Deploy360 25 July 2014

OpenWRT and Open Wireless: Bringing IPv6 and DNSSEC to End Users

Andrew Mcconachie
By Andrew McconachieFormer Intern

Interesting things are happening in the home router space. On July 14th, the OpenWRT project released a new version of their software. Called “Barrier Breaker”, or 14.07-rc1, this is the first open router firmware release aimed at home users to support DNSSEC and IPv6 out of the box. This means that Barrier Breaker will perform DNSSEC validation when acting as your recursive DNS server. For IPv6, OpenWRT had previously required manual configuration of IPv6. This had the downside of requiring users of OpenWRT to understand a bit about IPv6. With Barrier Breaker, OpenWRT now supports DHCPv6 and Stateless Address Autoconfiguration(SLAAC). Both of which make it easier for end users to get an IPv6 address quickly and easily.

Imagine an end-user who knows nothing about IPv6, but their ISP happens to issue IPv6 addresses to its customers. They install the latest OpenWRT release, or purchase another device with IPv6 enabled. They receive an IPv6 and an IPv4 address, and since they already have an operating system that supports IPv6 out of the box, they’re now using IPv6. No knowledge or configuration was required on their part. The applications on their machine are hopefully concerned about keeping their eye-balls happy and the packets flowing. This is how deployments happen, this is how we upgrade the Internet.


Another interesting development in the home router space is the Electronic Frontier Foundation(EFF)’s launching of its own home router project. Called Open Wireless, their router firmware is “specifically designed to support secure, shareable Open Wireless networks.” The EFF’s project is based on the CeroWRT project, which is itself based on the OpenWRT project. While probably more focused on launching open access points and general user security, this effort will undoubtably bring DNSSEC and IPv6 functionality to many more users.

The release of OpenWRT Barrier Breaker, and the EFF’s launching of the Open Wireless project mark important milestones in the deployment of DNSSEC and IPv6. If you would like to contribute to OpenWRT, or to the EFF’s Open Wireless project, they’re both looking for volunteers. If you would like to find out more about DNSSEC or IPv6, please visit our basics pages on DNSSEC or IPv6 – or visit our Start Here page to find resources targeted at your type of organization.

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related Posts

Improving Technical Security 15 March 2019

DNS Privacy Frequently Asked Questions (FAQ)

We previously posted about how the DNS does not inherently employ any mechanisms to provide confidentiality for DNS transactions,...

Improving Technical Security 14 March 2019

Introduction to DNS Privacy

Almost every time we use an Internet application, it starts with a DNS (Domain Name System) transaction to map...

Improving Technical Security 13 March 2019

IPv6 Security for IPv4 Engineers

It is often argued that IPv4 practices should be forgotten when deploying IPv6, as after all IPv6 is a...