The Story
DNS is as critical as Internet infrastructure gets. DNS translates domain names into IP addresses, so just about every client and server depends on making frequent DNS lookups. DNS implementations need to be secure.
While there are many DNS implementations out there, including some memory safe ones, there are no open source, high performance, memory safe, fully recursive DNS resolvers. Until that exists, many DNS operators will continue to deploy DNS software written in languages that are not memory safe, putting critical Internet infrastructure at risk.
We are investing in a DNS implementation called Hickory DNS, started in 2015 by Benjamin Fry. Our goal is to make Hickory the most secure high performance resolver out there.
What We've Done
- During 2023 Prossimo provided support for rebranding to Hickory DNS.
- During 2024 ISRG staff member David Cook made numerous improvements, particularly targeting the needs of ISRG's Let's Encrypt certificate authority.
- In November of 2024 a third party security audit was completed and issues found were remediated.
- In December of 2024 Ferrous Systems completed a contract in which they made huge improvements to DNSSEC and NSEC3 support for the recursive resolver.
We'd also like to note that while we have been making our investments, the broader Hickory DNS community has grown rapidly. We're excited to see all of the new contributors and the great work they are doing!
What's Next
Our current goal is to get Hickory ready for deployment at Let's Encrypt. Making many thousands of recursive requests per second, Let’s Encrypt can help prove Hickory’s performance at scale. Meanwhile, Hickory will harden a critical part of the Let’s Encrypt infrastructure stack thanks to its use of a memory safe language. We are hard at work on the relevant issues.
Links
More from the Prossimo blog
Funders
