases and standards work we've been cooking up in the sunshine.
3 min read
Where Did My Packet Go? Measuring the Impact of RPKI ROV
Research

Where Did My Packet Go? Measuring the Impact of RPKI ROV

Merely doing RPKI ROV does not provide any guarantees where your packet ends up. We conducted an experiment where we look into the impact of RPKI ROV on whether the packet ends up in the intended location based on active beaconing with two servers.
7 min read
Journeying into XDP: XDPerimenting with DNS telemetry
Research

Journeying into XDP: XDPerimenting with DNS telemetry

By Luuk Hendriks The XDP programs we’ve so far described in this series have been actively modifying DNS packets to perform functions such as response rate limiting (RRL), cookies and padding. This time, we’ll look into a passive BPF-program which enables us to plot graphs of DNS metrics
9 min read
Running Krill under APNIC
RPKI

Running Krill under APNIC

As you may know APNIC offers their members the option of running their own delegated RPKI CA instead of using the APNIC portal RPKI service. Moreover, APNIC also allows their members to make use of the APNIC managed RPKI repository infrastructure for publication of their RPKI objects. The latter is
7 min read
Spring in Amsterdam
Newsletter Featured

The NLnet Labs Newsletter – Spring 2022

Welcome to our first newsletter, providing you with an update on what we've been doing over the last few months and what's coming up from your favourite open-source development crew below sea level. 👷‍♀️ In this edition: both our software development and Internet Governance activities get reinforced with new staff, the
7 min read
Journeying into XDP: Fully-fledged DNS service augmentation
Research

Journeying into XDP: Fully-fledged DNS service augmentation

By Willem Toorop In our previous post on using eXpress Data Path (XDP) for DNS, we discussed how a new XDP rate-limiting queries feature can augment a DNS service running in user space (with common DNS software) to deal with denial of service (DoS) attacks. Journeying into XDP: Part 0Network
16 min read
Of Donkeys, Mules & Horses
Routing Featured

Of Donkeys, Mules & Horses

A quest for the perfect data-structure to store and retrieve a full table of IP Prefixes, while maintaining the hierarchical relations.
25 min read
How To Run Krill Behind an NGINX Reverse Proxy
RPKI

How To Run Krill Behind an NGINX Reverse Proxy

Although Krill has a built-in HTTPS server, it may be desirable to run a production grade webserver as a reverse proxy in front of Krill. This allows easy TLS configuration and additional restrictions, if desired.
6 min read
SAD DNS and NLnet Labs DNS software
DNS

SAD DNS and NLnet Labs DNS software

Update 18 November 2021: we are aware of the follow-up paper published by the researchers. The text below remains accurate for Unbound users. Please note that Unbound 1.13.2 and newer has IPv6 PMTU disabled  for UDP. During the ACM CCS conference 2020, held November 9-13, researchers from UC
5 min read
DNS-over-HTTPS in Unbound
DNS

DNS-over-HTTPS in Unbound

A major step forward in end user privacy.
5 min read