Deploy360 4 August 2014

IPFire Adds DNSSEC Validation In New Release Via Crowdfunding

By Dan YorkSenior Advisor

ipfire logoWe were pleased to see an announcement from the IPFire open source firewall distribution indicating that DNSSEC validation had been added to their most recent “IPFire 2.15 – Core Update 80” yesterday.  More intriguing to me, perhaps, was that the DNSSEC validation was added to the software distribution via a crowdfunding initiative for their “wishlist”. While I realize this is not unique among software products, it was great to see that some number of IPFire users felt DNSSEC was important enough to donate to prioritize this task.  [Tip for IPFire: It would be nice to know how many users donated rather than just the total amount.]

I will admit I’d not heard of IPFire prior to seeing a tweet about the DNSSEC addition this morning, but in looking at their “About IPFire” page it seems to have the kind of services that I would want in a system like this. (I run a similar type of hardened Linux distribution on my own home server/gateway.)

This news about IPFire is important because getting DNSSEC validation to happen on the edge of local networks is a critical step in the plan for where DNSSEC validation needs to happen. Ideally, of course, we’d get the validation happening in the device operating systems and even applications, but getting the validation on the edge of the local network does minimize the attack surface significantly!

Kudos to the team at IPFire for doing this work – and for the IPFire users who crowdfunded it!

P.S. Do you know of another firewall software distribution that we should add to our list on the plan for DNSSEC validationPlease do let us know as we’d definitely like to expand the list we have there.   And if you don’t know much about DNSSEC, check out our “Start Here” page to learn how to get started…

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related Posts

Improving Technical Security 15 March 2019

DNS Privacy Frequently Asked Questions (FAQ)

We previously posted about how the DNS does not inherently employ any mechanisms to provide confidentiality for DNS transactions,...

Improving Technical Security 14 March 2019

Introduction to DNS Privacy

Almost every time we use an Internet application, it starts with a DNS (Domain Name System) transaction to map...

Improving Technical Security 13 March 2019

IPv6 Security for IPv4 Engineers

It is often argued that IPv4 practices should be forgotten when deploying IPv6, as after all IPv6 is a...