Since its first release, FRED has come a long way and has changed significantly. From a relatively small original project, over time it has grown to include modules related to the registry and the time has come for it to get a more significant reconstruction. There have also been shifts in the way the interface is designed, in the project management, as well as technological changes. The original method with a distinctive interface for each client gave way to more general and smaller interfaces, which each client can combine according to their needs. Similarly, we are moving towards modular source code architecture and last but not least, we are replacing Corba technology with gRPC. Another significant disadvantage for the large system is the narrow and poorly defined interdependence of individual parts, which slows down its response to new queries.
Dear readers of our blog, thank you for your support and we wish you a Merry Christmas and a Happy New Year. We look forward to seeing you in 2021.
The CZ.NIC team
It is no longer “trending”, but at the dawn of the millennium, the increasing globalization together with the rise of modern technology and especially the Internet gave birth to the term “Follow the Sun”. For the young or old and forgetful, here is what it was all about. For example, while online services that usually require continuous operation and worldwide accessibility at any given time, a service may stop working or become inaccessible to some users. Anytime. How to provide technical support for such service without forcing employees to be awake at night in a certain time zone? Spread the workers around the world so that you always have someone who has daytime (the Sun over their head) and can provide support for the online service. And if the worker can’t solve the issue, they would pass it to the next one in the direction of the moving sun, who would finish the job. The fact that the time needed to solve the request was not measured in hours, but in the number of revolutions of the request around the Earth, is not so important.
In this post, we describe the differences between the two widespread protocols for DNS encryption: DNS-over-TLS (DoT) and DNS-over-HTTPS (DoH). We compare the technical aspects of those protocols as well as their implications on user privacy. We also introduce Knot Resolver’s new built-in DoH support and explain some of our design decisions behind DoH.
The Internet is flooded with news about a new attack against DNS protocol called Side channel AttackeD DNS, or in short SAD DNS. The attack is described in detail in Cloudflare’s blog and I strongly recommend you to read it to grasp how it works and why it is novel.
Ten years ago, mojeID, an authenticated online identity service, was launched. This happened after a three-month trial run and about a year after the announcement of the intention to the local online community. For me personally, October 26, 2010 was only my 42nd day in CZ.NIC, where I was brought by a somewhat mysterious-looking job advertisement promising, among other things, a chance to witness the infrastructure of the Czech Internet being formed. From the very beginning, MojeID has been associated with great expectations and from today’s point of view it can be said with a little exaggeration that we were ahead of our times with it. But let’s get back to that later.
Recently, version 3.0 of Knot DNS – an open-source implementation of an authoritative DNS server – has been released. Despite the version number, the software isn’t changing much. There are slightly more new features than in common feature releases such as 2.9. However, the features added in 3.0 don’t change any behaviour, unless the user turns them on. The migration from 2.9 to 3.0 is therefore seamless.
CZ.NIC Laboratories released the first public version of DNS Probe. It is a high-performance DNS traffic capture tool developed as a part of the ADAM project. Its essential function is to listen on a network interface, capture DNS traffic (both UDP and TCP), pair DNS queries with corresponding responses, and export consolidated records about every single DNS transaction observed on the wire. DNS Probe can be deployed either on the same machine as the DNS server, or on a separate monitoring computer that receives an exact copy of the DNS server’s traffic (e.g. via switch port mirroring).
We have released a new version of Turris OS 5.0. It is based on top of OpenWrt 19.07.3 with our patches and feed for all of Turris routers. In this article, we will go through new features and changes, including experimental migration from the Turris OS 3.x version. We will mention a few obstacles we faced during the development and introduce several features you can expect in future releases.
DNS resolvers are constantly adding features while not removing any, but this trend cannot continue indefinitely because the software would eventually break under its own weight. Which features are used in practice and which can be safely removed? We present preliminary results of a survey among DNS resolver administrators, and also invite readers to participate in cross-vendor survey which is open until 2020-06-30.