From d5b0a63332eaa74bf21822f38dfde7ec9898d3f4 Mon Sep 17 00:00:00 2001
From: Josh Aas <jaas@kflag.net>
Date: Tue, 17 Dec 2024 21:46:39 -0500
Subject: [PATCH] Update Hickory DNS page.

---
 content/en/initiative/dns.html             | 20 ++++++++++++----
 content/en/initiative/dns/dns-work-plan.md | 28 ----------------------
 2 files changed, 16 insertions(+), 32 deletions(-)
 delete mode 100644 content/en/initiative/dns/dns-work-plan.md

diff --git a/content/en/initiative/dns.html b/content/en/initiative/dns.html
index 68813c3..b0c103b 100644
--- a/content/en/initiative/dns.html
+++ b/content/en/initiative/dns.html
@@ -16,18 +16,30 @@ <h2>The Story</h2>
 While there are many DNS implementations out there, including some memory safe ones, there are no open source, high performance, memory safe, fully recursive DNS resolvers. Until that exists, many DNS operators will continue to deploy DNS software written in languages that are not memory safe, putting critical Internet infrastructure at risk.
 </p>
 <p>
-ISRG's Let's Encrypt certificate authority would be amongst the first to deploy it. Making many recursive requests per second, Let’s Encrypt can help prove Hickory’s performance at scale. Meanwhile, Hickory will harden a critical part of the Let’s Encrypt infrastructure stack thanks to its use of a memory safe language.
+We are investing in a DNS implementation called <a href="https://github.com/hickory-dns/hickory-dns">Hickory DNS</a>, started in 2015 by <a href="https://github.com/bluejekyll">Benjamin Fry</a>. Our goal is to make Hickory the most secure high performance resolver out there.
+</p>
+
+<h2>What We've Done</h2>
+
+* During 2023 Prossimo provided support for <a href="https://www.memorysafety.org/blog/announcing-hickory-dns/">rebranding to Hickory DNS</a>.
+* During 2024 ISRG staff member David Cook made numerous improvements, particularly targeting the needs of ISRG's <a href="https://letsencrypt.org/">Let's Encrypt</a> certificate authority.
+* In November of 2024 a third party security audit was completed and issues found were remediated.
+* In December of 2024 Ferrous Systems completed a contract in which they made huge improvements to DNSSEC and NSEC3 support for the recursive resolver.
+
+<p>
+We'd also like to note that while we have been making our investments, the broader Hickory DNS community has grown rapidly. We're excited to see all of the new contributors and the great work they are doing!
 </p>
 
 <h2>What's Next</h2>
 
 <p>
-<a href="https://github.com/hickory-dns">Hickory</a> is one of the most promising memory safe DNS resolvers out there. It’s an open-source project started in 2015 by <a href="https://github.com/bluejekyll">Benjamin Fry</a> as an exploration of a memory safe DNS implementation in the Rust programming language. Hickory is now ready for use in production, though we will be making <a href="/initiative/dns/dns-work-plan/">additional investments</a> in features, security, and performance. Our goal is for Hickory to be one of the most attractive resolvers for many use cases.
+Our current goal is to get Hickory ready for deployment at Let's Encrypt. Making many thousands of recursive requests per second, Let’s Encrypt can help prove Hickory’s performance at scale. Meanwhile, Hickory will harden a critical part of the Let’s Encrypt infrastructure stack thanks to its use of a memory safe language. We are hard at work on the relevant issues.
 </p>
 
 <h2>Links</h2>
 
 <ul>
-  <li><a href="/initiative/dns/dns-work-plan/">Work Plan</a></li>
-  <li><a href="https://github.com/hickory-dns">Hickory on GitHub</a></li>
+  <li><a href="https://github.com/hickory-dns">Hickory DNS on GitHub</a></li>
+  <li><a href="https://ferrous-systems.com/blog/hickory-dns-client/">Ferrous Systems: Security in hickory-dns</a>
+  <li><a href="https://discord.gg/89nxE4n">Hickory DNS on Discord</a>
 </ul>
diff --git a/content/en/initiative/dns/dns-work-plan.md b/content/en/initiative/dns/dns-work-plan.md
deleted file mode 100644
index eb36280..0000000
--- a/content/en/initiative/dns/dns-work-plan.md
+++ /dev/null
@@ -1,28 +0,0 @@
----
-title: Hickory DNS
-slug: dns-work-plan
-background: dce0e9
-image: /images/blog/Hickory-DNS.png
----
-
-<h2>Work Plan</h2>
-
-**1. Prepare for Let's Encrypt deployment**
-
-Complete improvements needed in order to deploy to Let’s Encrypt. This is important because it makes DNS safer for Let’s Encrypt but also because it will demonstrate to other potential users that the resolver can function well in a demanding environment.
-
-* <a href="https://github.com/bluejekyll/trust-dns/issues/1718">Add support for DNSSEC validation for recursive queries</a>
-* <a href="https://github.com/bluejekyll/trust-dns/issues/10">Add support for NSEC(3)</a>
-* <a href="https://github.com/bluejekyll/trust-dns/issues/1719">Add support for IP allow lists for inbound connections</a>
-* <a href="https://github.com/bluejekyll/trust-dns/issues/1722">Add support for a denylist for outbound ports</a>
-* <a href="https://github.com/bluejekyll/trust-dns/issues/1723">Add support for a “do-not-query” list</a>
-* <a href="https://github.com/bluejekyll/trust-dns/issues/1720">Add support for cache policies by record type</a>
-* <a href="https://github.com/bluejekyll/trust-dns/issues/1721">Add support for NS round-robin to reduce triggering rate-limiting</a>
-
-**2. Security audit**
-
-A third party security audit will be performed and findings will be addressed.
-
-**3. Performance improvements**
-
-Improve performance (queries/second, CPU and memory usage) such that the resolver can be used in the most critical and demanding environments.