Knot DNS
Knot DNS is an open-source authoritative-only server for the Domain Name System. It was created from scratch and is actively developed by CZ.NIC, the .CZ domain registry. The purpose of this project is to supply an alternative open-source implementation of an authoritative DNS server suitable for TLD operators to increase overall security, stability and resiliency of the Domain Name System. It is implemented as a multi-threaded daemon, using a number of programming techniques and data structures to make the server very fast, notably Read-copy-update or a special kind of a radix tree. Knot DNS uses a zone parser written in Ragel to achieve very fast loading of the zones at the startup. It is also able to add and remove zones on the fly by changing the configuration file and reloading the server using the 'knotc' utility. Since version 3.0.0, Knot DNS supports a high performance XDP mode in Linux, which can improve response performance significantly. Changelog New in 1.2.0 ... [...More Info...]       [...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]   |
|
DNS Server
A name server refers to the server component of the Domain Name System (DNS), one of the two principal namespaces of the Internet. The most important function of DNS servers is the translation (resolution) of human-memorable domain names (example.com) and hostnames into the corresponding numeric Internet Protocol (IP) addresses (192.0.2.1), the second principal name space of the Internet, which is used to identify and locate computer systems and resources on the Internet. Although it is typically used in reference to DNS (Domain Name System), the term name server may also be used for any computer application that implements a network service for providing responses to queries against a directory service which translates an often humanly meaningful, text-based identifier to a system-internal, often numeric identification or addressing component. This service is performed by the server in response to a service protocol request. Domain Name Server The Internet maintains two princ ... [...More Info...]       [...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]   |
|
PKCS 11
In cryptography, PKCS #11 is one of the Public-Key Cryptography Standards, and also refers to the programming interface to create and manipulate cryptographic tokens (a token where the secret is a cryptographic key). Detail The PKCS #11 standard defines a platform-independent API to cryptographic tokens, such as hardware security modules (HSM) and smart cards, and names the API itself "Cryptoki" (from "cryptographic token interface" and pronounced as "crypto-key", although "PKCS #11" is often used to refer to the API as well as the standard that defines it). The API defines most commonly used cryptographic object types ( RSA keys, X.509 certificates, DES/Triple DES keys, etc.) and all the functions needed to use, create/generate, modify and delete those objects. Usage Most commercial certificate authority (CA) software uses PKCS #11 to access the CA signing key or to enroll user certificates. Cross-platform software that needs to use smart cards uses PKCS #11, such as Mozi ... [...More Info...]       [...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]   |
|
Kqueue
Kqueue is a scalable event notification interface introduced in FreeBSD 4.1 in July 2000, also supported in NetBSD, OpenBSD, DragonFly BSD, and macOS. Kqueue was originally authored in 2000 by Jonathan Lemon, then involved with the FreeBSD Core Team. Kqueue makes it possible for software like nginx to solve the c10k problem. Kqueue provides efficient input and output event pipelines between the kernel and userland. Thus, it is possible to modify event filters as well as receive pending events while using only a single system call to kevent(2) per main event loop iteration. This contrasts with older traditional polling system calls such as poll(2) and select(2) which are less efficient, especially when polling for events on numerous file descriptors. Kqueue not only handles file descriptor events but is also used for various other notifications such as file modification monitoring, signals, asynchronous I/O events (AIO), child process state change monitoring, and timers which su ... [...More Info...]       [...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]   |
|
Epoll
epoll is a Linux kernel system call for a scalable I/O event notification mechanism, first introduced in version 2.5.44 of the Linux kernel. Its function is to monitor multiple file descriptors to see whether I/O is possible on any of them. It is meant to replace the older POSIX select(2) and poll(2) system calls, to achieve better performance in more demanding applications, where the number of watched file descriptors is large (unlike the older system calls, which operate in ''O''(''n'') time, epoll operates in ''O''(1) time). epoll is similar to FreeBSD's kqueue, in that it consists of a set of user-space functions, each taking a file descriptor argument denoting the configurable kernel object, against which they cooperatively operate. epoll uses a red–black tree (RB-tree) data structure to keep track of all file descriptors that are currently being monitored. API int epoll_create1(int flags); Creates an epoll object and returns its file descriptor. The flags parameter allo ... [...More Info...]       [...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]   |
|
Extension Mechanisms For DNS
Extension Mechanisms for DNS (EDNS) is a specification for expanding the size of several parameters of the Domain Name System (DNS) protocol which had size restrictions that the Internet engineering community deemed too limited for increasing functionality of the protocol. The first set of extensions was published in 1999 by the Internet Engineering Task Force as , also known as EDNS0 which was updated by in 2013 changing abbreviation slightly to EDNS(0). Motivation The Domain Name System was first developed in the early 1980s. Since then, it has been progressively enhanced with new features, while maintaining compatibility with earlier versions of the protocol. The restrictions in the size of several flags fields, return codes and label types available in the basic DNS protocol prevented the support of some desirable features. Moreover, DNS messages carried by UDP were restricted to 512 bytes, not considering the Internet Protocol (IP) and transport layer headers. Resorting t ... [...More Info...]       [...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]   |
|
List Of DNS Record Types
This list of DNS record types is an overview of resource records (RRs) permissible in zone files of the Domain Name System The Domain Name System (DNS) is a hierarchical and distributed naming system for computers, services, and other resources in the Internet or other Internet Protocol (IP) networks. It associates various information with domain names assigned to ... (DNS). It also contains pseudo-RRs. Resource records Other types and pseudo-RRs Other types of records simply provide some types of information (for example, an HINFO record gives a description of the type of computer/OS a host uses), or others return data used in experimental features. The "type" field is also used in the protocol for various operations. Obsolete record types Progress has rendered some of the originally defined record-types obsolete. Of the records listed at IANA, some have limited use, for various reasons. Some are marked obsolete in the list, some are for very obscure services, some are ... [...More Info...]       [...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]   |
