NLnet Labs participates in various research projects which revolve around core Internet infrastructure. Here you can find an overview of the current projects we are participating in.
NGI0 PET - DNSSEC Key Signing Suite
- The DNSSEC protocol brings trust to the Domain Name System by guaranteeing the authenticity and integrity of data stored in the DNS. DNSSEC is increasingly used as a root of trust for Internet protocols. For example, leveraging the DNS-based Authentication of Named Entitities (DANE) protocol, servers used for the handling of e-mail can now securely communicate which public keys are trusted when establishing a TLS connection with these servers. This makes it of paramount importance that key material used for DNSSEC is well protected, especially higher up in the DNS hierarchy at top-level domains. Ideally, in such environments, it is desirable to store sensitive key material (such as the so-called Key Signing Key) offline, and to only use it when required. While some TLD operators already follow this practice, it is far from common, due to a lack of standardised tools and procedures. In this NGI0 PET project, funded by the European Commission, NLnet Labs will develop such standardised tools and procedures in collaboration with stakeholders in the industry.
- Learn more about NGI0 PET on the NLnet Foundation website.
The Root Canary project is a joint project of seven partners: SURFnet, the University of Twente, Northeastern University, NLnet Labs, SIDN Labs, the RIPE NCC and ICANN. The goal of this project is to monitor and measure the rollover of the DNSSEC root Key Signing Key (KSK), that is due to take place in 2018-2019.
This project has two main goals:
- Serve as a virtual canary in the coalmine, that signals problems DNSSEC-validating DNS resolvers may have during the Root KSK rollover process.
- Perform comprehensive measurements of the global DNS resolver population during the entire Root KSK rollover process, from the introduction of the new key until the removal of the old key. The results of these measurements can then be analysed after the process completes to draw lessons for future Root KSK rollover events.
While the actual project itself has now ended, the measurements that were part of the project have become part of NLnet Labs' DNSthough platform.
- This project is maintained on rootcanary.org.
The aim of the LIGHTest research project has been to create a global cross-domain trust infrastructure that renders it transparent and easy for verifiers to evaluate electronic transactions. By querying different trust authorities world-wide and combining trust aspects related to identity, business, reputation etc. it will become possible to conduct domain-specific trust decisions.
Funded under the EU’s Horizon 2020 programme, the project had fourteen partners from nine countries with a diverse background. NLnet Labs contributed its knowledge and experience of the DNS to the project.
- You can find more information on the LIGHTest Community Site.
The goal of the OpenINTEL project is to build reliable long-term datasets of the Domain Name System (DNS). Currently, OpenINTEL sends daily queries for a fixed set of common DNS record types for around 65% of the global namespace. Started in 2015 as a collaboration between SURFnet, SIDN and the University of Twente, OpenINTEL has already collected closed to 3 trillion DNS records that can be used to study the constantly evolving Internet.
OpenINTEL uses tools developed by NLnet Labs to power its measurement infrastructure, with LDNS serving as the Swiss army knife to send the billions of DNS queries and parse the result, and Unbound to perform the important task of resolving these queries. NLnet Labs also contributes DNS expertise and custom development for the measurement code of OpenINTEL.
- You can find more information on OpenINTEL on the project webpage openintel.nl.
The Self-Managing Anycast Networks for DNS (SAND) project is a collaboration between the University of Twente, SIDN and NLnet Labs. The goal of this project is to create resilient anycast DNS networks that can withstand global outages and large-scale DDoS attacks.
NLnet Labs contributes to SAND with its in-depth knowledge of BGP routing and DNS. In addition to this, NLnet Labs strives to adopt the open source tools developed as part of the SAND project.
- You can find more information on the SAND project webpage at sand-project.nl.
Outsourcing to the cloud is mainstream business practice. Oft-quoted security benefits of the cloud are availability of skilled staff, bandwidth and compute power to head off attacks. Yet recent outages call these benefits into question. MASCOT will rigorously study cloud resilience and use the outcome to support security-conscious cloud strategies.
The project consortium is led by the University of Twente, and includes SURF, Logius, KPN and NLnet Labs as partners. The project will run for four years from 2020 - 2023.
- The MASCOT project does not have its own webpage yet.