Deploy360 16 March 2014

Weekend Project: Try Out “Bloodhound”, A Web Browser With Full DNSSEC Support

By Dan YorkDirector, Internet Technology

bloodhoundHere is a quick project to try out this weekend… download and try out the Bloodhound web browser from the DNSSEC Tools Project.

This web browser is a modified version of Mozilla Firefox that supports local validation of DNSSEC and also usage of the DANE protocol.  The cool part about Bloodhound is that it validates ALL web addresses used in the building of a web page, i.e. it is not just validating only the main URL for a site.  Given that many web pages today make many calls to other web sites for various components and pieces of the site, Bloodhound will ensure that all of those are validated via DNSSEC.

Once you have Bloodhound installed, you can visit our lists:

where you should see failures happen when you attempt to go to the “bad” sites.

More information about how to configure Bloodhound is available on the DNSSEC Tools Project website.  The Bloodhound browser was created as an experimental project to advance DNSSEC deployment and as a test bed for how DNSSEC validation can be build directly into applications.  If you have feedback or would like to get more information, please see the bottom of the Bloodhound web page for how to get in touch with the folks at the DNSSEC Tools Project.

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Improving Technical Security 15 March 2019

DNS Privacy Frequently Asked Questions (FAQ)

We previously posted about how the DNS does not inherently employ any mechanisms to provide confidentiality for DNS transactions,...

Improving Technical Security 14 March 2019

Introduction to DNS Privacy

Almost every time we use an Internet application, it starts with a DNS (Domain Name System) transaction to map...

Improving Technical Security 13 March 2019

IPv6 Security for IPv4 Engineers

It is often argued that IPv4 practices should be forgotten when deploying IPv6, as after all IPv6 is a...