Deploy360 28 December 2012

Weekend Project: Add DNSSEC Validation to an OpenWRT WiFi Device

By Dan YorkSenior Advisor

Looking for a weekend project?  Do you use a WiFi access point based on OpenWRT?

If so, here are some quick instructions about how to install the Unbound DNS resolver that supports DNSSEC validation into OpenWRT.  What this will do is change the DNS resolver in your access point to start performing DNSSEC validation… so as more domains get signed you’ll be able to know that you are, in fact, getting to the correct domain. Plus, with DNSSEC validation available you’ll be able to start playing around with very cool new technologies like the DANE protocol… who knows what you’ll be able to do with it!

The great thing is that it turns out to be a trivial process, which is great to see!

P.S. While you’re hacking on your devices, check out some of the other DNSSEC tools we are listing…

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related Posts

Improving Technical Security 15 March 2019

DNS Privacy Frequently Asked Questions (FAQ)

We previously posted about how the DNS does not inherently employ any mechanisms to provide confidentiality for DNS transactions,...

Improving Technical Security 14 March 2019

Introduction to DNS Privacy

Almost every time we use an Internet application, it starts with a DNS (Domain Name System) transaction to map...

Improving Technical Security 13 March 2019

IPv6 Security for IPv4 Engineers

It is often argued that IPv4 practices should be forgotten when deploying IPv6, as after all IPv6 is a...