Deploy360 8 February 2014

Weekend Project: Test Out New DNSSEC Support In Dnsmasq

By Dan YorkDirector, Internet Technology

Dnsmasq iconIf you run your own small network and are comfortable working with Linux, Android, *BSD, Solaris or Mac OS X, here’s a great way you could help advance DNSSEC: Simon Kelley is looking for people to test the new DNSSEC functionality he included in his latest development version of dnsmasq.

If you are not familiar with dnsmasq, it is a DNS fowarder and DHCP server that is already included in many versions of Linux, including Debian, Suse, Fedora, Gentoo and others.  From the dnsmasq website:

Dnsmasq is a lightweight, easy to configure DNS forwarder and DHCP server. It is designed to provide DNS and, optionally, DHCP, to a small network. It can serve the names of local machines which are not in the global DNS. The DHCP server integrates with the DNS server and allows machines with DHCP-allocated addresses to appear in the DNS with names configured either in each host or in a central configuration file. Dnsmasq supports static and dynamic DHCP leases and BOOTP/TFTP/PXE for network booting of diskless machines.

Dnsmasq is targeted at home networks using NAT and connected to the internet via a modem, cable-modem or ADSL connection but would be a good choice for any smallish network (up to 1000 clients is known to work) where low resource use and ease of configuration are important.

If you have a bit of time and could help Simon out with some testing, he would greatly appreciate it – and if this can mean that we’ll be able to get DNSSEC validation happening out in so many more distributions of Linux that would be a great win for making the Internet more secure!

Please read Simon’s message and you may also want to scan the email thread to see if there are any more updates or issues found.

Kudos to Simon for making this happen – and also to Comcast for providing enough funding that Simon was able to work on this full-time for a bit to get it working.

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Improving Technical Security 15 March 2019

DNS Privacy Frequently Asked Questions (FAQ)

We previously posted about how the DNS does not inherently employ any mechanisms to provide confidentiality for DNS transactions,...

Improving Technical Security 14 March 2019

Introduction to DNS Privacy

Almost every time we use an Internet application, it starts with a DNS (Domain Name System) transaction to map...

Improving Technical Security 13 March 2019

IPv6 Security for IPv4 Engineers

It is often argued that IPv4 practices should be forgotten when deploying IPv6, as after all IPv6 is a...