Donate
‹ Back
Deploy360 4 August 2014

IPFire Adds DNSSEC Validation In New Release Via Crowdfunding

Dan York
By Dan YorkDirector, Content and Web Strategy

ipfire logoWe were pleased to see an announcement from the IPFire open source firewall distribution indicating that DNSSEC validation had been added to their most recent “IPFire 2.15 – Core Update 80” yesterday.  More intriguing to me, perhaps, was that the DNSSEC validation was added to the software distribution via a crowdfunding initiative for their “wishlist”. While I realize this is not unique among software products, it was great to see that some number of IPFire users felt DNSSEC was important enough to donate to prioritize this task.  [Tip for IPFire: It would be nice to know how many users donated rather than just the total amount.]

I will admit I’d not heard of IPFire prior to seeing a tweet about the DNSSEC addition this morning, but in looking at their “About IPFire” page it seems to have the kind of services that I would want in a system like this. (I run a similar type of hardened Linux distribution on my own home server/gateway.)

This news about IPFire is important because getting DNSSEC validation to happen on the edge of local networks is a critical step in the plan for where DNSSEC validation needs to happen. Ideally, of course, we’d get the validation happening in the device operating systems and even applications, but getting the validation on the edge of the local network does minimize the attack surface significantly!

Kudos to the team at IPFire for doing this work – and for the IPFire users who crowdfunded it!

P.S. Do you know of another firewall software distribution that we should add to our list on the plan for DNSSEC validationPlease do let us know as we’d definitely like to expand the list we have there.   And if you don’t know much about DNSSEC, check out our “Start Here” page to learn how to get started…

‹ Back

Related articles

Fedora 21 To Have DNSSEC Validation Enabled By Default
Deploy3602 May 2014

Fedora 21 To Have DNSSEC Validation Enabled By Default

By way of a recent tweet from Red Hat's Paul Wouters we learned the great news that the next release...

Google Clarifies DNSSEC Support - Opt In Now, Full Validation Coming Soon
Deploy36022 March 2013

Google Clarifies DNSSEC Support – Opt In Now, Full Validation Coming Soon

After Google's announcement earlier this week of DNSSEC validation support in their Public DNS service, there was some concern and...

Huge News For Internet Security - Google Public DNS Is Now Performing DNSSEC Validation!
Deploy36019 March 2013

Huge News For Internet Security – Google Public DNS Is Now Performing DNSSEC Validation!

In a huge step forward for Internet security today, Google announced that Google's "Public DNS" service is now performing DNSSEC validation....

Join the conversation with Internet Society members around the world