|
DNS Over HTTPS
DNS over HTTPS (DoH) is a protocol for performing remote Domain Name System (DNS) resolution via the HTTPS protocol. A goal of the method is to increase user privacy and security by preventing eavesdropping and manipulation of DNS data by man-in-the-middle attacks by using the HTTPS protocol to encrypt the data between the DoH client and the DoH-based DNS resolver. By March 2018, Google and the Mozilla Foundation had started testing versions of DNS over HTTPS. In February 2020, Firefox switched to DNS over HTTPS by default for users in the United States. An alternative to DoH is the DNS over TLS (DoT) protocol, a similar standard for encrypting DNS queries, differing only in the methods used for encryption and delivery. Based on privacy and security, whether which protocol is superior is a matter of controversial debate; while others argue the merits of either depend on the specific use case. Technical details DoH is a proposed standard, published as RFC 8484 (October 2018) ... [...More Info...]       [...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]   |
|
User Datagram Protocol
In computer networking, the User Datagram Protocol (UDP) is one of the core communication protocols of the Internet protocol suite used to send messages (transported as datagrams in packets) to other hosts on an Internet Protocol (IP) network. Within an IP network, UDP does not require prior communication to set up communication channels or data paths. UDP uses a simple connectionless communication model with a minimum of protocol mechanisms. UDP provides checksums for data integrity, and port numbers for addressing different functions at the source and destination of the datagram. It has no handshaking dialogues, and thus exposes the user's program to any unreliability of the underlying network; there is no guarantee of delivery, ordering, or duplicate protection. If error-correction facilities are needed at the network interface level, an application may instead use Transmission Control Protocol (TCP) or Stream Control Transmission Protocol (SCTP) which are designed for this ... [...More Info...]       [...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]   |
|
Transmission Control Protocol
The Transmission Control Protocol (TCP) is one of the main protocols of the Internet protocol suite. It originated in the initial network implementation in which it complemented the Internet Protocol (IP). Therefore, the entire suite is commonly referred to as TCP/IP. TCP provides reliable, ordered, and error-checked delivery of a stream of octets (bytes) between applications running on hosts communicating via an IP network. Major internet applications such as the World Wide Web, email, remote administration, and file transfer rely on TCP, which is part of the Transport Layer of the TCP/IP suite. SSL/TLS often runs on top of TCP. TCP is connection-oriented, and a connection between client and server is established before data can be sent. The server must be listening (passive open) for connection requests from clients before a connection is established. Three-way handshake (active open), retransmission, and error detection adds to reliability but lengthens latency. Applica ... [...More Info...]       [...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]   |
|
EDNS Client Subnet
EDNS Client Subnet (ECS) is an option in the Extension Mechanisms for DNS that allows a recursive DNS resolver to specify the subnetwork for the host or client on whose behalf it is making a DNS query. This is generally intended to help speed up the delivery of data from content delivery networks, by allowing better use of DNS-based load balancing to select a service address near the client when the client computer is not necessarily near the recursive resolver. When an authoritative name server receives a DNS query, it takes advantage of ECS DNS extension to resolve the hostname to a CDN which is geolocationally near to the client IP's subnet, hence the client makes further requests to a nearby CDN, thereby reducing latency. The EDNS client subnet mechanism is specified in . Privacy and security implications Because ECS provides client network information to upstream resolver, the extension reveals some information about the client's location that the resolver would not other ... [...More Info...]       [...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]   |
|
GeoIP
In computing, Internet geolocation is software capable of deducing the geographic position of a device connected to the Internet. For example, the device's IP address can be used to determine the country, city, or ZIP code, determining its geographical location. Other methods include examination of Wi-Fi hotspots, Data sources An IP address is assigned to each device (e.g. computer, printer) participating in a computer network that uses the Internet Protocol for communication., ''DOD Standard Internet Protocol'' (January 1980) The protocol specifies that each IP packet must have a header which contains, among other things, the IP address of the sender. There are a number of free and paid subscription geolocation databases, ranging from country level to state or city—including ZIP/post code level—each with varying claims of accuracy (generally higher at the country level). These databases typically contain IP address data which may be used in firewalls, ad servers, routing, ... [...More Info...]       [...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]   |
|
TCP Fast Open
In computer networking, TCP Fast Open (TFO) is an extension to speed up the opening of successive Transmission Control Protocol (TCP) connections between two endpoints. It works by using a ''TFO cookie'' (a TCP option), which is a cryptographic cookie stored on the client and set upon the initial connection with the server. When the client later reconnects, it sends the initial SYN packet along with the TFO cookie data to authenticate itself. If successful, the server may start sending data to the client even before the reception of the final ACK packet of the three-way handshake, thus skipping a round-trip delay and lowering the latency in the start of data transmission. The cookie is generated by applying a block cipher keyed on a key held secret by the server to the client's, generating an authentication tag that is difficult for third parties to spoof, even if they can forge a source IP address or make two-way connections to the same server from other IP addresses. Although i ... [...More Info...]       [...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]   |