Knot DNS 2.1 introduced support for DNSSEC signing using PKCS #11. PKCS #11 (also called Cryptoki) is a standard interface to access various Hardware Security Modules (HSM). Such devices are usually used to improve protection of private key material. The interface is rather flexible and gives the HSM vendors huge amount of freedom, which unfortunately makes its use a bit tricky. There are often surprising differences between individual implementations.
Scripting in Knot DNS Resolver
This week I was approached by a man dressed in platypus pyjamas, he asked me: “These layers and modules you talk about, they’re cool. But can it be even better?”. After the initial costume distraction wore off, I pondered a bit and said: “Sure, let me just grab a cup of coffee”. The real story is that the layers are now much more interactive, and the documentation is improved.
Embedding LuaJIT in 30 minutes (or so)
Since you’re reading this, you probably know Lua, the world’s most infuriating language. If not, hop on to Lua in 15 minutes to get the basics right. Now there are two types of use cases where Lua shines – as a tiny script/configuration language, and for high-performance data processing (with JIT). I went through both of them with kresd, and wrote down some notes.
Knot recursive fortnightly, August 11th 2015
validator – need for speed – RPZ – views – new tests
New Features in Knot DNS 2.0
It has been a few weeks since the final version of Knot DNS 2.0 came out. While it’s still fresh, I would like to explain our motivation for this new major version and also to summarize the most important changes included in this significant release.
Knot DNS recursive weekly, July 24th 2015
IETF93 – prefetching and predictions – more cwrap – validating signatures
Knot DNS recursive weekly, July 15th 2015
I/O improvements – documenting – validation – Happy Eyeballs
Knot DNS recursive weekly, Blocking queries for fun and profit
A short tutorial on how to block DNS slow-drip attack with kresd.
Making of Knot DNS Resolver
A storified tale of how we’re baking a modern resolver the hard way. Ingredients included.