Domain Name System Security Extensions (DNSSEC) 20 February 2012

Fedora Project Requesting Testers of DNSSEC-Trigger

By Dan YorkChief of Staff, Office of the CEO

FedoraProjectWant to help out a Linux project with DNSSEC? In a recent message to the Fedora Project developers list, Paul Wouters from Red Hat asked for people to help test the recent addition of DNSSEC-Trigger to the “rawhide” distribution of Fedora. As he says in the email:

In our efforts to push DNSSEC to the enduser, we have packaged our
initial DNSSEC reconfiguration utility.

Basically, this makes it possible to use DNSSEC on your laptop, while
moving between networks of which some are “friendly” man in the middle
attacks on DNS via hotspots and sign-ons. Some steps are still awaiting
further network-manager integration. We hope to be able to hide almost
everything from the user, but the network manager integration is not yet
complete. But we would really like get more feedback on how well it
works in various alien and broken networks out there (especially wifi
and 3G/LTE).

First, it’s awesome to see DNSSEC-Trigger get added into a Linux distribution. Kudos to Paul and the Fedora Project team for taking that step.

Second, if you are a Fedora user, or would like to help out with this effort to promote DNSSEC usage, please do read Paul’s email message and see if you can help out with the testing.

Note that while Paul mentions the Firefox add-on to support DNSSEC there is also a similar extension to add DNSSEC support to Google Chrome.

It’s great, too, to see what they have planned for future work on Fedora:

Planned for the near future:
- Less user interaction, more network manager integration
- automatic hot spot detection
- network manager vpn plugin support for DNS forward-zone
- phasing out the applet in favour of native network-manager support
- validate TLS certificates via DNSSEC (IETF DANE support)

And I did very much enjoy how Paul ended the message:

That’s it, go break your DNS and let us know how it went!

Again, it’s excellent to see this effort and I look forward to hearing how the testing goes and seeing this further expansion of DNSSEC capabilities in Fedora.

P.S. And yes, I’m thinking about where I might have a spare box where I could install Fedora specifically to play with this…

Domain Name System Security Extensions (DNSSEC), How the Internet Works, Internet Technologies, Open Internet Standards, Security, Supporting a Secure and Trustworthy Internet, Global,

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Recent Posts

Related Posts

Open Standards Everywhere 11 June 2020

Listen to the Hedge Podcast 39 to Learn about the Open Standards Everywhere Project

What is our Open Standards Everywhere (OSE) project all about? How did it get started? What are the project...

Internet Technologies 19 February 2019

DNS Privacy & IPv6 Security @ APTLD 75

The Internet Society will be actively contributing to the APTLD 75 meeting on 20-21 February 2019 in Dubai, United...

Domain Name System (DNS) 8 February 2019

DNS Flag Day

The 1st of February was DNS Flag Day, which is an initiative of several DNS vendors and operators to...